Hydra Banking Trojan

Threat actors are using an invasive Android banking Trojan named Hydra to target the customers of Commerzbank, one of Germany's biggest banks, specifically. The cybercriminals were spreading their threatening tool under the guise of a PDF document manager. The fake application was even able to bypass the defensive mechanisms of the Google Play Store for a while but has since been removed. Still, the threat is being distributed on third-party app stores, such as apkaio.com and apkcombo.com. Furthermore, users that have already downloaded the application will have to manually clean their devices, preferably with a professional anti-malware solution.

Once activated on the user's Android device, Hydra will ask for over 20 wide-reaching permissions. If granted to it, the threat will be able to perform numerous invasive actions on the device. While running silently in the background, Hydra could monitor or even intercept any incoming or outgoing data. The threat can modify the Wi-Fi settings, access the breached device's contact list, and modify any external storage connected to it. Hydra can initiate phone calls, send SMS messages, install additional applications and display system alerts. If fully established, the Hydra banking Trojan can take screenshots, and collect one-time passwords, as well as the PIN used to unlock the device's screen.

To remain unnoticed, the malware hides its own icon and disables the Play Protect on the device. Furthermore, to mask its abnormal traffic, Hydra utilizes encrypted TOR communication.