{"id":454353,"date":"2022-05-28T21:36:13","date_gmt":"2022-05-28T18:36:13","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/android-malware-that-steals-passwords-puts-billions-of-users-at-risk\/"},"modified":"2022-05-28T21:36:13","modified_gmt":"2022-05-28T18:36:13","slug":"android-malware-that-steals-passwords-puts-billions-of-users-at-risk","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/android-malware-that-steals-passwords-puts-billions-of-users-at-risk\/","title":{"rendered":"#Android malware that steals passwords puts billions of users at risk"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a36ea63b1fd2\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a36ea63b1fd2\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/android-malware-that-steals-passwords-puts-billions-of-users-at-risk\/#%E2%80%9CAndroid_malware_that_steals_passwords_puts_billions_of_users_at_risk%E2%80%9D\" >&#8220;Android malware that steals passwords puts billions of users at risk&#8221;<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/android-malware-that-steals-passwords-puts-billions-of-users-at-risk\/#How_does_it_work\" >How does it work?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/android-malware-that-steals-passwords-puts-billions-of-users-at-risk\/#How_to_protect_yourself\" >How to protect yourself<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9CAndroid_malware_that_steals_passwords_puts_billions_of_users_at_risk%E2%80%9D\"><\/span>&#8220;Android malware that steals passwords puts billions of users at risk&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div>\n<aside class=\"single__inline-module alignleft\">\n<\/aside>\n<p>A dangerous new malware that targets Android devices has been uncovered by cybersecurity experts.<\/p>\n<p>In 2021, researchers discovered a\u00a0malware\u00a0designated ERMAC that was attacking\u00a0Android\u00a0devices.<\/p>\n<p>Now, cybersecurity experts from ESET have found that a new version of the Banking trojan \u2013 dubbed ERMAC 2.0 \u2013 is active.<\/p>\n<p>The malware targets\u00a0Android devices via 467 <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>s that steal users\u2019 credentials and bank information.<\/p>\n<p>ERMAC 2.0 does this by impersonating popular and genuine apps, according to cybersecurity experts.<\/p>\n<p><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/blog.cyble.com\/2022\/05\/25\/ermac-back-in-action\/\">Cyble Research Labs<\/a>\u00a0also found that threat actors can rent the malware for a hefty monthly fee of $5,000.<\/p>\n<p>ERMAC 1.0, which was discovered officially in August 2021, utilized 378 apps and was being rented for $3,000 a month.<\/p>\n<p>\u201cWe have observed that the ERMAC 2.0 is being delivered through fake sites,\u201d Cyble Labs noted in a blog post.<\/p>\n<p>The experts added that EMRAC 2.0 also spreads through fake browser update sites.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"How_does_it_work\"><\/span>How does it work?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Once someone installs ERMAC 2.0 via a fraudulent app, the malware requests as many as 43 permissions from their device.<\/p>\n<p>These permissions, if granted, may enable the bad actors to take full control of a victim\u2019s device.<\/p>\n<p>Other permissions can get the hackers SMS access, contact access, system alert window creation, audio recording, or full storage read and write access.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"682\" src=\"https:\/\/nypost.com\/wp-content\/uploads\/sites\/2\/2022\/05\/malware-03.jpg?w=1024\" alt=\"ERMAC 2.0 impersonates popular and genuine apps, according to cybersecurity experts.\" class=\"wp-image-22451639\" srcset=\"https:\/\/nypost.com\/wp-content\/uploads\/sites\/2\/2022\/05\/malware-03.jpg?quality=75&amp;strip=all&amp;w=1535 1536w, https:\/\/nypost.com\/wp-content\/uploads\/sites\/2\/2022\/05\/malware-03.jpg?quality=75&amp;strip=all 1024w, https:\/\/nypost.com\/wp-content\/uploads\/sites\/2\/2022\/05\/malware-03.jpg?quality=75&amp;strip=all&amp;w=512 512w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"\/><figcaption>ERMAC 2.0 impersonates popular and genuine apps, according to cybersecurity experts.<\/figcaption><figcaption><span class=\"credit\">Getty Images\/iStockphoto<\/span><\/figcaption><\/figure>\n<p>Certain permissions can also create a list of apps installed on the victim\u2019s device and share that data with the hacker\u2019s C2 server, according to\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.techradar.com\/news\/this-android-malware-targets-passwords-from-almost-500-apps\">Tech Radar.<\/a><\/p>\n<p>This can result in a complex phishing scheme that harvests the user\u2019s data whenever they try to log onto the affected app.<\/p>\n<p>Some\u00a0phishing pages being used to trick the victims include banking applications such as Japan\u2019s\u00a0bitbank, India\u2019s\u00a0IDBI Bank, Australia\u2019s Greater Bank, and Boston-based\u00a0Santander Bank, per\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.phonearena.com\/news\/android-banking-malware-ermac-2_id140401\">Phone Arena.<\/a><\/p>\n<h2><span class=\"ez-toc-section\" id=\"How_to_protect_yourself\"><\/span>How to protect yourself<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Several restrictions placed on\u00a0Accessibility Service abuse protect devices running Android 11 and 12, according to\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-ermac-20-android-malware-steals-accounts-wallets-from-467-apps\/\">BleepingComputer<\/a>.<\/p>\n<p>However, users are still advised to avoid downloading apps from outside Google\u2019s Play Store.<\/p>\n<p>Even if an app is on Google\u2019s Play Store, users should remain vigilant about its legitimacy.<\/p>\n<p><em>This story originally appeared on\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.the-sun.com\/tech\/5429911\/android-warning-billions-malware-passwords\/\">The Sun<\/a>\u00a0and was reproduced here with permission.<\/em>\n                        <\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/news\/\" target=\"_blank\" rel=\"noopener\">News category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/nypost.com\/2022\/05\/28\/android-malware-that-steals-passwords-puts-billions-of-users-at-risk\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;Android malware that steals passwords puts billions of users at risk&#8221; A dangerous new malware that targets Android devices has been uncovered by cybersecurity experts. In 2021, researchers discovered a\u00a0malware\u00a0designated ERMAC that was attacking\u00a0Android\u00a0devices. Now, cybersecurity experts from ESET have found that a new version of the Banking trojan \u2013 dubbed ERMAC 2.0 \u2013 is&#8230;<\/p>\n","protected":false},"author":1,"featured_media":454354,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/nypost.com\/wp-content\/uploads\/sites\/2\/2022\/05\/malware-comp.jpg?quality=75&strip=all&w=1024","fifu_image_alt":"","footnotes":""},"categories":[70897],"tags":[75857,129702,39382,26293,70944,89710],"class_list":["post-454353","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-malware","tag-5-28-22","tag-android","tag-google","tag-hackers","tag-passwords"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/454353","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=454353"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/454353\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/454354"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=454353"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=454353"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=454353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}