Suspicion: a new malicious program has just been detected on Android. It goes by the name of Hook and is able to remotely take control of infected smartphones. It can thus precisely locate the user, take screenshots, unlock the device, etc.
One new Android malware named “Hook” is being sold online by cybercriminals, with the group touting that it can take remote smartphone control.
This new malware is developed by the creator of Ermac, an Android banking trojan sold for $5,000 per month that helps steal credentials from over 467 banking apps through overlaying login pages.
Hook, a more dangerous Android malware
Despite its origin, Hook is an evolution of Ermac, offering a full set of features that make it a more dangerous threat for Android users.
A new feature of Hook compared to Ermac is the introduction of WebSocket communication which comes on top of the HTTP traffic used exclusively by Ermac. The most important addition, however, is the VNC module which gives threat actors the ability to interact with the compromised device’s user interface in real time.
Read: Your bank account is in danger, Android malware steals your credentials
Hook can perform the following actions:
- Perform a specific swipe gesture
- Take a screenshot
- Simulate a click on a specific text element
- Simulate a key press
- Unlock the device
- Scroll up, down
- Set UI element value to specific text
- Locate User
Besides the above, a command turns the malware into a file manager, allowing hackers to get a list of all files stored on the device and download specific files of their choice.
Currently, Hook is distributed as Google Chrome APK under the package names “com.lojibiwawajinu.guna”, “com.damariwonomiwi.docebi”, “com.damariwonomiwi.docebi” and “com.yecomevusaso .pisifo”, but of course this could change at any time.
Source : ThreatFabric
