This dangerous, password-stealing malware spreads through bad apps
You must always be vigilant against online threats. For all the good that a connected society has brought to the world, there will always be criminals that ruin it for everyone.
And often, the criminals don’t stop developing their tricks or scams. So if one method is successful, you can be sure that it will get a few tweaks to make it even more dangerous. For example, the ERMAC banking Trojan targeted 378 applications a year ago.
Researchers have now discovered an updated version that can target more applications. Read on to see what makes this malware so dangerous and what you can do about it.
Here’s the backstory
A hacker showed up on cybercrime forums in 2021, renting out his ERMAC Trojan for $3,000 a month. The criminal claimed that it could target 378 applications and steal banking passwords, usernames, email addresses and wallet funds.
But the hacker has since tinkered with the code, as Cyble Research Labs found an upgraded version available for rent at $5,000 per month. It can now target 467 applications, stealing vast amounts of personal and banking information.
It is unclear as to the origin of the ERMAC name. But in the hugely popular fighting video game franchise Mortal Kombat, Ermac is a red-clad ninja character that uses telekinesis during fights. His name comes from a diagnostics menu in the first game that displayed the text “error macro” as ERMACS.
ERMAC malware spreads through spoofed Android applications. Criminals will change the names slightly of popular apps, hoping you won’t notice the difference and download the malicious version. It can also spread through fake browser updates.
Here are some things the malicious apps can do when installed:
- Automatically trigger a phone call to premium numbers.
- It can send, receive and read text messages.
- Access contact details and telephone numbers.
- Read and write to external storage.
- Record audio.
Cybercriminals can also steal credentials from crypto wallets and several international banking applications. Unfortunately, the list of malicious apps has not been made public. The best way to stay protected is to take safety precautions. Keep reading for some suggestions.
What you can do about it
Popular antivirus broke Microsoft Edge - Here's how to fix it
Last year, there were nearly 2,000 reports of data breaches in the U.S., the highest number ever reported. That’s just one example of why it’s essential to keep your own devices safe from security risks.
That starts with a solid antivirus program for your computer and smartphone. Many free apps don’t have your best interest in mind and could be putting your device at risk. Tap or click here for free antivirus and cleaning apps you should delete.
These free antivirus and cleaning apps are putting your phone at risk - Delete them now
You’re never 100% safe from cyberattacks, no matter how careful you are. From malware to viruses to breaches, the best you can do is take precautions to lower your risk.
You may think it’s easy to detect a hacker on your phone. It’s not. The longer a hack goes undetected, the more damage it can do. Tap or click here to learn about signs that your phone is under attack.
See this one-word subject line in your inbox? It's a phishing scam red flag
Email scams often contain elaborate details to entice you into clicking a link or opening an attachment. Usually, there is some heartfelt backstory to why you must open that document or a severe threat of what will happen if you don’t.
Still haven't filed? Avoid these last-minute tax scams
Tax Day is less than a week away. That’s right. You have until Monday, April 18.
Did you file federal tax income for 2018? If not, you may have a refund waiting to be claimed. The deadline for that is the same as the one to file your 2021 taxes. Tap or click here for more information on claiming what could be hundreds of dollars.
Don't click that link! New phishing emails could be very hard to spot
Many websites that provide a service or information let you sign up for their newsletter. Sent out a few times a month, it usually includes details about upcoming deals, company news or service improvements. Tap or click here for information about getting Kim’s newsletters.
Use a payment app? New scam stealing thousands from unsuspecting victims
There are plenty of dangers associated with online shopping. User-driven platforms like eBay and Facebook Marketplace are hotspots for scammers trying to tell fake products or not shop the items.
If that isn’t enough to put you off from shopping online, several other scams can be more damaging to your wallet. Cybercriminals will often go out of their way to launch sophisticated phishing scams to make a quick buck.
The White House issued a cybersecurity list but forgot these vital steps
Though the Russia-Ukraine war seems like something happening far away, its impact has already reached our shores. We’re seeing it in fake emails and social media posts seeking financial aid for the “victims” of the conflict.
Don’t fall for these malware-filled emails impersonating the IRS
Tax season is in full swing, but time is running out if you haven’t submitted them yet. It’s not just regular taxpayers who feel the deadline inching closer. Scammers are also looking to make a quick buck.
Cybercriminals are again impersonating agents from the Internal Revenue Service (IRS), employing all the tricks in their malicious arsenal. In addition, scammers are sending out emails that could infect your device with malware.
Before you click a PayPal link, read this warning - Sign it's really a phishing scam
There are several ways to send and receive money worldwide, but almost half a billion users prefer PayPal. The payment system is so popular that in the last quarter of 2021, it processed 5.3 billion transactions. Tap or click here for the PayPal account limited phishing text claims.
Update your PC! Patch Tuesday fixes nearly 50 software issues
If you don’t know by now, the second Tuesday of every month has officially become known as Patch Tuesday. Most software developers chose this day to release security patches and firmware updates. Tap or click here for seven free alternatives to Microsoft Word.
That Zoom invite might be a clever phishing trick - Red flags to watch for
Even though people are returning to work in their offices, video conferencing is still common. We’ve been bitten by the video chat bug and regularly have virtual meetings with coworkers and chat with loved ones and friends through webcams and smartphones.
The big reason the spam in your inbox is about to get a lot more convincing
Phishing scams involve gaining a user’s trust by imitating a known company or service. A scam can target you with a phony email from your streaming service provider, for example. They’ll ask for your login credentials or payment for a bill that doesn’t exist.