This dangerous, password-stealing malware spreads through bad apps

May 31, 2022

By Kim Komando

You must always be vigilant against online threats. For all the good that a connected society has brought to the world, there will always be criminals that ruin it for everyone.

And often, the criminals don’t stop developing their tricks or scams. So if one method is successful, you can be sure that it will get a few tweaks to make it even more dangerous. For example, the ERMAC banking Trojan targeted 378 applications a year ago.

Researchers have now discovered an updated version that can target more applications. Read on to see what makes this malware so dangerous and what you can do about it.

Here’s the backstory

A hacker showed up on cybercrime forums in 2021, renting out his ERMAC Trojan for $3,000 a month. The criminal claimed that it could target 378 applications and steal banking passwords, usernames, email addresses and wallet funds.

But the hacker has since tinkered with the code, as Cyble Research Labs found an upgraded version available for rent at $5,000 per month. It can now target 467 applications, stealing vast amounts of personal and banking information.

It is unclear as to the origin of the ERMAC name. But in the hugely popular fighting video game franchise Mortal Kombat, Ermac is a red-clad ninja character that uses telekinesis during fights. His name comes from a diagnostics menu in the first game that displayed the text “error macro” as ERMACS.

ERMAC malware spreads through spoofed Android applications. Criminals will change the names slightly of popular apps, hoping you won’t notice the difference and download the malicious version. It can also spread through fake browser updates.

Here are some things the malicious apps can do when installed:

Cybercriminals can also steal credentials from crypto wallets and several international banking applications. Unfortunately, the list of malicious apps has not been made public. The best way to stay protected is to take safety precautions. Keep reading for some suggestions.

What you can do about it

One way to stay safe is to never download applications from third-party app stores. Always stick with the Google Play Store or the Apple App Store for apps. These app stores have more robust vetting procedures that help keep malicious apps from showing up.

Here are some other tips:

Keep reading

Windows malware can steal social media credentials, banking logins and more

Check for this banking malware that can take control of your phone

https://www.komando.com/tips/software-and-apps/ermac-banking-trojan/