eBook
A Hands-On Guide Using Hunt.io’s Threat Intelligence Platform
Ermac is an Android banking trojan that steals user credentials. It watches for when target apps (like banking or social media) are launched and then quickly overlays the screen with a fake login interface and tricks the user into entering their sensitive info.
Mechanism and Functionality
Ermac uses Android’s overlay and accessibility features to detect when specific apps are opened. When a target app is launched, it overlays a fake screen that looks like the legit app’s login interface and captures the user’s credentials without them knowing.
Attack Techniques
This trojan uses a dynamic approach to capture data. It’s programmed to activate only when it detects high value apps (like banking and finance) are launched. By triggering its screen-overwriting function only when needed, Ermac minimizes its footprint and evades casual detection.
Impact and Evolution
Over time Ermac has gotten more sophisticated, it evolves with mobile security. It’s so integrated into the Android ecosystem that even a moment of distraction can result to significant financial and personal data loss.
Update your Android OS and apps to the latest version.
Install apps only from trusted sources like Google Play.
Use reputable mobile security software to detect suspicious behavior.
Don’t click on suspicious links and verify the login screens.
