SYMBOLCOMMON_NAMEaka. SYNONYMS
apk.ermac (Back to overview)

ERMAC

According to Intel471, ERMAC, an Android banking trojan enables bad actors to determine when certain apps are launched and then overwrites the screen display to steal the user's credentials

References
2023-10-03Twitter (@ShilpeshTrivedi)Shilpesh Trivedi
@online{trivedi:20231003:about:ce99df5, author = {Shilpesh Trivedi}, title = {{Tweet about possible Rebranding/Deriviate for ERMAC called Rusty Droid}}, date = {2023-10-03}, organization = {Twitter (@ShilpeshTrivedi)}, url = {https://twitter.com/ShilpeshTrivedi/status/1709096404835356883}, language = {English}, urldate = {2023-10-09} } Tweet about possible Rebranding/Deriviate for ERMAC called Rusty Droid
ERMAC
2022-12-08ThreatFabricThreatFabric
@online{threatfabric:20221208:zombinder:e82734d, author = {ThreatFabric}, title = {{Zombinder: new obfuscation service used by Ermac, now distributed next to desktop stealers}}, date = {2022-12-08}, organization = {ThreatFabric}, url = {https://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html}, language = {English}, urldate = {2022-12-08} } Zombinder: new obfuscation service used by Ermac, now distributed next to desktop stealers
ERMAC Xenomorph
2022-11-25ResecurityResecurity
@online{resecurity:20221125:in:8e040c2, author = {Resecurity}, title = {{"In The Box" - Mobile Malware Webinjects Marketplace}}, date = {2022-11-25}, organization = {Resecurity}, url = {https://resecurity.com/blog/article/in-the-box-mobile-malware-webinjects-marketplace}, language = {English}, urldate = {2022-12-07} } "In The Box" - Mobile Malware Webinjects Marketplace
Alien Cerberus Coper ERMAC Hydra
2022-08-31Intel 471Intel 471 Malware Intelligence team
@online{team:20220831:ermac:09848eb, author = {Intel 471 Malware Intelligence team}, title = {{ERMAC 2.0: Perfecting the Account Takeover}}, date = {2022-08-31}, organization = {Intel 471}, url = {https://intel471.com/blog/rmac-2-0-perfecting-the-art-of-account-takeover}, language = {English}, urldate = {2022-09-01} } ERMAC 2.0: Perfecting the Account Takeover
ERMAC
2022-05-25cybleCyble Research Labs
@online{labs:20220525:ermac:57e992b, author = {Cyble Research Labs}, title = {{ERMAC Back In Action: Latest Version Of Android Banking Trojan Targets Over 400 Applications}}, date = {2022-05-25}, organization = {cyble}, url = {https://blog.cyble.com/2022/05/25/ermac-back-in-action/}, language = {English}, urldate = {2022-05-29} } ERMAC Back In Action: Latest Version Of Android Banking Trojan Targets Over 400 Applications
ERMAC
2021-10-06Twitter (@ESETresearch)ESET Research
@online{research:20211006:ermac:62d2cc4, author = {ESET Research}, title = {{Tweet on ERMAC android malware}}, date = {2021-10-06}, organization = {Twitter (@ESETresearch)}, url = {https://twitter.com/ESETresearch/status/1445618031464357888}, language = {English}, urldate = {2021-10-20} } Tweet on ERMAC android malware
ERMAC
2021-09-22ThreatFabricThreatFabric
@online{threatfabric:20210922:ermac:0100dc1, author = {ThreatFabric}, title = {{ERMAC - another Cerberus reborn}}, date = {2021-09-22}, organization = {ThreatFabric}, url = {https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html}, language = {English}, urldate = {2022-03-14} } ERMAC - another Cerberus reborn
AmpleBot Cerberus ERMAC

There is no Yara-Signature yet.