Cybersecurity researchers have uncovered a new variant of an Android banking trojan known as HOOK, which now incorporates ransomware-style overlays that present extortion messages to its victims. According to Vishnu Pratapagiri, a researcher at Zimperium zLabs, a key feature of this latest HOOK variant is its ability to deploy a full-screen ransomware overlay that pressures users into paying a ransom, displaying a cautionary message alongside a wallet address and a specific amount demanded. This overlay is remotely activated through commands issued by the command-and-control (C2) server, and it can be dismissed if the attacker sends a specific command.
HOOK is considered an evolution of the ERMAC banking trojan, which recently had its source code leaked online. This malware can show fake overlay screens designed to steal user credentials from financial apps and employs Android accessibility services to automate fraudulent activities and take control of devices.
The new version supports 107 remote commands—38 of which are newly added—enabling it to capture user gestures with transparent overlays, display deceptive prompts for obtaining lockscreen PINs, and imitate NFC functionalities to harvest sensitive data.
Distribution methods include phishing websites and fake repositories on GitHub, where numerous Android malware families, like ERMAC and Brokewell, have been found. The evolution of HOOK marks a merging of banking trojans with spyware and ransomware tactics, raising the stakes for financial institutions and end-users alike.
Furthermore, Zscaler’s ThreatLabs have reported an update to the Anatsa banking trojan, which has broadened its target range to encompass over 831 banking and cryptocurrency services globally, up from 650 previously identified. Anatsa uses various evasion techniques and now embeds a dropper app disguised as a file manager to facilitate its installation.
In total, Zscaler has flagged 77 malicious apps from different malware families, including Anatsa and Joker, present in the Google Play Store with over 19 million installations. Researchers emphasize that both HOOK and Anatsa’s continued evolution underscores the growing risks posed by sophisticated mobile malware in the cybersecurity landscape.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.