Skip to Content
ERMAC banking trojan
© Suttipun Degad | Dreamstime.com
Security & privacy

This dangerous, password-stealing malware spreads through bad apps

You must always be vigilant against online threats. For all the good that a connected society has brought to the world, there will always be criminals that ruin it for everyone.

And often, the criminals don’t stop developing their tricks or scams. So if one method is successful, you can be sure that it will get a few tweaks to make it even more dangerous. For example, the ERMAC banking Trojan targeted 378 applications a year ago.

Researchers have now discovered an updated version that can target more applications. Read on to see what makes this malware so dangerous and what you can do about it.

Here’s the backstory

A hacker showed up on cybercrime forums in 2021, renting out his ERMAC Trojan for $3,000 a month. The criminal claimed that it could target 378 applications and steal banking passwords, usernames, email addresses and wallet funds.

But the hacker has since tinkered with the code, as Cyble Research Labs found an upgraded version available for rent at $5,000 per month. It can now target 467 applications, stealing vast amounts of personal and banking information.

It is unclear as to the origin of the ERMAC name. But in the hugely popular fighting video game franchise Mortal Kombat, Ermac is a red-clad ninja character that uses telekinesis during fights. His name comes from a diagnostics menu in the first game that displayed the text “error macro” as ERMACS.

ERMAC malware spreads through spoofed Android applications. Criminals will change the names slightly of popular apps, hoping you won’t notice the difference and download the malicious version. It can also spread through fake browser updates.

Here are some things the malicious apps can do when installed:

  • Automatically trigger a phone call to premium numbers.
  • It can send, receive and read text messages.
  • Access contact details and telephone numbers.
  • Read and write to external storage.
  • Record audio.

Cybercriminals can also steal credentials from crypto wallets and several international banking applications. Unfortunately, the list of malicious apps has not been made public. The best way to stay protected is to take safety precautions. Keep reading for some suggestions.

What you can do about it

One way to stay safe is to never download applications from third-party app stores. Always stick with the Google Play Store or the Apple App Store for apps. These app stores have more robust vetting procedures that help keep malicious apps from showing up.

Here are some other tips:

  • Before downloading an app, read through the reviews or comments to see if others have had problems. It would be best to steer clear of apps with low ratings.
  • Where available, set up two-factor authentication (2FA). This creates an extra layer of security on your online accounts. Tap or click here for a detailed look at 2FA.
  • Never give away more information than needed, and check which permissions an app requires. For example, there is no reason why a weather app needs your email address or telephone number. Tap or click here for ways to check app permissions.
  • Never click on pop-up banners or advertising that claims your browser or software is old. If an update is available, you should only install it from the official source.
  • Use biometric identification for apps that contain sensitive information. This ensures that nobody else can access the app or your accounts.
  • Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!

Keep reading

Windows malware can steal social media credentials, banking logins and more

Check for this banking malware that can take control of your phone

Komando.com App background

Check out the free Komando.com App!

Get tech updates and breaking news on the go with the Komando.com App, available in the Apple and Google Play app stores.

Get it today