Technology

Dangerous new “Hook” Android malware allows hackers to control your phone remotely

January 23, 2023

Cybersecurity experts have warned of a new Android malware that can take over the target end point (opens in new tab) and use it to steal data, exfiltrate personally identifiable information (PII), and conduct financial transactions.

Discovered by researchers at security firm ThreatFabric, the malware is called Hook and can be bought on the Dark Web.

In his report (opens in new tab), the ThreatFabric team notes that Hook is essentially a banking Trojan. In terms of code, it appears to be quite similar to Ermac, another popular Trojan, and even shares numerous features with the notorious malware. However, there are some standout features including the use of VNC (Virtual Network Computing) to take over the mobile device. Hook also has WebSocket communication capabilities and encrypts its traffic with the hard-coded AES-256-CBC key.

Unique features

Other notable features of Hook include performing specific swipe gestures, taking screenshots, simulating key presses, scrolling, and simulating a long press event. The malware can also be used as a file manager app, the researchers warned, allowing users to list all files residing on the endpoint and exfiltrate those they deem worthy.

“This capability joins Hook in the ranks of malware families capable of performing a full DTO and completing a full fraud chain from PII exfiltration to transaction with all intermediate steps without the need for additional channels” , warns the team .

“This type of operation is much harder to detect by fraud rating engines and is the main selling point for Android bankers.”

The silver lining, as is common with Android devices, is that the user must grant Accessibility Service permissions for the malware to reach its true potential. Those who do this can also expect their location to be exposed, as Hook is also capable of abusing the “Access Fine Location” permission.

Apparently, attack targets are scattered around the world, with researchers finding compromised devices in the US, UK, Spain, Poland, Portugal, Italy, France, Canada, Australia and Turkey.

Above: Beeping computer (opens in new tab)

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar