HookBot Android Malware Leak

HookBot Android Malware Leak

vRar

A new Android malware named 'Hook' is being sold by cybercriminals, boasting it can remotely take over mobile devices in real-time using VNC (virtual network computing).The new malware is promoted by

Android Android 5.0Malicious Scripts
( 95 ratings )
Price: $0
File HookBot
Publisher
Genre Malicious Scripts
Size 176kb
File Type Rar
Os All
Mod Version Rar
Report Report
HookBot is the most famous version in the HookBot series of publisher
Download

A new Android malware named ‘Hook’ is being sold by cybercriminals, boasting it can remotely take over mobile devices in real-time using VNC (virtual network computing).

The new malware is promoted by the creator of Ermac, an Android banking trojan selling for $5,000/month that helps threat actors steal credentials from over 467 banking and crypto apps via overlaid login pages.

Despite its origin, Hook is an evolution of Ermac, offering an extensive set of capabilities that make it a more dangerous threat to Android users.

One new feature of Hook compared to Ermac is the introduction of WebSocket communication that comes in addition to HTTP traffic used exclusively by Ermac. The network traffic is still encrypted using an AES-256-CBC hardcoded key.

The highlight addition, however, is the ‘VNC’ module that gives threat actors the capability to interact with the user interface of the compromised device in real-time.

Hook’s new (in addition to Ermac’s) commands can perform the following actions:

  • Start/stop RAT
  • Perform a specific swipe gesture
  • Take a screenshot
  • Simulate click at specific text item
  • Simulate a key press (HOME/BACK/RECENTS/LOCK/POWERDIALOG)
  • Unlock the device
  • Scroll up/down
  • Simulate a long press event
  • Simulate click at a specific coordinate
  • Set clipboard value to a UI element with specific coordinates value
  • Simulate click on a UI element with a specific text value
  • Set a UI element value to a specific text

Apart from the above, a “File Manager” command turns the malware into a file manager, allowing the threat actors to get a list of all files stored in the device and download specific files of their choice.

Another notable command that ThreatFabric found concerns WhatsApp, allowing Hook to log all messages in the popular IM app and even allowing the operators to send messages via the victim’s account.



Recommended for You

You may also like

Comments

Your email address will not be published. Required fields are marked *

Next Post X
Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.