The source code for ERMAC v3, a sophisticated Android banking trojan, has been leaked online, revealing detailed malware infrastructure and capabilities. This leak could lead to increased threat activity and harder-to-detect variants targeting over 700 apps, undermining financial security. #ERMAC #AndroidBankingTrojan
Keypoints
- ERMAC v3.0 core code was discovered in an open directory by Hunt.io researchers in March 2024.
- The malware now targets over 700 banking, shopping, and cryptocurrency apps, with expanded data theft features.
- The latest version includes enhanced form-injection techniques, encrypted communication, and remote control capabilities.
- The exposed infrastructure includes C2 servers, panels, and exfiltration servers with operational security failures.
- The leak reduces trust in ERMACβs malware-as-a-service platform and may lead to more sophisticated future variants.