Cybersecurity researchers have identified a new variant of the Android banking trojan HOOK that utilizes ransomware-style overlay screens for extortion. The malware is highly sophisticated, supporting numerous remote commands and expanding its target scope to include various financial and cryptocurrency apps. #HOOK #ERMAC #Anatsa #Joker #Harly
Keypoints
- The HOOK trojan now features ransomware overlays triggered by C2 commands to extort victims.
- It can steal credentials, send SMS, stream screens, and control cameras through advanced capabilities.
- Recent updates add commands for fake NFC scans, PIN collection, and gesture recording to deceive users.
- HOOK is widely distributed via phishing sites and fake repositories on platforms like GitHub.
- Additionally, the Anatsa trojan has expanded its reach, infecting over 831 financial apps globally and employing anti-analysis techniques.
Read More: https://thehackernews.com/2025/08/hook-android-trojan-adds-ransomware.html