Android users are facing a significant cybersecurity threat as the notorious HOOK banking trojan has evolved into a more sophisticated and dangerous variant. Known as HOOK Version 3, this malware now combines elements of banking fraud, ransomware, and spyware, making it one of the most advanced mobile threats identified to date.
A New Breed of Hybrid Malware
Zimperium’s zLabs research team has uncovered that HOOK Version 3 introduces a staggering 107 remote commands, 38 of which are newly added.
These capabilities allow attackers to manipulate devices in unprecedented ways, including deploying full-screen ransomware overlays demanding cryptocurrency payments, using fake NFC scans to trick users into revealing sensitive data, and capturing user gestures through transparent overlays.
Ransomware, Phishing, and Surveillance All Rolled Into One
Among its new tricks, the trojan can:
- Deploy full-screen ransomware overlays demanding cryptocurrency.
- Use fake NFC scans to trick users into revealing sensitive data.
- Show deceptive unlock screens to capture PINs or pattern codes.
- Record user gestures via transparent overlays, hijack sessions, and even stream the device screen in real time.
These features demonstrate the malware’s ability to not only steal financial information but also to monitor and control infected devices remotely.
A Trojan Evolution From Phishing Sites to GitHub
HOOK’s metamorphosis enables it to now host malicious APKs on GitHub. Which is eroding the legitimacy of the platform as well as deceiving even more naive users.
The malware also shares tenancy with other trojans like Ermac and Brokewell, indicating a coordinated malware-as-a-service ecosystem.
While the new Hook variant is spreading on GitHub, a Google spokesperson said no apps containing the malware have been found in the Google Play store.
“Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services,” the spokesperson said. “Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”
Protecting Yourself from HOOK Version 3
To safeguard against HOOK Version 3 and similar threats, Android users should:
- Download apps only from trusted sources, such as the Google Play Store.
- Enable Google Play Protect to scan for malicious apps.
- Be cautious of apps requesting unnecessary permissions, especially those seeking access to accessibility services.
- Regularly update your device’s operating system and apps to patch security vulnerabilities.
- Use reputable mobile security solutions to detect and block threats.
By staying vigilant and following these best practices, users can reduce the risk of falling victim to HOOK Version 3 and other mobile malware threats.