A dangerous malware is once again on Android! Called Hook, it allows you to take control of a mobile to steal sensitive information and targets both bank apps and cryptocurrency wallets.

A dangerous malware is once again on Android Called Hook

A dangerous malware is once again on Android! Called Hook, it allows you to take control of a mobile to steal sensitive information and targets both bank apps and cryptocurrency wallets.

New malware is wreaking havoc on Android – what a surprise! Baptized Hook (hook in French, like the famous pirate captain in Peter Pan), it was discovered by researchers from ThreatFabric on a black market specializing in piracy, where it was offered for sale by DukeEugene. The latter is no stranger given that he has already developed the Emac Trojan, an extremely popular malware that siphons authentication information, and therefore victims’ banking data, from more than 467 banking applications. via overlaid login pages. The two viruses also have many similarities in their code, which makes Hook a sort of evolved form of Emac. Its goal: to allow hackers to take remote control of an Android mobile.

Malware Hook: a more dangerous version of Emac

Hook is extremely vicious malware. Once installed on the victim’s smartphone, the virus requests access to Android’s accessibility features, designed for the visually impaired. Once this is achieved, he takes control of the terminal without his target realizing it. But the novelty compared to Emac is that it embeds the Virtual Network Computing (VNC) module, which gives the hacker the possibility of interacting with the user interface of the compromised device in real time. As a result, it allows him to establish a connection between the operating system and remote servers, which allows him to perform the following actions:

  • Interact with the smartphone’s Android interface
  • Fill text boxes,
  • Intercept SMS, especially confirmation
  • Take a screenshot
  • Simulate a click on a specific text element
  • Simulate a key press
  • Unlock the device
  • Scroll up and down
  • Locate the victim.
A screenshot of the advertising feed panel to interact with the user interface. © ThreatFabric

Malware Hook: banking and cryptocurrency applications targeted

All of these commands make it easier to steal sensitive information. But that’s not all, because a command turns the malware into a file manager, which allows hackers to get a list of all files and images stored on the device and download those they find useful. It also preys on cryptocurrency owners by extracting the recovery phrases that secure a digital wallet – much like a password. The virus attacks many popular wallets, namely:

  • bitcoin-wallet
  • Trust Crypto & Bitcoin Wallet
  • Mycelium Bitcoin Wallet
  • Blockchain Wallet. Bitcoin, Bitcoin Cash, Ethereum
  • Samurai Wallet,
  • Coinbase Wallet Crypto Wallet & DApp Browser
  • Metamask: Buy, Send and Swap Crypto
  • SafePal Crypto wallet BTC NFTs.

As for more “basic” applications, it targets both electronic mailboxes, banking applications such as My Accounts BNP Paribas, CIC or Axa Banque France, smartphone security and cleaning apps, Airbnb or even Tinder – the rest of the list of apps attacked by the malware can be found at the end of TheatFabruic’s article. Finally, Hook can also infiltrate his victim’s WhatsApp account in order to send messages on his behalf, which allows hackers to spread viruses and other phishing links.

The United States, Australia, Canada, United Kingdom and France are among the top 10 countries most affected by Hook, but other regions have also been seriously affected by the malware. For now, there is no real way to protect yourself from it, except to take the usual precautions. So, it is better to only download apps from trusted sources, from known developers, and not follow suspicious links sent by message. It is also recommended to limit the number of applications installed on your phone to the essentials and to uninstall them as soon as they are no longer needed. If an application asks for special permissions that it theoretically does not need – a game of Solitaire in theory does not need the geolocation of the user for example – it is better to be wary. Finally, the best thing is to have an antivirus in the background to check a second time that malicious behavior is not at work in the background…