Join Our Popular Newsletter
Join 4,500+ Linux & Open Source Professionals!
2x a month. No spam.
New Hook malware for Android discovered by researchers
ThreatFabric cybersecurity researchers have discovered a new type of Android malware known as ‘Hook.’ Hackers can use the malware to gain remote control of an infected device and steal sensitive information such as login credentials and financial information.
Hook, according to the researchers, is distributed via malicious apps downloaded from third-party app stores. When malware is installed on a device, it uses VNC to establish a real-time connection with a remote server (virtual network computing). This gives the hacker access to the infected device.
The malware is capable of a wide range of malicious actions, including audio and video recording, screenshot capture, and data collection about the device and its user. It also has the ability to intercept and redirect incoming and outgoing calls and messages, which could be used to steal sensitive information or commit financial fraud.
Hook can also circumvent two-factor authentication by intercepting and redirecting text messages, allowing hackers to gain access to online accounts.
Hook malware for Android works by intercepting and modifying the behavior of specific functions in the Android operating system. This enables malware to access sensitive information, such as login credentials or personal data, and perform actions without the user’s knowledge or consent.
The malware accomplishes this by injecting code into system libraries or by gaining access to the device via the Android Debug Bridge (ADB). Once the malware has gained access to the device, it can steal sensitive information and transmit it to the attacker using various techniques such as keylogging or screen scraping. Furthermore, the malware can use the device to engage in other malicious activities, such as sending spam or joining a botnet.
“With this feature, Hook joins the ranks of malware families that are able to perform full DTO, and complete a full fraud chain, from PII exfiltration to transaction, with all the intermediate steps, without the need of additional channels,” warns ThreatFabric.
As a result, researchers advise Android users to only download apps from official app stores, such as Google Play, and to avoid apps that request unnecessary permissions. They also advise installing a mobile security app, which can aid in the detection and removal of malware from infected devices.
The sources for this piece include an article in BleepingComputer.