Android users are facing a significant cybersecurity threat as the notorious HOOK banking trojan has evolved into a more sophisticated and dangerous variant. Known as HOOK Version 3, this malware now combines elements of banking fraud, ransomware, and spyware, making it one of the most advanced mobile threats identified to date.
Zimperium’s zLabs research team has uncovered that HOOK Version 3 introduces a staggering 107 remote commands, 38 of which are newly added.
These capabilities allow attackers to manipulate devices in unprecedented ways, including deploying full-screen ransomware overlays demanding cryptocurrency payments, using fake NFC scans to trick users into revealing sensitive data, and capturing user gestures through transparent overlays.
Among its new tricks, the trojan can:
These features demonstrate the malware’s ability to not only steal financial information but also to monitor and control infected devices remotely.
HOOK’s metamorphosis enables it to now host malicious APKs on GitHub. Which is eroding the legitimacy of the platform as well as deceiving even more naive users.
The malware also shares tenancy with other trojans like Ermac and Brokewell, indicating a coordinated malware-as-a-service ecosystem.
While the new Hook variant is spreading on GitHub, a Google spokesperson said no apps containing the malware have been found in the Google Play store.
“Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services,” the spokesperson said. “Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”
To safeguard against HOOK Version 3 and similar threats, Android users should:
By staying vigilant and following these best practices, users can reduce the risk of falling victim to HOOK Version 3 and other mobile malware threats.