Tag: hook

4 Attack Reports | 0 Vulnerabilities

Attack reports

New Android Malware Mimics Human Behavior to Evade Detection

A new Android malware called Herodotus has been discovered, designed to perform device takeover while mimicking human behavior to bypass biometric detection. Active campaigns have been observed in Italy and Brazil. Herodotus is being offered as Malware-as-a-Service and shows links to the previously…
android
credential theft
malware-as-a-service
banking trojan
device takeover
hook
mqtt
remote control
2025-10-28
octo
behavior mimicry
herodotus
brokewell
Published: October 28, 2025
Downloadable IOCs: 1

ERMAC V3.0 Banking Trojan: Full Source Code Leak and Infrastructure Analysis

The complete source code for ERMAC V3.0, an advanced banking trojan, was discovered and analyzed, providing rare insight into this active Malware-as-a-Service platform. ERMAC has evolved to target over 700 financial and cryptocurrency apps, employing sophisticated form injection techniques and encr…
malware-as-a-service
banking trojan
infrastructure analysis
hook
ermac
android malware
cerberus
2025-08-15
exfiltration server
c2 backend
source code leak
encrypted communications
form injection
Published: August 15, 2025
Downloadable IOCs: 0

2024 Malicious Infrastructure Insights: Key Trends and Threats

The report highlights significant trends in malicious infrastructure for 2024, including the rise of malware-as-a-service infostealers, continued dominance of Cobalt Strike among offensive security tools, and increased use of legitimate services by threat actors. Key findings include LummaC2's domi…
lummac2
plugx
cobalt strike
asyncrat
cybercrime
infostealers
dcrat
latrodectus
botnets
mobile malware
malicious infrastructure
quasarrat
hook
gobrat
brute ratel c4
remote access trojans
2025-02-28
traffic distribution systems
mozi botnet
state-sponsored groups
command-and-control servers
solarmarker rat
offensive security tools
Published: February 28, 2025
Downloadable IOCs: 0

The trojan horse that wanted to fly

Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…
phishing
remote access
banking trojan
brazil
keylogging
mobile malware
2024-09-02
device takeover
hook
rocinante
ermac
Published: September 2, 2024
Downloadable IOCs: 4
Click here to see more Attack Reports