{
	"id": "9393df45-215f-4192-8aad-8ae954af942f",
	"created_at": "2026-04-06T00:08:10.288945Z",
	"updated_at": "2026-04-10T13:11:34.312835Z",
	"deleted_at": null,
	"sha1_hash": "12325426127fa5e748374d990cc022b7e7a0caca",
	"title": "ERMAC (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 50582,
	"plain_text": "ERMAC (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 17:18:41 UTC\r\napk.ermac (Back to overview)\r\nERMAC\r\nAccording to Intel471, ERMAC, an Android banking trojan enables bad actors to determine when certain apps are\r\nlaunched and then overwrites the screen display to steal the user's credentials\r\nReferences\r\n2025-08-14 ⋅ Hunt.io ⋅ Hunt.io\r\nHunt.io Exposes and Analyzes ERMAC V3.0 Banking Trojan Full Source Code Leak\r\nERMAC\r\n2025-03-11 ⋅ ThreatMon ⋅ Aziz Kaplan, ThreatMon, ThreatMon Malware Research Team\r\nNew Ermac Variant - Android Banking Trojan \u0026 Botnet\r\nERMAC\r\n2023-10-03 ⋅ Twitter (@ShilpeshTrivedi) ⋅ Shilpesh Trivedi\r\nTweet about possible Rebranding/Deriviate for ERMAC called Rusty Droid\r\nERMAC\r\n2023-09-11 ⋅ NCC Group ⋅ Alberto Segura, Joshua Kamp\r\nFrom ERMAC to Hook: Investigating the technical differences between two Android malware variants\r\nERMAC Hook\r\n2022-12-08 ⋅ ThreatFabric ⋅ ThreatFabric\r\nZombinder: new obfuscation service used by Ermac, now distributed next to desktop stealers\r\nERMAC Xenomorph\r\n2022-11-25 ⋅ Resecurity ⋅ Resecurity\r\n\"In The Box\" - Mobile Malware Webinjects Marketplace\r\nAlien Cerberus Coper ERMAC Hydra\r\n2022-08-31 ⋅ Intel 471 ⋅ Intel 471 Malware Intelligence team\r\nERMAC 2.0: Perfecting the Account Takeover\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/apk.ermac\r\nPage 1 of 2\n\nERMAC\r\n2022-05-25 ⋅ cyble ⋅ Cyble Research Labs\r\nERMAC Back In Action: Latest Version Of Android Banking Trojan Targets Over 400 Applications\r\nERMAC\r\n2021-10-06 ⋅ Twitter (@ESETresearch) ⋅ ESET Research\r\nTweet on ERMAC android malware\r\nERMAC\r\n2021-09-22 ⋅ ThreatFabric ⋅ ThreatFabric\r\nERMAC - another Cerberus reborn\r\nAmpleBot Cerberus ERMAC\r\nThere is no Yara-Signature yet.\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/apk.ermac\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/apk.ermac\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/apk.ermac"
	],
	"report_names": [
		"apk.ermac"
	],
	"threat_actors": [],
	"ts_created_at": 1775434090,
	"ts_updated_at": 1775826694,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/12325426127fa5e748374d990cc022b7e7a0caca.pdf",
		"text": "https://archive.orkl.eu/12325426127fa5e748374d990cc022b7e7a0caca.txt",
		"img": "https://archive.orkl.eu/12325426127fa5e748374d990cc022b7e7a0caca.jpg"
	}
}