{
	"id": "adc51e9c-c173-4a5b-967b-a4651e578ccd",
	"created_at": "2026-04-06T00:10:50.511246Z",
	"updated_at": "2026-04-10T03:20:23.556175Z",
	"deleted_at": null,
	"sha1_hash": "519c4896971387d41b8d800a22f386c145064584",
	"title": "ERMAC - another Cerberus reborn",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 27948,
	"plain_text": "ERMAC - another Cerberus reborn\r\nPublished: 2024-10-01 · Archived: 2026-04-05 19:53:44 UTC\r\nOn July 23 a forum post appeared regarding a new Android banking trojan. The attached screenshots show that it\r\nis named ERMAC. Our investigation shows that ERMAC is almost fully based on the well-known banking trojan\r\nCerberus, and is being operated by BlackRock actor(s).\r\nOn August 17, a forum member named “ermac” invited anyone interested in this topic to send a PM to make a\r\ndeal. The user registered just the day before and posted a similar advertisement in his profile. Interestingly\r\nenough, the topic starter said that he found the contact 4 days earlier. On the same day, another forum member,\r\n“DukeEugene”, posted a message in his account:\r\n“Android botnet ERMAC. I will rent a new android botnet with wide functionality to a narrow circle of people (10\r\npeople). 3k$ per month. Details in PM.”\r\nDukeEugene is known as an actor behind the BlackRock banking trojan that we discovered in 2020. DukeEugene\r\nclaimed to be the one of the actors shortly after we published our discovery.\r\nSource: https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html\r\nhttps://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA",
		"Malpedia"
	],
	"references": [
		"https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html"
	],
	"report_names": [
		"ermac-another-cerberus-reborn.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434250,
	"ts_updated_at": 1775791223,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/519c4896971387d41b8d800a22f386c145064584.pdf",
		"text": "https://archive.orkl.eu/519c4896971387d41b8d800a22f386c145064584.txt",
		"img": "https://archive.orkl.eu/519c4896971387d41b8d800a22f386c145064584.jpg"
	}
}