Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 20:05:36 UTC
 Tool: ERMAC
Names ERMAC
Category Malware
Type Banking trojan, Backdoor, Info stealer, Credential stealer, Botnet
Description
(Threatfabric) On July 23 a forum post appeared regarding a new Android banking trojan. The
attached screenshots show that it is named ERMAC. Our investigation shows that ERMAC is
almost fully based on the well-known banking trojan Cerberus, and is being operated by
BlackRock actor(s).
Information
Malpedia Last change to this tool card: 06 March 2024
Download this tool card in JSON format
All groups using tool ERMAC
Changed Name Country Observed
Unknown groups
 _[ Interesting malware not linked to an actor yet ]_
1 group listed (0 APT, 0 other, 1 unknown)
↑
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f1a782ee-428e-4504-906d-bee5e81ca577
Page 1 of 2

Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f1a782ee-428e-4504-906d-bee5e81ca577
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f1a782ee-428e-4504-906d-bee5e81ca577
Page 2 of 2

Unknown groups _[ Interesting malware not linked to an actor yet ]_
1 group listed (0 APT, 0 other, 1 unknown) 
↑   
   Page 1 of 2