Hook Android banking trojan features

Zimperium’s zLabs has identified a new variant of the Hook Android banking trojan, significantly enhancing mobile threat sophistication. This version features ransomware-style overlays that display extortion messages and demand payments through wallet addresses fetched from the command-and-control (C2) server.

Hook Android banking trojan featuresHook Android banking trojan features

Key Features The malware includes fake NFC overlays for data exfiltration and advanced lockscreen bypass mechanisms to capture credentials. With 107 remote commands, Hook v3 supports screen streaming and gesture capture, and its distribution has expanded to GitHub repositories, leveraging the platform's legitimacy.

Hook Android banking trojan featuresHook Android banking trojan features

Technical Insights Hook uses broadcast receivers for SMS events and escalates privileges to allow factory resets and lockscreen disabling. It employs various tactics for credential access, including intercepting OTP notifications and keylogging. Command and control communication relies on WebSocket, with potential future integration of RabbitMQ.

NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, FraudProtector.net