- Hook V3 uses fake Google remuneration overlays to encourage victims to appoint sensitive data data
- Real -time screen streaming allows attackers to spy on the victims directly
- Github standards host malicious APKs, more broadly distributing advanced malware
Hook V3, the latest variant of the malicious software of long running Hook Android Banking, introduces a range of unusually widely wide capabilities, warned.
The researchers from Zimperium Zlabs claim that malware now supports 107 remote commands, with 38 added in the last update, and it continues to operate the Android accessibility services.
Its enlarged functionality suggests a passage from narrow banking fraud to a more versatile threat platform – potentially putting many more in danger.
Ransomware of superpositions and misleading prompts
In their report, researchers describe how Hook V3 can steal personal data, divert user sessions and get around the defenses of the devices.
“Hook V3 blurs the border between banking horses, spy software and ransomware,” said Nico Chiaraviglio, chief scientist of Zimperium.
“Its rapid development and large -scale distribution increase the threat to financial institutions, businesses and mobile users around the world. This discovery strengthens the urgent need for proactive and disc defenses. ”
One of the determining additions is the use of ransomware style overlays. Victims may encounter full screen warnings that require payment, a tactic more commonly associated with office ransomware.
Such attacks highlight the need for stronger ransomware protection on mobile devices, a traditionally less underlined area.
Hook V3 also uses false unlocking screens that imitate legitimate invites of spindles or patterns.
Once users enter their details, attackers get identification information to circumvent locking screens. This combination of superimpositions and remote controls makes malware particularly intrusive.
The Trojan now includes false NFC scanning screens and counterfeit payment card overlays.
These are designed to imitate legitimate services such as Google Pay, increasing the probability that users without distrust come from sensitive data.
Transparent overlays silently record gestures, while real -time streaming allows attackers to look at the device’s activity.
By combining passive flight with active monitoring, Hook V3 shows a layer approach to intrusion.
Although it does not directly launch distributed denial attacks, its large set of orders reflects the same type of versatility which motivates investment in the protection of DDOS in wider cybersecurity strategies.
Hook V3 spreads via phishing websites, but malicious APKs have also been hosted openly on Github, which means that attackers use largely reliable platforms to distribute malware.
That said, Hook always seems in development, with code fragments referring to Rabbitmq and Telegram.
Although there are signs of limited use of telegrams to send injection data, the lack of cat identity or bot tokens suggests that these functions remain unfinished.
