Cybersecurity researchers discovered an Android Banking Trojan named ERMAC. ERMAC is thought to be capable of targeting over 378 legitimate applications. Among them are banking apps, media players, government applications, delivery services, and security solutions, including McAfee. Based on the reports by such security researchers as ThreatFabric, operations involving ERMAC seem to be targeting Polish users.
ERMAC bears a resemblance to the infamous banking trojan Cerberus. In September 2020, the source code for Cerberus was left exposed in an underground forum after its coders were unable to sell it at an online auction. ERMAC also is being offered for rent at $3,000 a month.
Like many other banking trojans, ERMAC relies on overlays when collecting passwords and other information, particularly financial data. It can also intercept text messages and launch applications on the compromised device. Uniquely, ERMAC has some functions not normally found in banking trojans, including the ability to clear the cache of specific applications.
Removing the ERMAC Banking Trojan
If you think that you were infected by the ERMAC Banking Trojan, immediately scan your system with a reputable malware remediation tool. It is also recommended that you change the passwords used on your phone apps, particularly those containing financial data.