Security researchers have unearthed a new malware campaign that targets both Windows and Android devices.
According to The Hacker News, this campaign entails the use of malware like ERMAC, a well-known Android banking trojan, or info-stealing malware such as Erbium, Aurora and Laplas.
The campaign has already resulted “in thousands of victims”, says ThreatFabric, the cybersecurity firm that shared the report with The Hacker News.
“Erbium stealer successfully exfiltrated data from more than 1,300 victims.”
ThreatFabric found that Zombinder dark web platform was used by hackers to bind malware to legitimate apps and has been used to target victims in Spain, Portugal, Canada and more.
What’s worrying is how the malware was delivered to the victim’s devices. ThreatFabric found a number of legitimate Android apps like Instagram that were infected with malware.
ThreatFabric said that bad actors “used a third-party service provided on darknet to “glue”, or bind, dropper capabilities to a legitimate application.”
“After downloading the bound application, it will act as usual unless it shows a message stating that the app needs to be updated. At this point, if accepted by the victim, the seemingly legitimate application will install this update, which is nothing else than Ermac,” ThreatFabric added.