Researchers from Threatfabric found in July a new Android banking trojan dubbed ERMAC that is almost fully based on the popular banking trojan Cerberus. The source code of Cerberus was released in September 2020 on underground hacking forums after its operators failed an auction.
According to the experts, ERMAC is operated by threat actors behind the BlackRock mobile malware.
On August 17, two forum members named “ermac” and “DukeEugene” started advertising the malware. “DukeEugene”, posted the following message in his account:
“Android botnet ERMAC. I will rent a new android botnet with wide functionality to a narrow circle of people (10 people). 3k$ per month. Details in PM.”