Home

Malware Families

HOOKBOT

Android

HOOKBOT

HOOKBOT

HookBot is a sophisticated Android banking Trojan designed to steal sensitive information such as online banking credentials, email account passwords, cryptocurrency wallet details, and social media login data. It employs overlay attacks, keylogging, and accessibility service exploitation to gain unauthorized access to users’ private data.

Known Variants

Known Variants

HookBot is a variant of the Ermac malware family, developed by a threat actor known as "DukeEugene." While it shares many features with Ermac, HookBot’s enhancements include remote access tools, setting it apart from its predecessor.

HookBot is a variant of the Ermac malware family, developed by a threat actor known as "DukeEugene." While it shares many features with Ermac, HookBot’s enhancements include remote access tools, setting it apart from its predecessor.

Mitigation Strategies

Mitigation Strategies

Train users to install apps only from official app stores and avoid third-party sources. Use comprehensive mobile security solutions to detect and block overlay attacks. Regularly update devices and apps to ensure the latest security patches are applied. Monitor app permissions, particularly requests for accessibility service access without clear justification.

Targeted Industries or Sectors

Targeted Industries or Sectors

HookBot primarily targets individual users by impersonating applications from various industries, including banking, social networking, and cryptocurrency. It has been observed mimicking Polish banking applications, suggesting a focus on financial institutions in specific regions.

HookBot primarily targets individual users by impersonating applications from various industries, including banking, social networking, and cryptocurrency. It has been observed mimicking Polish banking applications, suggesting a focus on financial institutions in specific regions.

Associated Threat Actors

Associated Threat Actors

The development and distribution of HookBot are attributed to a threat actor operating under the alias "DukeEugene." This individual is also associated with the Ermac malware family, highlighting a pattern of creating and propagating Android-based banking Trojans.

The development and distribution of HookBot are attributed to a threat actor operating under the alias "DukeEugene." This individual is also associated with the Ermac malware family, highlighting a pattern of creating and propagating Android-based banking Trojans.

References

    Ready to uncover malware networks?

    We can help you detect malware families and expose their hidden infrastructure blending into malicious networks and hosting providers.

    Book your Demo Today

    Banner background image

    Ready to uncover malware networks?

    We can help you detect malware families and expose their hidden infrastructure blending into malicious networks and hosting providers.

    Book your Demo Today

    Banner background image

    Ready to uncover malware networks?

    We can help you detect malware families and expose their hidden infrastructure blending into malicious networks and hosting providers.

    Book your Demo Today

    Banner background image
    HookBot: Advanced Android Banking Trojan Targeting User Credentials

    Threat Hunting Platform - Hunt.io

    Products

    Web Interface

    Feeds

    Enrichment API

    Features

    AttackCapture™

    HuntSQL™

    New

    C2 Detection

    IOC Hunter

    Phishing Infrastructure

    Resources

    Change Log

    Terms & Conditions

    Privacy Policy

    Support Docs

    Malware Families

    Latest News

    Hunt.io 2024 Year in Review Key Product & Research Highlights

    Hunt.io 2024 Year in Review Key Product & Research Highlights

    Dec 20, 2024

    Oyster’s Trail: Resurgence of Infrastructure Linked to Ransomware and Cybercrime Actors

    Oyster’s Trail: Resurgence of Infrastructure Linked to Ransomware and Cybercrime Actors

    Dec 12, 2024

    “Million OK !!!!” and the Naver Facade: Tracking Recent Suspected Kimsuky Infrastructure

    “Million OK !!!!” and the Naver Facade: Tracking Recent Suspected Kimsuky Infrastructure

    Dec 10, 2024

    ©2024

    Hunt Intelligence, Inc.

    HookBot: Advanced Android Banking Trojan Targeting User Credentials

    Threat Hunting Platform - Hunt.io

    Products

    Web Interface

    Feeds

    Enrichment API

    Features

    AttackCapture™

    HuntSQL™

    New

    C2 Detection

    IOC Hunter

    Phishing Infrastructure

    Resources

    Change Log

    Terms & Conditions

    Privacy Policy

    Support Docs

    Malware Families

    Latest News

    Hunt.io 2024 Year in Review Key Product & Research Highlights

    Hunt.io 2024 Year in Review Key Product & Research Highlights

    Dec 20, 2024

    Oyster’s Trail: Resurgence of Infrastructure Linked to Ransomware and Cybercrime Actors

    Oyster’s Trail: Resurgence of Infrastructure Linked to Ransomware and Cybercrime Actors

    Dec 12, 2024

    “Million OK !!!!” and the Naver Facade: Tracking Recent Suspected Kimsuky Infrastructure

    “Million OK !!!!” and the Naver Facade: Tracking Recent Suspected Kimsuky Infrastructure

    Dec 10, 2024

    ©2024

    Hunt Intelligence, Inc.

    HookBot: Advanced Android Banking Trojan Targeting User Credentials

    Threat Hunting Platform - Hunt.io

    Products

    Web Interface

    Feeds

    Enrichment API

    Features

    AttackCapture™

    HuntSQL™

    New

    C2 Detection

    IOC Hunter

    Phishing Infrastructure

    Resources

    Change Log

    Terms & Conditions

    Privacy Policy

    Support Docs

    Malware Families

    Latest News

    Hunt.io 2024 Year in Review Key Product & Research Highlights

    Hunt.io 2024 Year in Review Key Product & Research Highlights

    Dec 20, 2024

    Oyster’s Trail: Resurgence of Infrastructure Linked to Ransomware and Cybercrime Actors

    Oyster’s Trail: Resurgence of Infrastructure Linked to Ransomware and Cybercrime Actors

    Dec 12, 2024

    “Million OK !!!!” and the Naver Facade: Tracking Recent Suspected Kimsuky Infrastructure

    “Million OK !!!!” and the Naver Facade: Tracking Recent Suspected Kimsuky Infrastructure

    Dec 10, 2024

    ©2024

    Hunt Intelligence, Inc.