Again, Android mobiles can be found to have a rock and a hard place in case they do not follow the main keys to stay protected against viruses. On this occasion, the threat spreads among many applications, a number that will also continue to increase, as confirmed by the researchers, given the ease of access to this malware.
The aforementioned problem is called ERMAC 2.0 and has already managed to penetrate a good number of devices, obtaining personal data that ends up leading criminals to obtain account numbers, access codes to the bank and also to social networks , seizing all kinds of information about people.
Malware gains full access to mobiles
Security experts from the company ESET Research are the ones who have detected this threat through Bolt Food, a web portal apparently focused on food delivery, which poses as another legal service in Poland. A modus operandi that is being carried out in many other countries around the world, including Spain with several apps to discover. Through a link on social networks, with an email or even through an SMS, they can send us to a website that we do not raise suspicions about.
However, the virus that affects Android mobiles comes into action when we trust ourselves and tap on the button to download the application. Once the file is inside the mobile, it proceeds with the installation and the request for concessions, among which it requests an accessibility permit that grants full control to the phone . As much as Google has tried to limit this in its latest versions, the malware has managed to find a significant gap, although it should be noted that on smartphones with Android 11 and Android 12, it will be more complicated.
Cyble has analyzed said access permission and has been able to corroborate that with a single step we would be giving access to more than 43 permissions on the smartphone . Among all of them, there is the possibility of reading the SMS we receive and, therefore, they manage to circumvent the two-step verification. You will also be able to know all the data we write, phone files and even get the ability to record audio.
The threat continues to spread among apps
The biggest problem with this virus, beyond everything it can achieve with a single permission, is that it hasn’t said its last word yet. It is very difficult to stop applications that are outside of Google Play, so the best remedy we can use so that the threat does not affect us is to only download applications from the official store . The developers of the virus offer it for a monthly subscription of 5,000 dollars, allowing anyone to carry out their attack against us.
The different campaigns with this malware could be even more dangerous, as we have seen before, reaching many countries. This makes us have to be very careful not to become victims of an attack that can be located through all kinds of applications, from battery optimizers to supposed antiviruses, as we have seen on other occasions, but in this case causing almost irreparable damage.