Fake banking apps: dangerous 'Hook' malware that lets crooks control your phone

The malware allows scammers to remotely control your Android device, potentially stealing your personal details and money.

Warnings have been raised about a dangerous new piece of malware that may allow scammers to take control of your Android mobile device.

Hook is a piece of malware, which essentially means it is harmful software that you have on your device.

Obviously, nobody would install it on their device knowingly, but scammers have been sneaky in conning people into adding it.

They’ve done that through fake banking apps.

You might think that you are adding your Santander or Barclays app to your phone but, actually, you’re installing a cloned version that not only won’t allow you to manage your money properly on the move but also comes with the added pain of putting Hook onto your device to boot.

Why Hook is so dangerous

What makes Hook incredibly dangerous is that, once it is up and running on your device, it can be controlled remotely.

As a result, scammers who have conned you into downloading these pretend banking apps can then cause absolute carnage on your Android device, for example by harvesting information from your text and WhatsApp messages, stealing data or even potentially getting into your genuine banking apps and sending money.

The security experts at NordVPN pointed out that Hook is an upgrade of a banking trojan called ERMAC which was first discovered back in 2021, and which was ‘rented out’ to crooks through the dark web, enabling them to get their hands on the details of Android users. 

Marijus Briedis, a cybersecurity specialist at NordVPN, said that Hook was “a cut above” most of the tricks employed by scammers.

They added: “Bad actors paying thousands of pounds for the software get access to a special console that uses the same virtual network technology many workers have to access their office computer from home.

"This means your device can be taken over even while you’re holding it.”

Protecting yourself from Hook

Hook is a useful reminder of how important it is to be vigilant when it comes to downloading apps onto your mobile device.

It’s always safer to make use of dedicated app stores, like the Google Play store or the iStore.

Developers have to meet certain standards before they are able to advertise their apps on these platforms, and that includes making them robust enough to fend off this sort of malware. 

By contrast, if you download an app from a different source, you really have very little to go on in terms of how safe the app truly is, and whether it is a front for some deeply unpleasant form of malware.

If you use an official platform, then you know that you are installing a genuine app from your bank ‒ you don’t have that certainty if you take a different route.

The Hook situation also emphasises the importance of making sure you have sufficient protection on your mobile device.

Keeping it updated, for example, is a smart move ‒ these updates are designed to tackle new and emerging tactics employed by scammers.

However, you may feel that it’s worth going a step further. Some antivirus software for example can be installed not only on your PC or laptop but your mobile devices too, offering a little extra protection for the money you pay.

Beyond that, it’s important to take a similar approach to being secure online when using your phone as you might with a regular computer.

I know it can be easy to slip up here ‒ there have been occasions when I have nearly clicked on dodgy links or attachments in emails or messages on LinkedIn when I’ve read them on my phone, when I’m pretty confident I would have spotted the danger more quickly if using my laptop.

Ultimately, we need to be just as vigilant no matter what device we are using ‒ we are all just as at risk when using a mobile as when using a regular computer, and therefore should be equally guarded against attachments and links in emails.

Comments


Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.

 

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service provider. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the products.