The malware allows scammers to remotely control your Android device, potentially stealing your personal details and money.
Warnings have been raised about a dangerous new piece of malware that may allow scammers to take control of your Android mobile device.
Hook is a piece of malware, which essentially means it is harmful software that you have on your device.
Obviously, nobody would install it on their device knowingly, but scammers have been sneaky in conning people into adding it.
They’ve done that through fake banking apps.
You might think that you are adding your Santander or Barclays app to your phone but, actually, you’re installing a cloned version that not only won’t allow you to manage your money properly on the move but also comes with the added pain of putting Hook onto your device to boot.
Why Hook is so dangerous
What makes Hook incredibly dangerous is that, once it is up and running on your device, it can be controlled remotely.
As a result, scammers who have conned you into downloading these pretend banking apps can then cause absolute carnage on your Android device, for example by harvesting information from your text and WhatsApp messages, stealing data or even potentially getting into your genuine banking apps and sending money.
The security experts at NordVPN pointed out that Hook is an upgrade of a banking trojan called ERMAC which was first discovered back in 2021, and which was ‘rented out’ to crooks through the dark web, enabling them to get their hands on the details of Android users.
Marijus Briedis, a cybersecurity specialist at NordVPN, said that Hook was “a cut above” most of the tricks employed by scammers.
They added: “Bad actors paying thousands of pounds for the software get access to a special console that uses the same virtual network technology many workers have to access their office computer from home.
"This means your device can be taken over even while you’re holding it.”
Protecting yourself from Hook
Hook is a useful reminder of how important it is to be vigilant when it comes to downloading apps onto your mobile device.
It’s always safer to make use of dedicated app stores, like the Google Play store or the iStore.
Developers have to meet certain standards before they are able to advertise their apps on these platforms, and that includes making them robust enough to fend off this sort of malware.
By contrast, if you download an app from a different source, you really have very little to go on in terms of how safe the app truly is, and whether it is a front for some deeply unpleasant form of malware.
If you use an official platform, then you know that you are installing a genuine app from your bank ‒ you don’t have that certainty if you take a different route.
The Hook situation also emphasises the importance of making sure you have sufficient protection on your mobile device.
Keeping it updated, for example, is a smart move ‒ these updates are designed to tackle new and emerging tactics employed by scammers.
However, you may feel that it’s worth going a step further. Some antivirus software for example can be installed not only on your PC or laptop but your mobile devices too, offering a little extra protection for the money you pay.
Beyond that, it’s important to take a similar approach to being secure online when using your phone as you might with a regular computer.
I know it can be easy to slip up here ‒ there have been occasions when I have nearly clicked on dodgy links or attachments in emails or messages on LinkedIn when I’ve read them on my phone, when I’m pretty confident I would have spotted the danger more quickly if using my laptop.
Ultimately, we need to be just as vigilant no matter what device we are using ‒ we are all just as at risk when using a mobile as when using a regular computer, and therefore should be equally guarded against attachments and links in emails.