Android users should be on the lookout for new hook malware with RAT capabilities. (31st January 20

Ref# AL2023_08 | Date: Jan 31st 2023


A new Android malware known as “Hook” can remotely manage mobile devices with accessibility services and access files saved on devices. Cybercriminals are currently spreading this malware. 


Using Hook”s RAT module, threat actors can perform a wide range of harmful operations, including swipe actions, screenshot capture, mimic key presses, unlock device scrolling up and down, imitate long press events, start and stop defined applications, enable call forwarding, send texts, open specific URLs, and more. Hook uses Accessibility Services to implement its Remote Access Tool features. It can take over an entire gadget (DTO).  

How it works  

The hook malware is a banking Trojan. Its code seems remarkably like Ermac, another well-known trojan, and it even has several aspects in common with the notorious malware. However, there are a few unique capabilities, such as the ability to control a mobile device through VNC (virtual network computing). Additionally, Hook includes WebSocket communication capabilities, and it encrypts all its communications using a hardcoded AES-256-CBC key.  

Fake Chrome browsers delivered via Telegram, phishing campaigns, and perhaps dropper apps on Google Play are the main methods used to distribute Hook malware. After the device is compromised in order to collect sensitive data like passwords or banking credentials, malware employs hooking tactics. This is accomplished by adding hooks that monitor keyboard user inputs at crucial moments or by hooks that intercept private information before it is sent over networks. Some sophisticated malware also uses hooking techniques to change the outcomes of filesystem or registry API calls in order to hide its presence from the system itself. 


The Guyana National CIRT advises scanning your Android device with reliable anti-malware software to get rid of these malware infections. 

The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.  

PDF Download: New hook malware with RAT capabilities.pdf