A dangerous new piece of malware called 'Hook' has been uncovered that, once installed, can allow a hacker to control your Android phone remotely, stealing data, sending money and harvesting your WhatsApp messages.
It is spread through fake banking apps claiming to be from some of the UK's best-known lenders, including Santander, Lloyds, NatWest, Barclays and Metro.
Marijus Briedis, cybersecurity expert at NordVPN, said: “The new ‘Hook’ malware is the stuff of nightmare for Android users, boasting the power to pillage mobile files, ransack WhatsApp accounts or even send money from a user’s phone.
“It is a nasty upgrade of the ERMAC banking trojan first discovered in 2021 that was rented out by cybercriminals on the dark web to steal Android users’ credentials and account information.
“The software, which mainly targets older Android devices, is transmitted through bogus banking apps masquerading as a digital arm of the UK’s best-known banks including Santander, Lloyds, NatWest, Barclays and Metro.
“Hook is a cut above most of the weaponry in a hacker’s arsenal as, once transmitted to a handset or tablet, it can be controlled remotely and in real time. Bad actors paying thousands of pounds for the software get access to a special console that uses the same virtual network technology many workers have to access their office computer from home. This means your device can be taken over even while you’re holding it.
“If you have an Android device it’s important to keep it updated regularly. Malware like Hook thrives by using programmes in older operating systems as backdoors to wrest hold of your hardware. Also make sure that you only download banking apps from an official marketplace like the Google Play Store and check how often it has been reviewed and downloaded before you install it yourself.
“It’s also worth enabling antivirus tools like NordVPN’s Threat Protection, which will alert you to suspicious files before they can harm your handset.”