SL-CSIRT would like to bring to your attention a serious new Android malware  threat recently discovered the HOOK banking trojan. This latest variant combines banking fraud, spyware, and ransomware features, posing a high risk to financial data and personal devices.

KEY RISKS:

• Displays fake overlays on banking, Google Pay, and crypto apps to steal credentials.
• Deploys ransomware-style screens that lock the device until a ransom is paid.
• Allows hackers to control devices remotely, record gestures, and steal sensitive data.
• Distributed via phishing links, fake GitHub repositories, and malicious APK files.

WHAT YOU SHOULD DO:

• Install apps only from the Google Play Store – avoid sideloading unknown APKs.
• Do not click on suspicious links or QR codes that ask you to download apps.
• Review app permissions carefully, especially Accessibility and Overlay permissions.
• Keep your Android devices updated with the latest security patches.
• Enable mobile security software and report any suspicious activity immediately.

If you suspect infection: disconnect from the internet, uninstall unknown apps, and contact IT/security support immediately. In some cases, a full device reset may be necessary.

Stay alert and protect your accounts. This campaign highlights how attackers are targeting everyday mobile users to steal money and data.