Jun 7, 2026
C2 Hosts: 1
Hook
According to ThreatFabric, this is a malware family based on apk.ermac. The name hook is the self-advertised named by its vendor DukeEugene. It provides WebSocket communication and has RAT capabilities.
C2 Infrastructure
Hosting/VPS 100%
Last 7 days
| Date | C2 Hosts |
|---|---|
| Jun 7, 2026 | 1 |
Further Reading
Cyber Security Research opens in a new tab
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
research.nccgroup.com
Botnet C&C | Botnet Threat Update January to June 2025 | Report opens in a new tab
spamhaus.org
Hook: a new Ermac fork with RAT capabilities opens in a new tab
Hook, the latest project of the criminals behind the Ermac banking malware, adds Remote Access Tool features, allowing this variant to perform On Device Fraud.
threatfabric.com
Hook Version 3: The Banking Trojan with The Most Advanced Capabilities opens in a new tab
true
zimperium.com