The source code for version 3 of the ERMAC Android banking trojan has been leaked online, exposing the internals of the malware-as-a-service platform and the operator’s infrastructure.

The code base was discovered in an open directory by Hunt.io researchers while scanning for exposed resources in March 2024.

They located an archive named Ermac 3.0.zip, which contained the malware’s code, including backend, frontend (panel), exfiltration server, deployment configurations, and the trojan’s builder and obfuscator.

The researchers analyzed the code, finding that it significantly expanded the targeting capabilities compared to previous versions, with more than 700 banking, shopping, and cryptocurrency apps.

ERMAC was first documented in September 2021 by ThreatFabric - a provider of o

See Full Page