Hydra Malware

Hydra, a banking trojan that targets Android devices, was first discovered in 2019. By tricking users into enabling dangerous permissions on the mobile device, Hydra steals finance credentials. In October 2022, Hydra was the second most common mobile malware, behind Anubis and ahead of Joker.

Hydra is commonly distributed via phishing messages and websites, as well as malicious applications in google store. If a mobile user clicks on a link, the malware is downloaded and installed on the device. Hydra then takes steps to hide itself from detection, including removing its launch icon from the home screen, protecting against uninstall, and similar tactics.

Request a Demo Get the Security Report

The Threat

Hydra is known for asking users to enable dangerous permissions, including a list of over 20 requests by default. If a user grants these permissions to the mobile app, then it has wide-reaching access to various device features. Some of the malicious actions that Hydra can take with these permissions include:

  • Credential Theft: Hydra is a banking trojan, so stealing login credentials for financial institutions is a primary focus. The malware uses accessibility features to overlay a malicious login page over a real one, allowing the app to steal credentials entered by the user.
  • SMS Message Theft and OTP Interception: Access to SMS messages is one of the many permissions requested by Hydra. SMS-based one-time passwords (OTPs) are commonly used for multi-factor authentication (MFA). With access to SMS messages, Hydra can steal these OTPs, enabling the attacker to defeat MFA and gain access to the user’s online accounts.
  • Lock Screen PIN Theft: Hydra has the ability to monitor lock screen activities, allowing it to steal the user’s PIN. This can be used to authorize certain actions on the infected device.
  • Remote Access Trojan (RAT): Some versions of Hydra have RAT functionality. This allows the attacker to remotely access and directly perform actions on infected mobile devices.
  • SMS Spam: Hydra has the ability to send bulk SMS messages from infected devices to everyone in the contact list. These bulk messages can be used for spam or to send out phishing messages that further spread the malware.
  • Changing Settings: Hydra can change permissions on infected devices. This can allow the malware to disable Play Protect or re-enable Wi-Fi and mobile networks if the user disables them.

How to Protect Against Hydra Malware

Hydra is a dangerous and versatile example of mobile malware. Once installed on a device, it can collect a range of sensitive data and perform various other malicious actions. Organizations can take a variety of actions to protect themselves, their employees, and their devices against Hydra malware. Some best practices for mobile device protection include the following:

  • Download Apps From Official App Stores: Hydra is predominantly installed via sideloading from unofficial app stores. Installing Android apps only from Google Play Store reduces the risk of infection.
  • Research Apps Before Installation: Legitimate mobile apps commonly have legitimate websites and are available via reputable app stores. Research all mobile apps before installing them.
  • Limit Installed Mobile Apps: Any mobile app may be concealing malicious functionality or exploitable vulnerabilities. Limiting the number of mobile apps installed on a device reduces its attack surface.
  • Manage App Permissions: Hydra is notorious for requesting numerous unnecessary and dangerous permissions that allow it to perform various malicious actions. Limiting the permissions granted to an app — and not installing apps that ask for unnecessary or dangerous ones — reduces the risk that it poses.
  • Deploy a Mobile Security Solution: Mobile security solutions can block the installation of malicious apps and identify malware on a device. Installing and maintaining a mobile security solution can help to reduce the risk of mobile malware.
  • Use Multi-Factor Authentication (MFA): Mobile malware like Hydra can steal passwords and intercept SMS-based OTPs. Enabling stronger forms of MFA can help to protect against account takeover attacks.
  • Enforce Least Privilege: The principle of least privilege states that users and devices should only have the access and permissions that are required for their role. Implementing least privilege reduces the risk that a device infected with Hydra malware poses to an organization.

Hydra Mobile Malware Protection with Check Point

While Hydra is indeed one of the leading malware threats to mobile devices, organizations face various malware and other cyber threats. Learn more about the current state of the cyber threat landscape in Check Point’s 2022 Cyber Security Report.

Check Point Harmony Mobile provides robust threat prevention for mobile devices, including against Hydra and other mobile malware variants. It uses Check Point ThreatCloud’s threat intelligence to identify and defend against the latest threat campaigns. Learn more about how Harmony Endpoint can help your organization protect against Hydra malware and other mobile threats by signing up for a free demo today.

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.