Skip to content Dark Web Informer - Cyber Threat Intelligence

📖 Overview
A new domain-based indicator has been identified linked to botnet command-and-control infrastructure for apk.hook (HookBot). The domain, hosted under Hetzner (AS24940), is tied to ERMAC v3.0 activity and represents a high-confidence threat to Android devices targeted by banking trojans.


📌 Key Details

FieldInformation
TypeDomain
Indicatorwww.libertydroid-magma[.]top
Threat TypeBotnet C2
Malwareapk.hook
Confidence100%
Date30 Aug 2025 – 00:01:04 UTC
TagsAS24940, C2, Censys, HETZNER-AS, HookBot
ReporterDonPasci

🔎 URLScan Result


📡 Related Intelligence


🛡️ Defensive Guidance

  • Block www.libertydroid-magma[.]top at DNS, proxy, and endpoint levels.
  • Monitor for outbound traffic to Hetzner-hosted infrastructure (AS24940).
  • Hunt for apk.hook artifacts on mobile endpoints (APK sideload traces, suspicious accessibility service abuse).
  • Review mobile MDM and firewall logs for attempts to connect to ERMAC 3.0 C2 panels.

Latest