Researchers at Cleafy have discovered a new Android banking trojan called “DroidBot” that steals login information for more than 77 cryptocurrency exchanges and banking apps.
DroidBot has been active since June 2024 as a malware-as-a-service (MaaS) platform. Criminals who want to use DroidBot pay a monthly subscription fee of $3000.
So far, 17 groups have been identified that used malware for attacks with the help of malware creators. Malware infections have been detected across the UK, Italy, France, Turkey and Germany, but Cleafy warns that there are indications of attempts to spread the malware to new regions.
The developers of DroidBot are most likely Turkish, who provide collaborators with all the necessary tools to carry out attacks. This includes the malware itself, command and control (C2) servers, and a central administrative panel from which they can control their operations, retrieve stolen data, and issue commands.
Multiple branches work on the same C2 infrastructure. Each group was assigned a unique identifier, which allowed Cleafy to identify 17 groups using the malware.
The developers allow affiliates to customize DroidBot to attack specific apps and different languages, provide them with technical support and access to a Telegram channel where updates are posted regularly. Overall, DroidBot MaaS is designed in such a way that even inexperienced cybercriminals can use it.
DroidBot often disguises itself as Google Chrome, Google Play Store or Android Security. In all cases, DroidBot acts as a Trojan that tries to steal sensitive information from applications.
Malware can record the victim's keystrokes, display fake login pages through banking application interfaces, intercept SMS messages, especially those containing one-time passwords (OTPs) for banking applications, allow attackers to remotely view and control infected device, execute commands and dim the screen to hide the malicious activity.
DroidBot uses Android access services to track what the victim is doing on the device and simulates swiping and tapping movements.
Among the 77 apps that DroidBot is trying to steal passwords for are Binance, KuCoin, BBVA, Unicredit, Santander, Metamask, BNP Paribas, Credit Agricole, Kraken and Garanti BBVA.
Android users are advised to download apps only from Google Play, review permission requests after installation and check if Play Protect is active on their devices. /Telegraph/
Promo
Advertise herePrigozhin - Putin war
MoreIf you have this app, delete it now.
Samsung just introduced the new Galaxy S25 series - the details and specs you need to know
Meta is offering significant sums of money to join Facebook and Instagram amid TikTok uncertainty
More than 136 thousand cheaters in Black Ops 6 and Warzone
Clash of the titans: Who said what in the clash between Musk, Altman and Nadella after Trump announced the $500 billion project for 'Al'
Why does Elon Musk want you to use Signal and not Facebook - and how does it work?
104.5m² comfort - Luxurious apartment with an attractive view for your offices
Invest in your future - buy a flat in 'Arbëri' now! ID-140
Apartment for sale in Fushë Kosovë in a perfect location - 80.5m², price 62,000 Euro! ID-254
Ideal for office - apartment for rent ID-253 in the center of Pristina
Buy the house of your dreams in Pristina - DISCOUNT, grab the opportunity now! ID-123
Every kid loves a new jacket for the new year!
25% Off Adidas Terrex Boots? Reach out!
Hey guys! Adidas super jacket now comes with exclusive discount just for you
The famous Reebook sneakers come with happy discounts
Your children's creativity begins with this blackboard from Vitorja - Get an exclusive 20% discount
Most read
What is La Niña, will it change Europe's weather and will it cause problems?
Debate between Gjesti and Loredana over cigarettes at BBVA escalates to physical contact
One day before the Big Brother finale - Alaudin Hamiti gives some information to the public
He told him that Egli's eyes sparkled more for him, Gjesti turns to Aldo: Can you see that he's shaking, I've finished your cake?
Denisa Kele on the "Trump" cryptocurrency: I bought a little, there were 10 million requests per second
Reactions after Serbia expels 13 civil society activists, including Albanians