There’s a new Android banking malware called Droidbot that’s causing a stir among cybersecurity experts.
They've raised the alarm about how it’s making attempts to steal credentials belonging to more than 77 crypto exchanges and banking platforms located in different parts of the world. This includes Spain, France, the UK, Italy, and Portugal.
As per experts at Cleafy, Droidbot has been active since the summer of this year and continues to operate from the MaaS platform. This is where the tool is up for sale for just $3000 a month. Let’s not forget how 17 affiliate groups were highlighted using the malware producers to customize payloads for certain targets.
Droidbot does lack the right kind of sophisticated features or novel features but still, it can infect devices in a unique manner. The activity is significant and the malware seems to be under heavy development at this time. There are signs of it heading towards an expansion in different regions like Latin America.
The developers behind the malware seem to be Turkish in origin and can give rise to affiliates possessing all the right kinds of tools to carry out attacks. Furthermore, it can retrieve data that was stolen while issuing commands at the same time.
The payload builder enables affiliates to customize malware so that target apps are struck. This includes using different languages and setting up C2 server addresses. Meanwhile, affiliates even get access to detailed documents and provide support for malware creators. There’s even access to Telegram channels where updates routinely get published.
As a whole, this operation makes any obstacles or hindrances it could face low for those who are inexperienced or possess low skills. Another alarming finding is the tendency to disguise itself as another leading platform like the Play Store, Chrome, or Android Security. This way, victims get tricked into downloading malicious platforms.
The main features worth mentioning include keylogging, overlaying, SMS interception, and VNC. Shocking features include abusing the Accessibility Services on Android to monitor actions and simulate swipes. Anyone downloading apps requesting suspicious permissions needs to say no immediately.
Some stand-out platforms where attempts were made to steal sensitive user credentials include Binance, Unicredit, Kraken, and also KuCoin. To ward off the threat, security researchers advise downloading platforms using Google Play. At the same time, being mindful of permission requests after downloads and keeping Play Protect active are other useful pointers worth remembering.
Image: DIW-Aigen
Read next:
• Data Reveals Google’s Market Share in EU Declines Amid Ongoing Legal Battles
• 76% of Americans Report Emotional Stress From Finances During the Holiday Season
by Dr. Hura Anwar via Digital Information World
No comments:
Post a Comment