Lmst

Les comptes bancaires français sous la menace de DroidBot : êtes-vous concerné par cette cyberattaque ? https://whiteandhack.wordpress.com/2025/01/10/les-comptes-bancaires-francais-sous-la-menace-de-droidbot-etes-vous-concerne-par-cette-cyberattaque/ #Android, #Banque, #Cyberattaque, #DroidBot, #France, #Malware, #Wi-Fi

New [DroidBot] Android Banking Malware spreads across Europe. :android:

A recent discovery by Cleafy Labs has shed light on a new Android banking spyware named 'DroidBot' attempts to steal credentials for over 77 cryptocurrency exchanges & banking apps in the UK, Italy, France, Spain and Portugal.

https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation

#android #droidbot #banking #cryptocurrency #spyware #it #security #privacy #engineer #media #tech #news

According to Cleafy Lab’s investigation, DroidBot is a sophisticated Android Remote Access Trojan (RAT) targeting financial institutions and individuals across Europe. This spyware is believed to have been developed by a Turkish-speaking group and leverages advanced techniques to steal sensitive information and control infected devices.

Research revealed that DroidBot is designed to target a wide range of victims, including banking customers, cryptocurrency exchange users and government employees. It employs various tactics to compromise devices, such as disguising itself “as generic security applications, Google services or popular banking apps,” and exploiting the Android Accessibility Services for its malicious activities.

After infecting your device, DroidBot can intercept SMS messages, log keystrokes and capture screenshots of the device’s screen. It can also remotely control the device, allowing attackers to make calls, send messages and access sensitive data.

[ImageSource: Cleafy.com]

DroidBot's masking Apps.

DroidBot is often masqueraded as Google Chrome, Google Play store, or 'Android Security' as a way to trick users into installing the malicious app. However, in all cases, it acts as a trojan attempting to steal sensitive information from apps.

A key aspect of DroidBot's operation is the abuse of Android's Accessibility Services to monitor user actions and simulate swipes and taps on behalf of the malware. Therefore, if you install an app that requests strange permissions, like the Accessibility Services, you should immediately become suspicious and deny the request.

Among the 77 apps DroidBot attempts to steal credentials, some standouts include Binance, KuCoin, BBVA, Unicredit, Santander, Metamask, BNP Paribas, Credit Agricole, Kraken and Garanti BBVA.

[⚠️To mitigate this threat, Android users are advised to only download apps from Google Play, scrutinize permission requests upon installation, and make sure Play Protect is active on their devices.⚠️]

[ImageSource: Cleafy.com]

Affiliates extracted from the sample's configuration.

Multiple affiliates operate on the same C2 infrastructure, with unique identifiers assigned to each group, allowing Cleafy to identify 17 threat groups. The payload builder allows the affiliates to customize DroidBot to target specific applications, use different languages and set other C2 server addresses.

All in all, it’s frustrating and dangerous to see, that the DroidBot MaaS operation makes the barrier of entry fairly low for inexperienced or low-skilled criminal and state sponsored threat actors.

[⚠️To mitigate this threat, Android users are advised to only download apps from Google Play, scrutinize permission requests upon installation, and make sure Play Protect is active on their devices.⚠️]

Auch deutsche Nutzer betroffen: Neue Android-Malware zielt auf Bankdaten und mehr - Golem.de
https://glm.io/191454?n #Cybercrime #Malware #Droidbot #Bankdaten #Android

#銀行アプリなど狙う #Android #マルウェア発見、すでに感染確認 | TECH+（テックプラス）
Cleafyは12月4日(現地時間)、Android向けの新しい #バンキング型マルウェア｢ #DroidBot ｣を発見したと報じた。このマルウェアは遠隔操作型 #トロイの木馬 (RAT: ...
https://news.mynavi.jp/techplus/article/20241206-3078414/

🌐 Campagne #Malware in Italia - Week 49

📞 #APK Bank
🕵️‍♂️ #SpyNote / #Antidot / #Irata / #DroidBot / #SmSSpy
✉️ Email Campaigns
💼 #Formbook: Preventivo
📦 #AgentTesla: Spedizione
📑 #Remcos: Fattura
💰 #GuLoader: Pagamento
🧾 #XWorm: Fattura
🐍 #SnakeKeyLogger: Bonifico
🔖 #Lokibot: Prezzo
©️ #Rhadamanthys: Copyright
📄 #VipKeyLoggerL: Documento