DroidBot: New Android Banking Malware Threat
Key Features:
– Targets 77+ cryptocurrency exchanges and banking apps across Europe
– Operates as Malware-as-a-Service (MaaS) platform
– Monthly subscription cost: $3,000
– Active since June 2024
Technical Capabilities:
– Keylogging
– Fake login page overlays
– SMS/OTP interception
– Remote device control via VNC
– Exploits Android Accessibility Services
Distribution & Impact:
– 776 confirmed infections across UK, Italy, France, Turkey, and Germany
– 17 identified affiliate groups
– Disguises as legitimate apps (Chrome, Play Store, Android Security)
– Targets major platforms including Binance, KuCoin, BBVA, Unicredit, Santander
Security Recommendations:
1. Download apps only from Google Play Store
2. Review app permissions carefully
3. Keep Play Protect active
4. Be wary of Accessibility Service requests
Current Status:
– Under active development
– Expanding to new regions, including Latin America
– Turkish origin developers
– Provides complete infrastructure for affiliates