Press ESC to close

New DroidBot Android Spyware Targeting Banking and Crypto Users

Category Details
Threat Actors Believed to be a Turkish-speaking group; MaaS operation involves 17 affiliate groups.
Campaign Overview DroidBot is a sophisticated Android RAT operating on a Malware-as-a-Service (MaaS) model targeting financial institutions, banking users, and cryptocurrency exchange users.
Target Regions Europe (UK, Italy, France, Spain, Turkey, Portugal) with potential expansion to Latin America; customized for English, Italian, Spanish, and Turkish speakers.
Methodology Disguises as security/banking apps; exploits Android Accessibility Services; dual-channel communication via MQTT (outbound) and HTTPS (inbound).
Product Targeted Banking apps, cryptocurrency exchanges, and generic security applications.
Malware Reference DroidBot (Android spyware), MQTT protocol, Copybara, BRATA/AmexTroll trojans.
Tools Used DroidBot toolkit, hidden VNC, keylogger, overlay techniques, monitoring routines.
Vulnerabilities Exploited Android Accessibility Services exploitation.
TTPs Message interception, keystroke logging, screenshot capture, remote device control, dual-channel communication, credential theft, MaaS model for scalability.
Attribution Turkish-speaking group; shared techniques with previous trojans like Copybara and BRATA.
Recommendations – Avoid apps from unknown sources.
– Regularly update devices with security patches.
– Use reliable antivirus software.
Source Hackread

Read full article: https://hackread.com/droidbot-android-spyware-hit-banking-crypto-users/

Disclaimer: The above summary has been generated by an AI language model

Leave a Reply

Your email address will not be published. Required fields are marked *