New Android Banking Trojans: BankBot-YNRK and DeliveryRAT
Android users are facing a new threat as researchers uncover two sophisticated banking trojans: BankBot-YNRK and DeliveryRAT. These malicious apps are designed to steal sensitive data and compromise user privacy.
BankBot-YNRK: Impersonating Government Apps
The BankBot-YNRK trojan has been deployed through APK packages that mimic official Indonesian government apps. It employs a multi-layered approach to ensure its success:
- Environment Detection: It checks for virtualized or emulated environments, making it harder to detect.
- Android Version Targeting: It specifically targets devices running Android 13 or older, utilizing tailored functionality.
- Data Harvesting: Once it gains access, it proceeds to harvest device data, manipulate audio volume, and exploit accessibility services.
DeliveryRAT: Spreading Through Popular Apps
F6 researchers reported an attack campaign targeting Russian Android users. DeliveryRAT malware was distributed through apps disguised as banking, food delivery, marketplace, and parcel tracking services.
- Access Request: The malware requests notification and battery optimization settings access, which is crucial for compromising SMS messages and call logs.
- Denial-of-Service: F6 researchers also discovered that DeliveryRAT allows for distributed denial-of-service (DDoS) attacks, further highlighting its destructive capabilities.
A Growing Concern
These findings come on the heels of a Zimperium report revealing the rise of NFC-exploiting malware that steals payment details. The increasing sophistication of these threats underscores the importance of staying vigilant and implementing robust security measures.
Stay Informed and Secure
As Android users, it's crucial to stay informed about the latest malware threats. Keep your devices and security software updated, be cautious of suspicious apps, and regularly review app permissions to protect your data and privacy.
