DroidBot, a Dangerous Banking Malware Puts Android Users at Risk
A group of cybersecurity researchers from Cleafy have discovered a new type of malware, called DroidBot, that could have put millions of Android users around the world at risk for months. This is a type of Trojan that can remotely access victims’ devices to carry out attacks to steal keys from banking apps, cryptocurrency exchange apps, and other similar services.
In their investigation, the experts were able to determine that DroidBot has been used by attackers since June of this year 2024, and that as of today, the Trojan is still in the development phase, although it has already been implemented in attack campaigns.
The malware is classified as a remote access Trojan (or "RAT"), and is equipped with spyware capabilities, including keylogging and user interface monitoring functions.
It is also capable of capturing information from the victim's device, including intercepting SMS messages or screenshots, and then sending them to the control server. All of this is encrypted to ensure the anonymity of the attackers.
In order to “infiltrate” victims’ devices, the Trojan pretended to be a legitimate app, and once installed, it abused Android’s access permissions to carry out its mission.
In total, 77 banking entities and cryptocurrency exchanges have been detected with the malware in its current state, but experts stress that since it is in the development phase, it is likely that the malware will cover a gradually increasing number with the aim of attacking as many victims as possible.
- How to protect yourself
Experts believe that despite being a malware that uses distribution methods, detecting it does not present much technical difficulty, and the vast majority of antivirus or malware detection services should be able to identify this Trojan without too many problems.
In any case, since the malware is mainly distributed through apps available in stores outside of Google Play, users are advised to be especially careful when downloading APK files from sources outside of the Google Play Store, or other stores that do not include security and threat detection systems.