Author

Topic: DroidBot - A Malware that targets crypto exchange and banking apps (Read 20 times)

hero member
Activity: 2870
Merit: 594
The thing is that his malware are in the market, as per the report it is being sold at 3,000 USD which makes it very dangerous as Malware as Service. And I do think that this malware is going to be improved by criminals to target more crypto exchanges and banking apps and could really spread to other parts of the world.

And it's very hard to distinguished as it being spread to be a security updates.

For sure most of us will not think twice about downloading specially if this involves updates on security of our PC or laptop. And then we download it without hesitation and it's going to be too late when later our accounts have been compromised and our crypto already stolen by this criminals.
hero member
Activity: 1344
Merit: 540
A malware called Droidbot, which is a modern rat has been discovered recently. this malware combines hidden VNC and overlay techniques and has a spyware capabilities. And what's make it dangerous is that it includes in it's target crypto exchanges and banking apps. It targets the following countries: United Kingdom, Italy, France, Spain, and Portugal, and there is a big possibilities that it might expand in Latin Americas too.

Mode of attack as a generic security applications like Google services or the banking apps itself.



And once it is in your system, it will harvest sensitive information,

Quote
SMS Interception: The malware monitors incoming SMS messages, often used by financial institutions to deliver transaction authentication numbers (TANs), allowing attackers to bypass two-factor authentication mechanisms.

Key-Logging: By exploiting Accessibility Services, DroidBot captures sensitive information displayed on the screen or entered by the user, such as login credentials, personal data, or account balances.

Overlay Attack: This approach involves displaying a fake login page over the legitimate banking application once the victim opens it to intercept valid credentials.
VNC-Like Routine: DroidBot periodically takes screenshots of the victim’s device, providing threat actors with continuous visual data that offers a real-time overview of the device's activity.

Screen Interaction: Leveraging the full potential of Accessibility Services, DroidBot enables remote control of the infected device. This includes executing commands to simulate user interactions such as tapping buttons, filling out forms, and navigating through applications, effectively allowing attackers to operate the device as if they were physically present.

Here are the targeted apps:





https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation

So just be careful when seeing emails about updating the security of your hardware or your OS. Just make sure that you are downloading on the legit websites before making any actions specially if we used our machines for our crypto related activities.
Jump to: