A new Android malware is making rounds and attempting to steal information from unsuspecting users and installs.
Being classified as DroidBot, it’s a Remote Access Tool (RAT) utilized in a Malware-as-a-Service (MaaS) model and being used by hacking affiliated groups. Malware-as-a-Service is a subscription model used by hackers and cybercriminals selling their specialized tools and services to other hackers.
Researchers at Cleafly analyzed the DroidBot operation, finding 17 groups utilizing the tool and targetting aimed at countries in Europe. They also see evidence of operations eventually being aimed at countries in Latin America.
They work by masking as authentic, popular applications, such as Google services or Chrome, or popular finace applications, Binance, Santander, among others.
However, it’s primary goal is stealing information in the background. It requests excessive permissions, and accessibility services, further cementing the malicious tools to steal your sensitive personal information. This includes:
- SMS messages, which usually included OTP codes (one-time login codes), keylogging (capturing information on screen and typed in)
- overlay attacks (showing fake login pages over legitimate finance applications to capture logins)
- full control of the phone, allowing full phone interaction through command execution as if they were using)
In a deep analysis of one botnet by Cleafly researches, intercepted communications showed effects of over 700 devices affected in UK, Italy, France, Turkey, Germany.
Malware and MaaS (malware-as-a-service) models and hacking is becoming more prevelant, as the world grows with mobility and technology. When installing apps on your Android smartphone, make sure your downloading from the official Play Store, verify permissions for each app, and enable Play Protect, a security feature within the Play Store which regular scans your devices’ apps.
Leave a Reply