Activity of novel DroidBot Android trojan ramps up

BleepingComputer reports that nearly 20 threat operations have already leveraged the newly emergent Turkish Android banking malware-as-a-service platform DroidBot — which seeks to compromise credentials from 77 banking and cryptocurrency apps, including BBVA, Santander, Binance, and KuCoin — to create payloads that have already infected 776 devices in France, Germany, Italy, Turkey, and the UK.

Malicious apps spoofing the Google Chrome, Google Play Store, and Android Security apps have been leveraged to lure targets into downloading DroidBot Android banking trojan, which not only enables keystroke logging and fake login page overlaying but also facilitates the interception of incoming text messages, especially those with banking one-time passwords, and remote device viewing and control through a Virtual Network Computing module, according to a report from Cleafy. Further analysis revealed that DroidBot also provided affiliates with a comprehensive malware builder, admin panel, and command-and-control server access, enabling usage even among less sophisticated threat actors.