New malware threatens Android users: bank data at risk!

New malware threatens Android users: bank data at risk!

New malware threatens Android users and their bank accounts. The malware, called Herodotus and developed by analysts at ThreatFabric, targets sensitive data using sophisticated techniques to avoid detection. This happens by imitating human behavior, which is particularly aimed at biometric security measures. According to Daily Hodl, Herodotus emulates human input through intentional delays between 300 and 3000 milliseconds and divides text input into Single character.

The main goal of this malware is to avoid being detected by anti-fraud solutions, which usually identify machine-like input speeds. Herodotus takes a novel approach in that it doesn't just want to steal static credentials, but rather is designed to persist in active sessions.

Spread and routes of infection

The distribution routes of the malware are currently the subject of intensive investigations. Initial indications point to SMiShing campaigns in which malicious links are sent via SMS. Herodotus has already gained a foothold in active campaigns in Brazil and Italy, where it has been notably spotted on apps such as Banca Sicura and Modulo Seguranca Stone. However, there are also overlay sites targeting crypto wallets and financial companies in the US, Turkey, UK and Poland.

Additionally, the malware manipulates device settings by exploiting Android accessibility. It can overlay screens with fake pages to trick unsuspecting users into entering their sensitive information.

Global risks

Despite current main activity in Brazil and Italy, Herodotus is expected to continue to develop and spread globally. Security experts are concerned about the potential impact of malware of this type, especially since it uses techniques from the previously identified malware family and is actively developing them. The threat posed by Herodotus could be significant for both individuals and businesses if not identified and addressed in a timely manner.