Cybersecurity researchers say a new piece of malware infecting Android devices mimics human tendencies to steal banking credentials and initiate account takeovers.
ThreatFabric analysts say the Herodotus trojan is designed to mirror human behavior and bypass behavioral biometric detection using code from a previously identified malware family.
The malicious software emulates human habits by purposefully delaying and splitting text input into individual characters to evade bot and automation detection tools and behavioral biometrics.
“Delay specified is in the range of 300 – 3000 milliseconds (0.3 – 3 seconds). Such a randomisation of delay between text input events does align with how a user would input text. By consciously delaying the input by random intervals, actors are likely trying to avoid being detected by behavior-only anti-fraud solutions spotting the machine-like speed of text input…
It is under active development, borrows techniques long associated with the Brokewell banking Trojan, and appears purpose-built to persist inside live sessions rather than simply steal static credentials and focus on account takeover.”
Researchers say they are still investigating how the malware is distributed, believing it may involving SMiShing campaigns, which target individuals by sending text messages that contain a malicious link.
Herodotus also manipulates device functionality by exploiting Android’s Accessibility Services while overlaying screens with fake pages to steal banking credentials.
ThreatFabric analysts say they spotted Herodotus in active campaigns in Brazil and Italy involving apps named Banca Sicura and Modulo Seguranca Stone. While there are no active campaigns outside the two countries, researchers note that overlay pages used by Herodotus were seen targeting crypto wallets and exchanges as well as financial firms in the US, Turkey, the UK and Poland.
“Considering that the malware is still in an active development state, we can expect Herodotus further evolving and used widely in global campaigns.”
Follow us on X, Facebook and Telegram
Don’t Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Check Price Action
Surf The Daily Hodl Mix
 
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated Image: Midjourney
