skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

DroidBot Android Trojan Targets Banks and Exchanges

/ 1 min read

New Android Trojan DroidBot Targets Banking Institutions. A recently discovered Android remote access trojan (RAT) named DroidBot has targeted 77 banking institutions and cryptocurrency exchanges, utilizing advanced techniques such as hidden VNC and overlay attacks. Identified by Cleafy researchers, the malware operates under a malware-as-a-service (MaaS) model, charging affiliates $3,000 monthly for access. It has been active since at least June 2024, primarily affecting users in Europe, with malicious apps disguised as legitimate security and banking applications. DroidBot employs dual-channel communication, using HTTPS for command reception and MQTT for data transmission, enhancing its operational resilience. The origins of the threat actors remain unclear, though analysis suggests they are Turkish speakers.