Two new Android Trojans seriously threaten banking apps and digital wallets

In the panorama of cyber dangers to defend against such as viruses and malware, some represent a much more serious threat than others and this is often the case with trojanthe most dangerous microcategory among malware, capable of causing serious damage especially if programmed to steal banking credentials and financial data.

Well, some security experts have identified two particularly insidious malware variants for Android users. It’s about BankBot-YNRK And DeliveryRATtwo Trojans that they masquerade as legitimate apps to steal personal and financial information, putting millions of devices around the world at risk. Let’s clarify.

BankBot-YNRK pretends to be a government app to steal sensitive data

According to the CYFIRMA team, the BankBot-YNRK trojan was discovered inside a fake app called IdentitasKependudukanDigital.apka name designed for imitate the official app of the Indonesian government dedicated to digital identity. The malware mainly affects devices with Android 13 or earlier versions, which are more vulnerable to its intrusion techniques.

Once installed, the trojan disables your phone’s notifications and starts to silently gather a wide range of information such as personal data, device details, messages, contacts, location, clipboard contents and even ongoing calls. Everything is sent to a remote server controlled by hackers, to which the app automatically grants accessibility permissions, allowing continuous monitoring of the user’s activities without the user noticing almost anything.

BankBot-YNRK is primarily designed for steal banking and financial credentials. According to researchers, the malware is able to recognize and attack over 60 banking applications and websites. Once installed, it can persist even after a device reboot, using the Android JobScheduler service to reactivate itself.

DeliveryRAT is the malware that spreads via delivery and tracking apps

The second threat identified is DeliveryRAT, a trojan spread mainly in Russia through fake apps for parcel tracking, food delivery and banks. According to security firm F6, the malware is sold as “malware-as-a-service” on Telegram via a bot called Bonvi Team.

Attacks begin with deceptive campaigns that invite users to download fake remote work apps or order tracking. Once installed, DeliveryRAT requires notification and battery permissions to avoid automatic termination and continue operating in the background.

This trojan can steal SMS, call logs and personal informationhiding its icon from the home screen to go unnoticed. Some versions are also capable of launching targeted DDoS attacks, transforming infected devices into actual nodes of a malicious network.

According to independent confirmation from the Zimperium portal, these fraudulent apps are mainly spread in Russia, Brazil, Poland, the Czech Republic and Slovakia, but could quickly expand to other countries through informal distribution channels.

How to defend yourself from these threats

The two malware campaigns highlight a trend in the field of cyber threats that hackers are exploiting the user trust in everyday appssuch as those for the bank or for deliveries. Infected apps often appear identical to the original ones, but operate in a sneaky way, stealing data and sending it to remote servers.

But how to defend yourself? The same experts who found the aforementioned trojans advise you to Download apps only from the Google Play Store or official sourcesavoid APK files coming from links or chats, and always check the permissions requested during installation.

Furthermore, keeping your operating system updated greatly reduces the chances of infectionas many vulnerabilities exploited by these malware have already been fixed in newer versions of Android. Therefore, the invitation is to always update your Android device even if the release does not bring with it obvious or substantial innovations, because it is often under the hood that cyber threats of this kind are kept at bay.