Researcher Uncover Android Trojans Steal Data
Cybersecurity researchers uncovered two new Android threats, BankBot-YNRK and DeliveryRAT, that steal sensitive financial data. These malicious programs secretly harvest personal information, run hidden commands, and bypass security defenses on targeted devices. Both have been active since mid-2024, showing how mobile attacks continue to evolve rapidly.
How BankBot-YNRK Works
Researchers found that BankBot-YNRK disguises itself as a fake government identity app. However, once installed, it silently collects device information and disables alert sounds. Therefore, users remain unaware of incoming messages or suspicious activity.
The malware checks if it’s running on a real phone or an emulator. It also targets devices from specific manufacturers, such as those using customized Android systems. This allows it to fine-tune its actions for maximum impact.
Moreover, the trojan connects to a remote server to receive commands. It then asks users to enable accessibility permissions, gaining control to perform malicious tasks like reading messages, stealing contact lists, and capturing on-screen information. However, newer Android versions, such as Android 14, block this behavior, limiting its spread to older devices.
Advanced Features of BankBot-YNRK
BankBot-YNRK uses Android’s JobScheduler to stay active even after reboot. It can take photos, copy clipboard data, and redirect calls. In addition, it impersonates trusted apps like Google News to appear legitimate.
For example, it can display fake messages claiming user data is under verification while stealing credentials. Therefore, users might unknowingly approve additional permissions or financial transactions. The malware also targets over 60 banking and crypto apps, automating actions to drain funds.
DeliveryRAT Targets Users Through Fake Apps
The second threat, DeliveryRAT, is spreading through fake apps posing as delivery or banking services. These malicious apps are shared through phishing messages or social media. Once installed, they request permissions to access notifications and SMS messages, allowing continuous background activity.
Furthermore, the malware hides its icon, making removal difficult. Some variants can even launch DDoS attacks or trick users into scanning malicious QR codes. Researchers revealed that the malware is offered as a service to cybercriminals through private chat platforms.
Growing Threat from Fake Financial Apps
Recent studies also uncovered hundreds of fake Android apps abusing near-field communication (NFC) features. These apps steal payment data and send it to remote servers or private chat channels. Attackers then use this data to make unauthorized transactions almost instantly.
These incidents highlight how mobile users remain prime targets for financial fraud. Therefore, awareness and device protection have become more critical than ever.
How to Stay Protected
To prevent such attacks, users should install apps only from official stores and keep their systems updated. Security monitoring tools can detect fake apps, block phishing pages, and prevent data theft. Regular system scans and phishing detection features can also identify trojans before they cause harm.
With professional mobile protection services, organizations can secure Android devices, manage app permissions safely, and monitor abnormal activity across their network.
Sleep well, we got you covered.
