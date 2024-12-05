In a cyber attack we have to be aware that the main objective of scammers is to get hold of both our personal and banking data. To do this, they usually resort to techniques such as making us fill out a false form with all this information, posing as a known entity that does not raise suspicion, whether it is the Treasury or the DGT.

But for their deception to work, it is essential that the victim bites and is the one who provides this information. But as technology evolves and develops new features and capabilities, The tools that cybercriminals have also do so and become even more effective and sophisticated.

Now, a group of researchers have discovered a new ‘malware’ called DroidBot integrated more than 70 banking applications, cryptocurrency exchange services and related entities for the Android operating system and downloaded in Spain, the United Kingdom, Italy, France and Portugal.

DroidBot is a sophisticated remote access trojan (RAT) that combines Virtual Network Computing (VNC) remote screen sharing with features typically associated with spy software. To lure victims into downloading this malware, cybercriminals disguise the virus as generic security applications, Google services, or popular banking apps.

This threat, warned by the Cleafy TIR security team in late October 2024, includes a ‘keylogger’ and monitoring routines. That way, once it has been installed on the device, can intercept incoming SMS messages from financial institutions, such as when they send transaction authentication numbers, and user interactions with the screen. Thanks to this, cybercriminals They can steal both your personal information and credentials.

The campaign has been linked to Türkiye, although as we said, cybercriminals “have successfully targeted” users in Spain, United Kingdom, Italy, France and Portugal; and that there are indications that it will expand in regions of Latin America hiding this DroidBot in more than 77 banking applications, cryptocurrency exchanges, government entities and other related national organizations.