Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

DroidBot Android Malware Targets 77 Apps

December 5, 2024
Reading Time: 2 mins read
in Alerts
DroidBot Android Malware Targets 77 Apps

DroidBot, a new Android banking malware, has emerged as a significant threat, targeting over 77 banking and cryptocurrency apps across regions like the UK, Italy, France, Spain, and Portugal. Discovered in December 2024 by Cleafy researchers, the malware has been active since June 2024 and operates as a malware-as-a-service (MaaS) platform. The creators, believed to be based in Turkey, offer affiliates a customizable toolkit for carrying out attacks, lowering the entry barriers for cybercriminals. At least 17 affiliate groups have been identified using the malware to tailor their payloads to specific targets, further increasing its reach.

DroidBot is primarily distributed through fake apps masquerading as trusted services like Google Chrome or Android Security. Once installed on a victim’s device, it begins its malicious activity by logging keystrokes, overlaying fake login pages, and intercepting SMS messages containing one-time passwords (OTPs). These tactics are designed to steal sensitive login credentials from targeted apps such as Binance, KuCoin, BBVA, Unicredit, and Metamask. The malware’s widespread activity has been observed in multiple countries, including the UK, Italy, and Spain, showing its capacity for significant global impact.

The DroidBot operation is built around a MaaS platform, where affiliates can access a builder tool, command and control (C2) servers, and a central admin panel to manage their operations. This system gives affiliates the flexibility to customize the malware for specific targets, including selecting different languages and C2 server addresses. The platform also includes extensive documentation and a Telegram channel for ongoing updates, making it an accessible tool for even low-skilled or inexperienced cybercriminals. The fact that multiple threat groups operate under the same infrastructure is a key feature of this MaaS platform.

In response to the growing threat, experts recommend that Android users take necessary precautions to protect themselves from DroidBot infections. Users are advised to download apps only from official sources like the Google Play Store and to carefully scrutinize permissions requested by apps, especially those requesting access to Android’s Accessibility Services. Enabling Play Protect is another essential step to ensure an additional layer of security. By staying vigilant and informed about potential threats like DroidBot, users can better safeguard their devices and personal information from this evolving malware.

Reference:

  • DroidBot Android Malware Targets 77 Banking and Crypto Apps Across Europe
Tags: Androidbanking malwareCleafyCyber AlertsCyber Alerts 2024Cyber threatsDecember 2024DroidBotFranceGoogle ChromeItalyMalwarePortugalSpainUK
ADVERTISEMENT

Related Posts

BatShadow Unleashes Go Vampire Bot

BatShadow Unleashes Go Vampire Bot

October 10, 2025
BatShadow Unleashes Go Vampire Bot

Hackers Exploit Service Finder Flaw

October 10, 2025
Redis Use After Free Bug Enables RCE

FileFix Attack Evades Security Tools

October 10, 2025
Hackers Abuse WordPress for Phishing

Hackers Abuse WordPress for Phishing

October 10, 2025
Hackers Abuse WordPress for Phishing

Severe Framelink Figma MCP Code Flaw

October 10, 2025
Hackers Abuse WordPress for Phishing

Android Spyware ClayRat Imitates Apps

October 10, 2025

Latest Alerts

BatShadow Unleashes Go Vampire Bot

Hackers Exploit Service Finder Flaw

FileFix Attack Evades Security Tools

Hackers Abuse WordPress for Phishing

Severe Framelink Figma MCP Code Flaw

Android Spyware ClayRat Imitates Apps

Subscribe to our newsletter

    Latest Incidents

    Crimson Collective Hits AWS Instances

    GitHub Copilot Chat Flaw Leaks Repo Data

    Microsoft 365 Outage Hits Services

    Dozens Hit in Oracle-Linked Hacks

    BK Technologies Admits Cyber Breach

    Chinese Hackers Hit Williams Connolly

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial