Cybersecurity researchers have found two dangerous Android Trojans called BankBot-YNRK and DeliveryRAT. Both malware strains are designed to steal personal and financial information, putting millions of users at risk. These Trojans pretend to be a legitimate and safe app but quietly operate in the background to steal users’ data.

Security researchers uncover two Android Trojans, older Android versions at risk

The security researchers at CYFIRMA found BankBot-YNRK hidden inside fake apps named IdentitasKependudukanDigital.apk. The name suggests it was meant to imitate the Indonesian government’s official digital identity app. Devices running Android 13 or earlier are at a higher risk of infection.

Once this particular Trojan is downloaded, it silences phone alerts. It then collects personal information, device information, and other important credentials. It also connects the device to a dangerous server and requests accessibility permissions. Once connected, it can monitor activities, steal messages, contacts, location, clipboard content, and even redirect calls. The malware can also restart itself after a reboot using Android’s JobScheduler service.

The primary purpose of the BankBot-YNRK is to seal financial information. It targets as many as 62 banking apps and websites.

DeliveryRAT is another malware strain for data theft and DDoS attacks

A second thread reported by the researchers is DeliveryRAT. It is being spread across Russia through fake parcel-tracking, banking, and food delivery apps. Security firm F6 adds that “it’s sold as malware-as-a-service” on Telegram through a bot called Bonvi Team. Attackers convince users on Telegram to install these apps. It pretends to offer remote jobs or order-tracking links. Once installed, the malware would ask for notification and battery permissions so it can steal information and avoid being shut down.

DeliveryRAT can gather your SMS and call logs. It can also run silently by hiding its app icon from the home screen. Some versions are also capable of invoking targeted DDoS attacks. This discovery matches a report from Zimperium, which reveals that a lot of fake apps and services are being spread on Android devices that steal confidential information. These apps are mainly affecting users in Russia, Brazil, Poland, the Czech Republic, and Slovakia.

The post These Android Trojans Target Banking Apps & Digital Wallets—Millions at Risk appeared first on Android Headlines.