Since June 2024, a new malware called DroidBot attacks Android smartphone users, putting the bank accounts of many Europeans at risk. Designed as a tool for high-level fraudthis sophisticated malware has already infiltrated thousands of devices, notably in France, the United Kingdom and Italy.
An attack on an international scale
DroidBot, developed by Turkish hackers, is marketed as a service de type Malware-as-a-Service (MaaS). Accessible for around $3,000 per month, it has attracted at least 17 affiliated cybercriminal groups. These target 77 financial entities and institutions, including cryptocurrency platforms like Binance or Krakenand several major French banks:
- BNP Paribas
- Credit Agricole
- Société Générale
- Savings Bank
- Boursoramaand many others.
Spain, Portugal, France and Germany are among the most affected countries. Approximately 776 devices Compromises have been identified so far.
A formidable hacking method
DroidBot installs discreetly on smartphones by masquerading as popular applications such as Google Chrome or the Google Play Store. Once activated, it uses the Android accessibility services to take full control of the device. Its features include:
- Keylogging : records keystrokes to steal credentials.
- Interception SMS : captures authentication codes sent by banks.
- Overlay windows : displays fake banking interfaces to steal information.
- Remote control : Allows hackers to interact with the device as if they had physical access to it.
Thanks to an administration panel, cybercriminals can personalize their attacks and coordinate their actions via secure communication channels such as protocole MQTT.
Security vulnerabilities exploited
DroidBot's success is based on its ability to bypass security systems using advanced obfuscation techniques and a encryption of exchanged data. The malware's developers, believed to be based in Türkiye, continue to improve its functionality, suggesting future expansion, particularly to Latin America.
How to protect yourself
Faced with this threat, Android smartphone users must be extra vigilant. A few simple measures can reduce the risks:
- Avoid app installations outside of the Play Store.
- Disable excessive permissions requested by suspicious apps.
- Update your operating system and applications regularly.
- Monitor your bank accounts for unusual activity.
Experts also call on financial institutions to strengthen their detection systems and raise awareness among their customers.
DroidBot is not just a technical threat. It is the reflection of a booming criminal economic model, where digital crime is professionalizing. This malware, far from being an isolated case, could mark a new era in the world of cybercrime.
In summary
- DroidBot is sophisticated Android malware active since June 2024, targeting 77 financial entities, including 8 major French banks (BNP Paribas, Société Générale, Crédit Agricole, etc.).
- This malware is offered in the form of Malware-as-a-Service (MaaS) for $3,000 a month, attracting at least 17 criminal groups.
- Techniques used : keylogging, SMS interception, fake overlay windows and remote control via Android accessibility services.
- France, the United Kingdom, Italy and Spain are the most affected countries with almost 776 devices infected.
- To protect yourself: avoid apps outside the Play Store, monitor permissions and keep software up to date.
https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation
