Since June, malware called DroidBot has been attacking Android smartphone users. Spotted by Cleafy cybersecurity experts, it targets clients of large French banks such as BNP Paribas, Société Générale, and Crédit Agricole. The hackers' objective is simple: recover your usernames and passwords to access your accounts and drain your money discreetly.
DroidBot, a virus for hire for hackers
The malware is distributed by Turkish cybercriminals who offer DroidBot in “Malware-as-a-Service” mode. In other words, for $3,000 per month, any hacker group can rent this virus and use it for their attacks. At least 17 gangs have already adopted this system.
To infect phones, DroidBot plays the trick card. It disguises itself as a legitimate application, such as Google Chrome, the Play Store or even a fictitious app called Android Security. These fake apps are usually downloaded via fraudulent APK files or links found on dubious sites.
Once installed, the malware becomes extremely intrusive. DroidBot:
- saves everything you type on the keyboard (like your passwords);
- intercepts your SMS to retrieve authentication codes;
- displays fake windows over your banking applications to trap your credentials;
- can remotely control your smartphone using Android accessibility services.
Hackers can then navigate the phone as if they had it in their hands, make transfers or steal other sensitive information.
DroidBot is not limited to France, but the country is among the most affected areas along with Germany, Italy and Spain. According to Cleafy, nearly 776 attacks have been recorded in several European countries since this summer. The French Banking Federation (FBF) wanted to be reassuring by explaining that this is not a flaw in the banking systems: the malware is installed directly by users on their devices.
« This is not a cyberattack against French banks or their applications, but malware that is installed by users on their phones without it having anything to do with a bank », Specifies the FBF.
DroidBot hackers don't lack ambition. They continue to improve their virus by offering regular updates, customer service on Telegram, and an administration panel to customize attacks.
To avoid unpleasant surprises, a few simple precautions are enough:
- never install applications from unknown sources;
- only use the Google Play Store to download your applications;
- be careful with questionable links or files, especially those sent by SMS or email;
- Always check the permissions requested by an application before installing it.
If in doubt, it is recommended to contact the bank to report any suspicious activity. DroidBot is yet another example of the growing sophistication of attacks targeting Android users. Staying vigilant and informed is essential today to protect your banking data.
???? To not miss any news on the Journal du Geek, subscribe on Google News. And if you love us, we have a newsletter every morning.
