Herodotus, a new banking trojan, operates as Malware-as-a-Service, tricking users into downloading it outside the official Play Store. It exploits critical system permissions to perform banking operations directly on behalf of victims, marking a concerning evolution in mobile malware. The trojan spreads primarily through SMS phishing campaigns, tricking users into installing malicious APK files that request sensitive permissions including accessibility features.
Once installed, Herodotus employs overlay attacks to display fake screens on legitimate banking apps, facilitating credential theft and session hijacking. Its evasion tactics include a ‘humanization technique’ that mimics natural user behavior, making it difficult for modern detection systems to identify it. The malware captures screen content and keystroke data to monitor user activities in real-time. Despite being identifiable through basic web searches, traditional antivirus solutions fail to detect it, as they rely on known signatures and patterns. Effective defense requires recognizing multiple compromise indicators, revealing the active nature of the attack.
👉 Pročitaj original: Cyber Security News
