Herodotus has emerged as a sophisticated Android banking trojan, employing unique strategies to avoid detection. Discovered during a routine monitoring of malicious distribution channels, it combines elements from the Brokewell malware family with original code to create a distinct threat. This malware operates on a complex infection chain, initiating with side-loading and potentially using SMiShing campaigns to lure victims into downloading malicious software.
Once installed, Herodotus bypasses Android 13+ restrictions on Accessibility Services through a custom dropper. It prompts victims to grant dangerous permissions while masking its actions with a deceptive loading screen. Notably, it mimics human typing patterns during attacks, inputting text character by character with randomized delays to bypass behavioral detection systems. This level of sophistication highlights the evolving challenges in mobile security, particularly against adaptive malwares like Herodotus that can evade traditional safeguards.
👉 Pročitaj original: Cyber Security News
