BankBot-YNRK Malware Campaign Targets Android Users Worldwide, Draining Bank Accounts And Crypto …

The precarious landscape of mobile banking security has been breached, as a particularly insidious malware campaign, dubbed Android / BankBot-YNRK, has been targeting Android users worldwide, with a focus on draining the bank accounts of unsuspecting individuals. This malicious software, masquerading as legitimate apps, has been cleverly designed to infiltrate devices via fake Google News apps, duping users into downloading and installing them from untrusted websites or links.

Once inside, the trojan assumes remote control, siphoning financial data from over 60 targeted banking and financial apps globally, including prominent institutions in Vietnam, Singapore, Malaysia, India, and Indonesia, such as MoMo, DBS, SCB Mobile Banking, ICICI, and HDFC. The malware’s arsenal includes the ability to — Android’s accessibility services, automating UI interactions, capturing screen content, and executing fraudulent transactions with alarming ease.

This malicious entity has been found to compromise crypto wallets, including MetaMask, Exodus, and Trust Wallet, by scraping balances, seed phrases, and private keys. Its evasive maneuvers include muting notifications, logging device details, and persisting through job scheduling, all while enabling call forwarding and clipboard monitoring to pilfer sensitive credentials.