Credit: Rita El Khoury / Android Authority
TL;DR
- A new Android banking Trojan called Herodotus mimics human behaviour, such as random keystroke delays, to evade detection tools.
- The malware employs device-takeover tactics, including the abuse of accessibility services, overlay attacks, and SMS interception.
- Fraud and security systems that rely only on input rhythm or speed may struggle to catch Herodotus, making deeper device-environment monitoring vital.
Researchers at cybersecurity firm ThreatFabric have identified a new Android banking trojan, dubbed Herodotus, that takes deception a step further by mimicking human behavior during remote-control sessions to avoid detection. The malware can intercept SMS messages to capture 2FA codes, deploy overlay pages to steal login credentials, and abuse accessibility services to log on-screen activity. Attackers can then use this access to navigate banking apps and initiate fraudulent transactions.
Don’t want to miss the best from Android Authority?