Credit: Rita El Khoury / Android Authority
TL;DR
- A new Android banking Trojan called Herodotus mimics human behavior, such as random keystroke delays, to evade detection tools.
- The malware employs device-takeover tactics, including the abuse of accessibility services, overlay attacks, and SMS interception.
- Fraud and security systems that rely only on input rhythm or speed may struggle to catch Herodotus, making deeper device-environment monitoring vital.
Update, October 29, 2025 (11:03 AM ET): Google has reached out to Android Authority concerning this report, and a spokesperson shares a comment:
Based on our current detection, no apps containing this malware are found on Google Play. Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.