Threat Fabric has discovered Herodotus, a new Android malware that uses human-like typing delays to evade detection during device takedowns and credential theft. The malware campaign targets financial institutions in Italy and Brazil, illustrating the evolving sophistication of banking malware-as-a-service tools. #Herodotus #K1R0 #AndroidBankingTrojan
Keypoints
- Herodotus is a sophisticated Android banking Trojan that mimics human input to evade detection.
- The malware operates as a malware-as-a-service (MaaS) offered by threat actors like ‘K1R0’.
- It employs overlays, screenshots, and SMS theft to perform full device takover and fraud activities.
- Herodotus uses MQTT protocol and new subdomains to maintain active campaigns in Italy and Brazil.
- The malware shares code overlaps with Brokewell and is under active development for global expansion.