A new Android malware family called Herodotus employs random delays in its input routines to mimic human behavior and evade detection. It is offered as a malware-as-a-service and is being used in SMS phishing campaigns targeting users in Italy and Brazil. #Herodotus #AndroidMalware #ThreatFabric #Brokewell
Keypoints
- Herodotus malware uses random delay injections to simulate human input actions.
- The malware is distributed via SMS phishing links that install a dropper app.
- Herodotus can bypass Android 13 Accessibility permissions to interact with user interfaces.
- Includes a βhumanizerβ feature to mimic natural typing delays and evade detection.
- Threat actors are actively deploying Herodotus across multiple subdomains in the wild.