BankBot-YNRK and DeliveryRAT Android Trojans stealing crypto wallets

[fullfitlarry]

Two new android malware has been recently discovered by cyber researchers and calling it BankBot-YNRK and DeliveryRAT. And it contains 3 android packages

• IdentitasKependudukanDigital.apk
• identitaskependudukandigital.apk
• identitaskependudukandigital.apk

And just like other trojan/malwares, this has the capability to check whether the device is running within emulation or in virtualized environment.

Also has the capability to check with OS you run or what kind of device you have. But for now, malware can only infect Android devices running version 13 or earlier. This is because Android 14, which was released in late 2023, added a new security feature that blocks the misuse of accessibility services to automatically request or grant extra app permissions.

And once it is installed then obviously it will listen to everything you have in your device, passwords, cryptocurrency keys, or other personal information without the user’s knowledge or consent.



https://www.cyfirma.com/research/investigation-report-android-bankbot-ynrk-mobile-banking-trojan/

So again, this is just another reminder for us, not to trust anything we see in Google Play Store.

[promise444c5]

Related to older versions of of Android, that’s why it’s necessary to keep your OS versions upto date.. Apart from UI and likes, updates are mainly done to fix bugs, security issues that could put the device running such OS at risk.  
This will affect mainly devices  that didn’t upgrade or couldn’t upgrade because of their hardware(yeah…. some hardwares can can’t take beyond version 13 for Android).
Hence, those apps that you listed are only targets and not the ones containing the malware, judging from your last statement.. I’m not saying we should blindly trust Google play apps either..

[knowngunman]

And once it is installed then obviously it will listen to everything you have in your device, passwords, cryptocurrency keys, or other personal information without the user’s knowledge or consent.
So again, this is just another reminder for us, not to trust anything we see in Google Play Store.

One more reason why it's not advisable to save passwords on your device. Your device note, Gmail and drive can be accessed by other apps either with your permission or without your permission (through malware or other malicious means). Repeatedly, we've been saying this that Google is not after your security, they are simply after their own profits by allowing anyone to upload app on their platform without rigid scrutiny.

Can we now see the importance of phone upgrading? Some people use phone for as long as possible thinking they're economical and financially wise without realising the older the phone, the more vulnerable it becomes. There's a reason for the upgrade and that includes the security feature on the device. If you can not get the latest version of the device, please do a regular update.

[DubemIfedigbo001]

Related to older versions of of Android, that’s why it’s necessary to keep your OS versions upto date.. Apart from UI and likes, updates are mainly done to fix bugs, security issues that could put the device running such OS at risk. 
This will affect mainly devices  that didn’t upgrade or couldn’t upgrade because of their hardware(yeah…. some hardwares can take beyond version 13 for Android).
Hence, those apps that you listed are only targets and not the ones containing the malware, judging from your last statement.. I’m not saying we should blindly trust Google play apps either..

Sometimes it's best to move with the trend, Change your devices which are no longer meeting up with necessary security fixes to better ones if you're funded. Some people have the habit of continuing to use devices until it stops functioning which isn't the best.

Google play houses lots of duplicate apps with backdoor to scam. More reason why it's always better to download these apps from their official sites and not necessarily on app stores so as to get the original versions of it.

[albon]

From what I read in the article link shared by OP , this Trojan can disguise itself as a legitimate application like Google News to further deceive users. This Trojan is indeed dangerous because it can remotely gain full control of the infected device, execute unauthorized transactions through the victim's wallets, extract a lot of sensitive data, and even manage applications.

Therefore, this is an important warning for beginners, especially Android users. We must ensure that we download the official application because this Trojan targets financial applications such as banks and apps related to money transfers and cryptocurrencies. This sector is targeted by scammers using all sorts of tactics, so we must be caution when installing any application and not consider Google Play is a completely safe source for apps, as many applications are infected with such Trojans. We must check the developer's name and the application's ratings , and avoid downloading any app hastily, particularly financial apps and wallets.

[DYING_S0UL]

Wtf, I just glances through the article you provided, and the amount of permission these apps has access to is literally insane. From administrator app to accessibility privileges to running various services to clipboard access even call forwarding, you name it and it already got in. It's an arsenal of exploits. Btw, how are these apps are distributed again? You mentioned play store but the article didn't mention it? Anyway, thank dear God that, I'm using the latest Android version, or else I could have been the next victim. 

[promise444c5]

Google play houses lots of duplicate apps with backdoor to scam. More reason why it's always better to download these apps from their official sites and not necessarily on app stores so as to get the original versions of it.

Most will actually redirect you back to Google Play if there’s an official app there, but now it’s directly to the genuine app so there won’t be any mistakes of downloading an impersonating app on the Play Store. Apart from this, downloading directly from their website will require you to enable installation from unknown sources, which could be quite dangerous unless there’s a  secure way to verify the authenticity of the app like how Electrum and the likes do before installation.