- Doubledlable malware is now hosted on Discord
- Malware always arises as a European bank, so users are wary
- It comes with screen recording, “advanced” keylogging and new superposition capacities of the user interface
The infamous Banking Android Trojan DoubleTrouble is now distributed through APK hosted by Discord, said researchers, warning users of a “disturbing trend” to social media platforms used as delivery channels for malware.
DoubleTrouble is a well -known bank Trojan horse, named after its ability to hinder static analysis by attributing “two -words absurd combinations” to its class methods and names.
When it comes, malware has been distributed via usurped websites of European banks and contained basic features such as superimpositions to steal banking identification information, the possibility of capturing information on the lock screen and Keylogging.
A growing mobile threat
However, the new discoveries of the Zlabs security team from Zimperium claim that malware has evolved, not only in its infostability capacities, but also in the way it is distributed.
The recently observed variants are also delivered with screen recording, “advanced” blogging and new superposition capacities of the user interface designed to steal identification information and manipulate infected devices.
As for delivery, DoubleTble always manages false websites, but malware itself is hosted in the Discord channels.
Once the application is installed, it deploys real malware in the form of an extension or a complementary module. He also uses the Google Play icon to hide in sight and seems trustworthy.
The last step is to request accessibility services authorizations, which give it the opportunity to steal all the necessary information. It is also the usual red flag for malware transmitted by Android and should always support suspicions with users.
“While attackers go to strategies first mobile and use dynamic delivery methods as discord to escape traditional defenses, organizations need real-time protection on devices,” said Kern Smith, vice-president of solutions engineering at Zimerium.
“Doubletroble is a brutal reminder that mobile threats become more elusive and more dangerous, targeting everything, from bank references to cryptocurrency wallets.”
As usual, the best way to defend yourself against this type of attack is to download only applications from official benchmarks and keep the device protected by Play Protect and Android Security Solutions.
