An ultra-sophisticated malware called DroidBot and running rampant on Android smartphones is currently targeting 8 major French banks. Objective: siphon off their customers’ banking data.
Sophisticated software
Developed by Turkish cybercriminals, the malware is able to impersonate verified security applications or Google services by exploiting the B4A framework protocol. Used for the development of native Android applications, it allows it to bypass security rules.
Once installed, DroidBot manages to intercept banking validation SMS messages, record the user’s keystrokes on the keyboard, create fake connection interfaces and, worst of all, take control of the smartphone remotely. In this way, the cybercriminals who exploit it hope to steal the banking identifiers and passwords of their victimsin order to interfere in their bank account and potentially make transfers without their knowledge.
Which banks are targeted?
DroidBot is operated as Malware-as-a-Service (MaaS). In other words, cybercriminals can pay for access. Several big names in the French banking sector are targeted: Boursorama, Société Générale, CIC, LCL, Banque Postale, Crédit Mutuel and Banque Populaire. More generally, 77 distinct entities are targeted, spread across the United Kingdom, Italy, France, Turkey, Germany, Spain and Portugal.
“ A distinctive feature of DroidBot is its dual-channel communication mechanism: outgoing data from infected devices is transmitted using the MQTT protocol, while incoming commands, such as overlay target specifications, are received via HTTPS. This separation improves its operational flexibility and resilience “, explain the firm specializing in cybersecurity Cleafy, which uncovered the existence of DroidBot.
Actions to adopt
In operation since June 2024, the malware may soon gain new features. Customers of the targeted organizations are therefore advised to adopt several actions to protect themselves from potential data theft.
First, by exclusively downloading apps from official platforms like the Google Play Store, which offer stricter security controls and significantly reduce the risk of exposure to malware. The implementation of two-factor identification represents a second essential barrier against intrusions. But choose alternative methods to SMS.
Likewise, check your app permissions regularly, keep them consistently updated, avoid clicking on suspicious links, and carefully monitor your bank statements to quickly detect any abnormal activity.
- Ultra-sophisticated Android malware targets several institutions across Europe, including 8 French banks.
- Impersonating an ordinary application, it allows cybercriminals to steal valuable banking data.
- The malware called DroidBot is offered as Malware-as-a-Service (MaaS).
