Experts say the program can intercept SMS messages to obtain two-factor authentication (2FA) codes, create overlay pages to steal credentials, and use accessibility services to record screen actions. Attackers can use this access to navigate through banking applications and conduct fraudulent transactions. Along with the usual tricks of banking Trojans, Herodotus also uses a new trick — it imitates the user's real actions in order not to arouse suspicion. Malware operators use delays of 0.
3-3 seconds between individual keystrokes, making the automated session more human-like. Once introduced, the malware asks the victim to enable accessibility services and then runs an overlay that hides its actions while collecting credentials or money transfers. Herodotus even reports installed applications to the command and control server so that attackers know exactly when a victim opens a banking application and can activate a fake interface.
In this regard, Android users are once again recommended not to install applications outside the official Play Market, to keep the phone's security functions turned on and to periodically scan the gadget for the presence of malicious programs using Google Play Protect. It was also reported that Android smartphones were at risk. Hackers have come up with a technology that can steal data from Google and Samsung devices, and they managed to bypass even the installed protection.
English
Українська
USA
Français
Deutsch
Italiano
Polski
Čeština
Español
Slovensku
