- Doubletrouble Malware is now housed in discord
- Malware still passes through a European bank, so users are careful
- It comes with screen recording, “Advanced” Keylogging and new User Interface Overlay Capabilities
The infamous Android Banking Trojan Doubletrouble is now being distributed through APKs hosted in discord, according to researchers, warning users of a “disturbing trend” towards social networks platforms that are used as malware delivery channels.
Doubletrouble is a well -known bank trly, called for its ability to hinder static analysis by assigning “non -meaning combinations of two words” to its class methods and names.
In its early days, malware was distributed through counterfeit websites of European banks, and contained basic functionalities, such as overlays to steal bank credentials, the ability to capture blocking screen information and keylogging.
A growing mobile threat
However, the new findings of the Zlobs of Zimperium ZLABs demand evolved malware, not only in their infotezing capabilities, but also in how it is being distributed.
The recently observed variants also come with screen recording, “advanced” Keylogging and new UI overlap capabilities designed to steal credentials and manipulate infected devices.
As for delivery, Doubletroub still executes false websites, but the malware itself is housed within the discord channels.
Once the application is installed, it implements real malware in the form of extension or a complement. He also uses the Google Play icon to hide in view and look reliable.
The final step is to request accessibility services permits, which gives you the ability to steal all the necessary information. This is also the usual red flag for malware transmitted by Android and must always generate suspicions with users.
“As the attackers change to mobile strategies and use dynamic delivery methods such as Discord to evade traditional defenses, organizations need real -time protection on the device,” said Kern Smith, vice president of Zimperium solution engineering.
“Doubletrouble is a marked reminder that mobile threats are becoming more evasive and more dangerous, directing everything, from bank credentials to cryptocurrency wallets.”
As usual, the best way to defend against this type of attack is to download only official repository applications and keep the device protected with Play Protect and Android Security Solutions.
