A new type of Android malware called BankBot YNRK is spreading rapidly across devices, allowing attackers to take control of financial apps, read everything on the screen, and even automate cryptocurrency transactions. This threat is more advanced than typical mobile malware, using fake Android apps that appear legitimate when installed.
To spread, the malware hides inside fake digital ID tools or disguises itself as Google News. Once installed, it begins profiling the device by collecting details such as brand, model, and installed apps. It also maps known models to screen resolutions, which helps it tailor its behavior to specific phones.
The malware can silence audio and notification alerts, preventing victims from hearing incoming messages or calls that may signal unusual account activity. It then requests access to Accessibility Services, allowing it to interact with the device interface like a user. From there, it can press buttons, scroll through screens, and read everything displayed on the device.
BankBot YNRK sends device information and installed app lists to its remote server, then receives a list of financial apps to target. It uses this data to reconstruct a simplified version of any app’s interface and enter login details or confirm transfers. The malware can also set text inside fields, install or remove apps, take photos, send SMS, turn call forwarding on, and open banking apps in the background while the screen appears inactive.
In cryptocurrency wallets, BankBot YNRK acts like an automated bot, opening apps such as Exodus or MetaMask, reading balances and seed phrases, dismissing biometric prompts, and carrying out transactions. This malware can steal sensitive information, including OTPs, account numbers, and crypto keys, without needing passwords or PINs.
To stay safe from this threat:
1. Install strong antivirus software to detect suspicious behavior.
2. Use a data-removal service to shrink your digital footprint.
3. Only download apps from trusted sources, such as the Play Store.
4. Keep your device and apps updated with automatic security patches.
5. Use a strong password manager to create unique passwords for every account.
6. Enable two-factor authentication where possible.
7. Review app permissions and installed apps regularly.
By following these steps, you can reduce the risk of your phone getting compromised by BankBot YNRK and protect your financial accounts and cryptocurrency wallets from this advanced Android malware.
Source: https://www.foxnews.com/tech/new-android-malware-can-empty-your-bank-account-seconds