Android malware types like your gran to steal banking creds

A new Android malware strain, Herodotus, steals credentials, logs keystrokes, streams victims' screens, and hijacks input - but with a twist: it mimics human typing by adding random delays between keystrokes to evade behavioral fraud detection systems.

The trojan, named after the ancient Greek Father of History - or Father of Lies - includes pieces of banking malware Brokewell along with original parts, and has been used in device takeover attacks in Italy and Brazil, according to Dutch firm ThreatFabric's mobile threat intelligence team.

While the researchers haven't seen Herodotus used in any other active campaigns, the threat hunters did obtain overlay pages that mimic legitimate banking and cryptocurrency apps used in the US, UK, Turkey, and Poland. These fake screens overlay the real log-in screen when a user visits a banking app, and this allows the criminals to steal victims' credentials and financial details.

Plus, the developer behind Herodotus, who ...