'Herodotus' Android Trojan Mimics Human Sluggishness

Trojan Poised for Use in Campaigns Across the Globe Greg Sirico • October 28, 2025

A new banking Trojan can outsmart basic behavioral detection systems that look for machine behavior by introducing randomized pauses meant to mimic human users, warn mobile security researchers.

See Also: Build a Zero Trust Roadmap for FinServ

Android malware advertised as "Herodotus" by its apparent developer on cybercrime forums injects a randomized pause of up to three seconds whenever a hacker bypasses the keyboard on an infected device to enter account credentials.

Hackers prefer to use Android accessibility services to paste in text rather than engage in remote hands-on keyboard sessions, where bad connections, a misaligned screen image or fat fingers can introduce error. But exploiting accessibility services or using the device clipboard to paste in credentials "can look suspicious and machine-like, raising the question of whether there is a real user interacting ...