Herodotus: New Android Malware Mimics Human Behavior to Bypass Biometric Security

A sophisticated new Android banking Trojan named Herodotus has emerged as a significant threat to mobile users, introducing a novel approach that deliberately mimics human typing patterns to evade behavioral biometrics detection systems.

The malware’s sophisticated approach to avoiding detection marks it apart from conventional banking Trojans, incorporating randomized time intervals between text inputs—ranging from 300 to 3,000 milliseconds—to simulate authentic user behavior.

Discovered by ThreatFabric’s Mobile Threat Intelligence team during routine monitoring of malicious distribution infrastructure, Herodotus represents a concerning evolution in Device-Takeover attacks, now available as a Malware-as-a-Service offering under development by threat actor “K1R0.”

This deliberate humanization of automated actions suggests that cybercriminals are actively working to circumvent increasingly intelligent fraud detection systems that analyze behavioral patterns and keystroke dynamics.

Herodotus operates through a multi-stage infection chain beginning with SMiShing campaigns distributing dropper applications.

Once installed, the malware requests ...