Herodotus Malware Targeting Android Users Behaves Like A Human To Avoid Detection

Cybersecurity experts are sounding the alarm over a new Android Trojan dubbed Herodotus, which is designed to deliberately slow down its own malicious activity to mimic the casual, imperfect behavior of a human user. Such behavior allows the malware to slip past a generation of security systems built to flag more rapid, robotic actions of traditional bots.

Detected by security firm Threat Fabric, Herodotus is a banking Trojan being advertised/sold on underground cybercrime forums. Similar to the Brokewell malware uncovered last year, Herodotus' ultimate goal is financial fraud, which it achieves by leveraging the Android accessibility services to create fake login overlays and steal credentials, as well as intercepting one-time passcodes (OTPs) via an SMS stealer. However, its true innovation lies in the subtle art of deception: the timing of its inputs.

Now, when a traditional Trojan gains access to a device and ...