Behind Random Words: DoubleTrouble Mobile Banking Trojan Revealed

SUMMARY :

A sophisticated mobile banking trojan, DoubleTrouble, has evolved in distribution methods and capabilities. Initially spread through phishing websites impersonating European banks, it now utilizes Discord channels for distribution. The malware employs advanced obfuscation techniques, abuses Android's Accessibility Services, and features screen capture, keylogging, and application blocking capabilities. It uses fake overlays to steal credentials and leverages sophisticated screen recording techniques. The trojan can block specific applications, implement a highly advanced keylogger, and execute a wide range of commands received from its Command and Control server. The malware's extensive functionalities enable credential theft, device manipulation, and persistent control over infected devices.

OPENCTI LABELS :

keylogger,android,discord,mobile banking trojan


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Behind Random Words: DoubleTrouble Mobile Banking Trojan Revealed