DroidBot: Insights from a new Turkish MaaS fraud operation
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
DroidBot is an advanced Android Remote Access Trojan combining hidden VNC and overlay capabilities with spyware features. It uses dual-channel communication, transmitting data via MQTT and receiving commands through HTTPS. The malware targets 77 entities, including banks and cryptocurrency exchanges, in countries like the UK, Italy, France, Spain, and Portugal. Evidence suggests Turkish-speaking developers and a Malware-as-a-Service operation with 17 distinct affiliate groups. DroidBot is under active development, showing inconsistencies across samples. Its sophisticated features, diverse target list, and MaaS infrastructure make it a significant threat to financial institutions and government entities across multiple regions.
OPENCTI LABELS :
banking trojan,android,droidbot
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
DroidBot: Insights from a new Turkish MaaS fraud operation