Android users across Europe have been targeted with attacks involving a more sophisticated iteration of the DoubleTrouble banking trojan, Infosecurity Magazine reports.
Threat actors have harnessed Discord-hosted APKs instead of bank-spoofing phishing sites for the stealthier deployment of the updated version of DoubleTrouble, which enables not only real-time screen recordings and accessibility event monitoring-based keylogging but also phishing and bogus lock screen overlays facilitating PIN and credential exfiltration, and the blocking of banking and security apps, according to a Zimperium report. Multiple commands have been leveraged to facilitate tap simulation, fake UI elements, and data exfiltration from banking apps, cryptocurrency wallets, and password managers to a remote command-and-control server while evading multi-factor authentication, said researchers. Individuals and financial entities have been warned of the emergence of a more advanced version of DoubleTrouble, which researchers noted to be indicative of increasingly adaptive and persistent mobile security threats.
Threat actors have harnessed Discord-hosted APKs instead of bank-spoofing phishing sites for the stealthier deployment of the updated version of DoubleTrouble, which enables not only real-time screen recordings and accessibility event monitoring-based keylogging but also phishing and bogus lock screen overlays facilitating PIN and credential exfiltration, and the blocking of banking and security apps, according to a Zimperium report. Multiple commands have been leveraged to facilitate tap simulation, fake UI elements, and data exfiltration from banking apps, cryptocurrency wallets, and password managers to a remote command-and-control server while evading multi-factor authentication, said researchers. Individuals and financial entities have been warned of the emergence of a more advanced version of DoubleTrouble, which researchers noted to be indicative of increasingly adaptive and persistent mobile security threats.
