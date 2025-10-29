Newly emergent Herodotus Android banking trojan has been maintaining clandestine operations by copying human typing behavior, according to The Record, a news site by cybersecurity firm Recorded Future. Attacks with Herodotus in Italy and Brazil commenced with malicious SMS messages luring users into downloading an installer, which proceeded to overlay a bogus banking or payment interface on targeted apps for credential exfiltration, while capturing one-time passcodes and abusing Android's accessibility features, a report from ThreatFabric showed. However, Herodotus was found to have typed inputted characters separately at nearly 0.3 to 3-second intervals between keystrokes, instead of directly pasting details in form fields in a bid to conceal illicit activity. "Considering that the malware is still in an active development stage, we can expect Herodotus to further evolve and be used widely in global campaigns," said researchers, who urged the implementation of user behavior- and device environment-detecting fraud controls to combat the sophisticated trojan.
Human behavior exploited by novel Herodotus Android trojan for stealth
