- Doubletrouble Malware is now hosted at Discord
- Malware still makes up as a European bank so users pases on
- It comes with screen recording, “Advanced” Keylogging and new UI
Notorious Android Banking Trojan Doubletrouble is now distributed through Discord host-APPKs, researchers have said warning users of a “disturbing trend” against social media platforms used as delivery channels for malware.
Doubletrouble is a well-known bank Trojan, named after its ability to prevent static analysis by assigning “nonsensical two-word combinations” to its methods and class names.
In the early days, Malware was distributed via spoofed sites of European banks and contained basic functionalities such as overlay to steal bank information, the ability to capture information on lock screen and keylogging.
A growing mobile threat
However, new findings from Zimperium’s ZLAB’s security team claim that malware developed, not only in its Infostealing capacities, but also in how it is distributed.
The newly observed variants also come with screen recording, “advanced” keylogging and new UI -overlay capabilities designed to steal credentials and manipulate infected devices.
As for delivery, Doubletrouble is still running fake sites, but Malware itself is hosted in Discord channels.
Once the app is installed, it implements the actual malware in the form of an extension or an addition. It also uses the Google Play icon to hide in ordinary vision and seems reliable.
The last step is to ask for accessibility services that give it the opportunity to steal all the necessary information. This is also the usual red flag for Android-borne malware and should always raise suspicion with users.
“When attackers switch to mobile-first strategies and use dynamic delivery methods as a discord to avoid traditional defense, organizations need real-time, protection on one of the devices,” said Kern Smith, VP for Solutions Engineering at Zimperium.
“Doubletrouble is a sharp reminder that mobile threats are growing more evasive and more dangerous and targeting everything from banking information to cryptocurrency.”
As usual, the best way to defend against this type of attack is only downloading apps from official storage sites and keeping the device protected with Play Protect and Android Security Solutions.
