Investigation Report: Android/BankBot-YNRK Mobile Banking Trojan

Description

This report analyzes three Android APK samples identified as variants of the Android/BankBot-YNRK malware family. The malware exhibits sophisticated capabilities, including environment detection, persistence mechanisms, and extensive command-and-control functionalities. It abuses accessibility services to gain elevated privileges, automates UI interactions, and extracts sensitive data. The trojan can masquerade as legitimate apps, suppress audio notifications, and perform unauthorized operations on infected devices. It targets financial applications and cryptocurrency wallets, enabling credential theft and fraudulent transactions. The malware communicates with a C2 server, exchanging device information and receiving commands for remote control. Overall, Android/BankBot-YNRK represents a significant threat to Android users, particularly those using banking and cryptocurrency applications.