Behind Random Words DoubleTrouble Mobile Banking Trojan Revealed

Executive Summary

Over the past few months, our zLabs team has been actively tracking a sophisticated banker trojan strain that has rapidly evolved in both its distribution methods and capabilities. Initially, this threat was spread through phishing websites impersonating well-known European banks. Early variants of the trojan primarily utilized overlays to steal banking credentials, captured lock screen information, and featured keylogging functionality.

In its latest iteration, the trojan’s distribution strategy has shifted, now leveraging bogus websites that host malware samples directly within Discord channels. This evolution in delivery is accompanied by an expansion of the malware’s capabilities, which now incorporate advanced features such as screen capture and a variety of new commands. To date, our team has collected 25 samples of the previous variant and 9 samples, encompassing both droppers and payloads, from this ongoing campaign.

To read the complete article see: Zimperium Article