BankBot-YNRK and DeliveryRAT: New Android Trojans Stealing Banking Data Exposed

Researchers have discovered two new Android malware strains named BankBot-YNRK and DeliveryRAT that are actively stealing users’ financial and personal information. These trojans were found disguised as legitimate applications and are spreading through deceptive downloads and fake app packages targeting Android devices.

BankBot-YNRK is a mobile banking trojan that hides inside apps pretending to be official or trusted services. Some versions even impersonate government or identity apps. Once installed, it asks users to grant Accessibility permissions, which allows it to control the phone’s interface and steal sensitive data like banking logins, OTPs, and contacts.

The malware also disables sound alerts and notifications to keep the victim unaware of its activities. It can create fake login screens on top of real banking apps, tricking users into entering their credentials. Reports confirm that the trojan mainly affects devices running Android 13 and older, since newer versions have stronger protection against Accessibility abuse.

The second threat, DeliveryRAT, is a remote access trojan that gives attackers full control over an infected device. It is often spread through fake parcel tracking, delivery, or food service apps. Once active, it collects contacts, messages, call logs, and device details, and can even execute remote commands sent by its operators.

Recent versions of DeliveryRAT also show the ability to hide their app icons and keep running silently in the background. Some samples can even perform distributed denial-of-service (DDoS) attacks, using infected devices to flood targets with traffic. This makes it both a data-stealing and disruptive threat.

Both malware types show how attackers are improving their social engineering skills. By using local languages, realistic app designs, and familiar services like banking or delivery apps, they manage to convince users to install them and grant risky permissions. This blend of deception and technical control makes them difficult to detect early.

Security experts recommend avoiding apps from unknown sources and reviewing app permissions before granting access. Accessibility and notification permissions should only be allowed for trusted apps. Devices should be kept updated, and users should rely on strong authentication methods that don’t depend solely on SMS codes.

The discovery of BankBot-YNRK and DeliveryRAT highlights the increasing danger of mobile malware. Phones now hold financial, personal, and business data that attract cybercriminals. Staying alert, avoiding suspicious downloads, and following safe mobile practices are the best defences against these evolving threats.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news