Behind Random Words: DoubleTrouble Mobile Banking Trojan Revealed
Essential information
- Published
- 01/08/2025 14:03
- Modified
- 01/08/2025 14:28
- Tags
- 2025-08-01 android discord keylogger mobile banking trojan
- Related entities
- 40 observables, 3 techniques (mitre), 1 malware, 1 others
Description
A sophisticated mobile banking trojan, DoubleTrouble, has evolved in distribution methods and capabilities. Initially spread through phishing websites impersonating European banks, it now utilizes Discord channels for distribution. The malware employs advanced obfuscation techniques, abuses Android's Accessibility Services, and features screen capture, keylogging, and application blocking capabilities. It uses fake overlays to steal credentials and leverages sophisticated screen recording techniques. The trojan can block specific applications, implement a highly advanced keylogger, and execute a wide range of commands received from its Command and Control server. The malware's extensive functionalities enable credential theft, device manipulation, and persistent control over infected devices.