216.73.216.133

Investigation Report: Android/BankBot-YNRK Mobile Banking Trojan

· Published 31/10/2025 09:30 · Modified 31/10/2025 10:51

Export JSON

Essential information

Published
31/10/2025 09:30
Modified
31/10/2025 10:51
Tags
2025-10-31 android android/bankbot-ynrk banking trojan cryptocurrency theft overlay attacks
Related entities
7 observables, 1 malware, 1 others

Description

This report analyzes three APK samples identified as variants of the malware family. The malware exhibits sophisticated capabilities, including environment detection, persistence mechanisms, and extensive command-and-control functionalities. It abuses accessibility services to gain elevated privileges, automates UI interactions, and extracts sensitive data. The trojan can masquerade as legitimate apps, suppress audio notifications, and perform unauthorized operations on infected devices. It targets financial applications and cryptocurrency wallets, enabling credential theft and fraudulent transactions. The malware communicates with a C2 server, exchanging device information and receiving commands for remote control. Overall, represents a significant threat to users, particularly those using banking and cryptocurrency applications.

External references