BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data
Summary
Hide ▲
Show ▼
Two Android trojans, BankBot-YNRK and DeliveryRAT, are stealing financial data from compromised devices. BankBot-YNRK targets Android devices running versions 13 and below, while DeliveryRAT is distributed as malware-as-a-service (MaaS) via Telegram. Both trojans use sophisticated techniques to evade detection and harvest sensitive information. BankBot-YNRK checks for virtualized environments and specific device models to ensure it runs only on real devices. It targets financial apps and uses accessibility services to perform malicious actions. DeliveryRAT, meanwhile, is advertised through a Telegram bot and targets Russian Android users, often masquerading as legitimate apps. Both trojans have been active since mid-2024, with BankBot-YNRK focusing on Android devices and DeliveryRAT targeting a broader range of apps and services.
Timeline
-
03.11.2025 13:14 1 articles · 7d ago
BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data
BankBot-YNRK and DeliveryRAT are two distinct Android trojans that have been actively stealing financial data from compromised devices. BankBot-YNRK targets Android devices running versions 13 and below, using advanced techniques to evade detection and harvest sensitive information. DeliveryRAT is distributed through a Telegram bot and targets Russian Android users, often disguising itself as legitimate apps. Both trojans employ sophisticated methods to maintain persistence and perform malicious actions, including using accessibility services and hiding their icons from the home screen. Additionally, over 760 Android apps have been found misusing NFC to steal payment data, further highlighting the ongoing threat to mobile security.
Show sources
- Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data — thehackernews.com — 03.11.2025 13:14
Information Snippets
-
BankBot-YNRK checks for virtualized environments and specific device models to ensure it runs only on real devices.
First reported: 03.11.2025 13:141 source, 1 articleShow sources
- Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data — thehackernews.com — 03.11.2025 13:14
-
BankBot-YNRK targets Android devices running versions 13 and below.
First reported: 03.11.2025 13:141 source, 1 articleShow sources
- Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data — thehackernews.com — 03.11.2025 13:14
-
BankBot-YNRK uses Android's JobScheduler service to establish persistence and supports a wide range of commands to gain device administrator privileges.
First reported: 03.11.2025 13:141 source, 1 articleShow sources
- Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data — thehackernews.com — 03.11.2025 13:14
-
DeliveryRAT is distributed as malware-as-a-service (MaaS) via a Telegram bot named Bonvi Team.
First reported: 03.11.2025 13:141 source, 1 articleShow sources
- Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data — thehackernews.com — 03.11.2025 13:14
-
DeliveryRAT targets Russian Android users, often masquerading as legitimate apps.
First reported: 03.11.2025 13:141 source, 1 articleShow sources
- Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data — thehackernews.com — 03.11.2025 13:14
-
DeliveryRAT can conduct distributed denial-of-service (DDoS) attacks and hide its own icons from the home screen launcher.
First reported: 03.11.2025 13:141 source, 1 articleShow sources
- Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data — thehackernews.com — 03.11.2025 13:14
-
Zimperium discovered over 760 Android apps misusing near-field communication (NFC) to steal payment data.
First reported: 03.11.2025 13:141 source, 1 articleShow sources
- Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data — thehackernews.com — 03.11.2025 13:14