Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

BankBot-YNRK and DeliveryRAT Android trojans

Malware Activity
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

Researchers uncovered BankBot-YNRK and DeliveryRAT Android trojans that steal sensitive data from compromised devices, increasing risk for mobile banking and payment users. BankBot-YNRK impersonates a legitimate app, evades analysis, and abuses accessibility services to harvest device and financial information. DeliveryRAT has been sold as malware-as-a-service since mid-2024 and is distributed through Telegram-based lures aimed at Russian Android users. Together, the families show how mobile trojans are being used to support credential theft, unauthorized actions, and broader fraud.

Related Happenings

Grandoreiro and BTMOB banking trojan activity targeting Windows and Android

Malware Activity
First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: The **Grandoreiro** and **BTMOB** trojans are being used in active campaigns against **Windows** and **Android** targets across **Europe** and **Latin America**, increasing the ri...

Open Happening

NGate malware trojanized HandyPay NFC-stealing variant

Malware Activity
First: 21.04.2026 12:00 Last: 21.04.2026 12:00 Sources 1

About this happening: A **new NGate variant** is stealing **NFC payment data** from **Android users in Brazil**, raising the risk of **unauthorized purchases** and **ATM cash withdrawals**. The malware...

Open Happening

FakeWallet Apple App Store wallet-stealing apps

Malware Activity
First: 21.04.2026 00:52 Last: 21.04.2026 00:52 Sources 1

About this happening: The **FakeWallet** app set turned the **Apple App Store** into a delivery channel for **26 malicious wallet lookalikes**, putting crypto holders at risk of account takeover and th...

Open Happening

Global mobile banking malware campaign targeting 1243 financial brands

Campaign
First: 19.03.2026 16:30 Last: 19.03.2026 16:30 Sources 1

About this happening: The **global mobile banking malware campaign** is expanding against **1243 financial brands** across **90 countries**, shifting fraud onto **user devices** and weakening tradition...

Open Happening

Perseus Android note-stealing and remote-control malware activity

Malware Activity
First: 19.03.2026 12:13 Last: 19.03.2026 12:13 Sources 1

About this happening: The **Perseus** Android malware is now being used to inspect user notes for secrets, creating theft risk for **passwords**, **recovery phrases**, and **financial data**. It is als...

Open Happening

Timeline

  1. 03.11.2025 13:14 2 articles · 6mo ago

    Researchers uncover BankBot-YNRK and DeliveryRAT Android trojans

    Initial Disclosure

    CYFIRMA described BankBot-YNRK as an Android trojan that evades emulation checks, targets specific devices, uses JobScheduler persistence, and contacts ping.ynrkone[.]top to harvest contacts, SMS messages, locations, installed apps, clipboard content, and financial data, while F6 said DeliveryRAT is an updated MaaS trojan distributed through the Telegram bot Bonvi Team and disguised as food delivery, marketplace, banking, and parcel-tracking apps for Russian Android users.

    Show sources
    Open in new tab