Android users have been warned that this new threat can steal passwords by mimicking human interactions. Here’s what you need to know about Herodotus.
emergency security updatesfor Chrome browser users as well. Now, harking back to credential-stealers once more, comes the confirmation of a new threat to Android users in the shape of the Herodotus malware that can bypass biometric detection by mimicking human behavior.
Here’s what you need to know. Newly published research from mobile threat intelligence specialists ThreatFabric has confirmed that a nasty piece of Android malware called Herodotus can mimic human typing and other behaviors to steal passwords and financial credentials while bypassing biometric detection protections. “During routine monitoring of malicious distribution channels,” the ThreatFabric report stated, “the Mobile Threat Intelligence service discovered unknown malicious samples.” These turned out to be a new Android banking trojan by the name of Herodotus which,This is no idea threat or research that is confined to security research labs, either. Active attack campaigns have already been identified in Brazil and Italy, and there is no reason to suspect they will not spread further afield as the malware-as-a-service offering is currently being marketed on underground cybercriminal forums.What flags Herodotus as being different to other banking trojans, the report warned, is the ability to mimic human behaviour during remote control sessions. “The trojan deploys fake credential-harvesting screens over legitimate banking applications,” ThreatFabric said, “capturing login credentials and two-factor authentication codes through SMS interception.” But the text input automation during an attack employs “a novel technique where operator-specified text is split into individual characters, with each character set separately at randomized intervals.” This human-like typing, with random delays of set text events of between 300 to 3000 milliseconds between character input, can evade those biometric protection systems that measure such typing timing. “Android malware containing delays in input is not in itself uncommon,” Aditya Sood, vice-president of Security Engineering at Aryaka, told me, “as they’re typically implemented to allow targeted app UIs to respond to inputs.” But Sood warned that the random nature of the delays, in both frequency and duration, is problematic. “This is a novel technique, and while it's still under development, successful Brazilian and Italian phishing campaigns exemplify its dangerous potential.”
Infostealer Herodotus Android Security Android Credential Stealer Password Stealer Human Cybercrime Cyber Research
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Trump issues chilling warning to Putin after Russia tests new ‘invincible’ nuclear missileToday's Video Headlines: 10/27/25
Read more »
Ukraine Issues Russia New Long-Range Strike WarningRussia relies on revenues from oil production to help sustain its ongoing invasion of Ukraine.
Read more »
5 New iOS Features Android Users Wish They HadAlejandro got his start as a writer at his college newspaper, the North Texas Daily. Before graduating from college, he turned an internship at an outdoor startup into a full-time writing position.
Read more »
Tesla Chair Issues New Warning About Elon Musk’s FutureDenholm said the $1 trillion package is designed to retain and motivate Musk for at least another seven years.
Read more »
NYC adds new warning symbol to restaurant menus — and it's targeting your sweet toothFox News Channel offers its audiences in-depth news reporting, along with opinion and analysis encompassing the principles of free people, free markets and diversity of thought, as an alternative to the left-of-center offerings of the news marketplace.
Read more »
Microsoft’s Free Windows Upgrade Offer—New Deadline WarningDo not install this update — here’s why.
Read more »