DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-like capabilities, such as keylogging and user interface monitoring.
Moreover, it leverages dual-channel communication, transmitting outbound data through MQTT and receiving inbound commands via HTTPS, providing enhanced operation flexibility and resilience.
The malware operates under a malware-as-a-service model for a monthly fee of $3,000, with 17 affiliate groups identified as paying for access.
Campaigns leveraging DroidBot have been primarily observed in various European countries, with malicious apps disguised as generic security applications and banking apps.
Collection
[
|
...
]