A rapidly evolving bank malware now has far greater capabilities to infect Android devices and steal personal information, according to researchers.

The cybersecurity firm Zimperium says the so-called DoubleTrouble trojan “has rapidly evolved in both its distribution methods and capabilities,” and is now permeating channels on the social platform Discord.

-->

“In its latest evolution, the malware has integrated several new and advanced features, significantly expanding its capabilities beyond earlier iterations. These enhancements enable more effective data theft, device manipulation, and evasion techniques.

The new functionalities include: displaying malicious UI overlays to steal PIN codes or unlock patterns, comprehensive screen recording capabilities, the ability to block the opening of specific applications, and advanced keylogging functionality.”

Researchers say the malware convinces users to download it by masking itself as an extension or an add-on, and it uses the Google Play icon to appear trustworthy.

It also manipulates device functionality by exploiting Android’s Accessibility Services, allowing it to block legitimate banking or security apps with misleading “system maintenance” prompts.

In addition, the malicious software simulates user actions like taps and swipes, allowing attackers to remotely control infected devices and steal data, including passwords and banking details, with alarming precision.

The trojan’s attacks are ongoing, primarily targeting users in Europe through phishing websites and Discord-hosted APKs. Specific victim counts remain unknown at time of publishing.

Follow us on X, Facebook and Telegram