Researchers Expose BankBot‑YNRK and DeliveryRAT, Android Trojans Posing as Trusted Apps

Overview

• CYFIRMA identified two active families, with BankBot‑YNRK embedded in fake Indonesian digital‑ID apps and DeliveryRAT pushed through bogus delivery and parcel‑tracking apps reportedly sold via a Telegram bot called Bonvi Team.
• The malware requests Accessibility Services and Device Administrator privileges to read screens, simulate taps, and steal credentials using overlay login pages.
• Both strains communicate with command‑and‑control servers to exfiltrate device details and app lists, fetch updates or delete traces, silence notifications, and in some cases hide app icons and survive reboots.
• BankBot‑YNRK targets up to 62 banking apps and is a greater risk to devices running Android 13 or earlier, while DeliveryRAT activity has been reported in Russia, Brazil, Poland, the Czech Republic, and Slovakia.
• Malwarebytes published detections and indicators of compromise, including the IdentitasKependudukanDigital.apk filename and SHA‑256 hashes, and advised users to keep security tools current and avoid installing apps from untrusted sources.