A newly identified Android malware known as Herodotus is raising concern due to its ability to imitate natural human behavior while carrying out financial fraud on infected devices. A cybersecurity firm found that the malware types and taps the screen with human-like timing, using random pauses that resemble real user interaction.
The malware has been detected in active operations targeting users in Italy and Brazil. It enables cybercriminals to take full control of a victim’s phone and perform actions in real time as though a legitimate user is operating the device. Analysts observed that Herodotus delays its input by 300 to 3000 milliseconds, matching normal human typing and tapping patterns. This helps it avoid detection by banking apps that monitor for robotic or automated behavior. A cybersecurity firm stated, “It is an attempt to humanize fraud. Herodotus makes remote fraud look like a normal user session.”
Herodotus appears to build on earlier malware such as Brokewell and is believed to be part of the growing malware as a service market where advanced attack tools are rented out to criminal groups. The malware is typically delivered through phishing or text message scams and often disguises itself as common apps like a browser.
Once installed, it abuses Android accessibility services to place fake login screens over real ones, read text messages including two factor authentication codes and even capture lock screen patterns or PINs. It can show the victim’s screen in real time, record keystrokes and read push notifications. The primary purpose is not just to steal credentials but to take over active banking or cryptocurrency sessions while they are open.
Overlay pages linked to Herodotus have also been found targeting financial organizations in the United States, United Kingdom, Turkey and Poland, suggesting an expansion to larger global markets.
Herodotus stands out because it mirrors natural human activity. This challenges the growing use of behavioral biometrics that rely on identifying how a person interacts with their device. The malware’s structure and long-term approach suggest ongoing development.
The rise of Herodotus highlights a shift where cybercrime is learning to look human and blend into trusted digital environments.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter |The Mainstream formerly known as CIO News Whatsapp Channel | The Mainstream formerly known as CIO News Instagram
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
