Zimperium has announced new findings from its zLabs team on an evolving mobile banking trojan dubbed DoubleTrouble.
The malware reportedly disguises itself using random two-word method names and has rapidly grown in sophistication – adding screen recording, advanced keylogging and new UI overlay capabilities designed to steal credentials and manipulate infected devices.
Originally spread through phishing sites posing as European banks, DoubleTrouble is said to leverage Discord-hosted APKs to distribute malware in its latest campaign.
Zimperium has articulated that this shift marks a disturbing trend toward social media platforms being used as delivery channels for mobile malware.
Using obfuscation techniques and Android’s Accessibility Services, DoubleTrouble reportedly bypasses traditional detection methods and silently performs a range of malicious actions, including:
Kern Smith, VP of Solutions Engineering, Zimperium commented: “As attackers shift to mobile-first strategies and use dynamic delivery methods like Discord to evade traditional defences, organisations need real-time, on-device protection.
“DoubleTrouble is a stark reminder that mobile threats are growing more evasive and more dangerous, targeting everything from banking credentials to cryptocurrency wallets.”
Click to Open Code Editor