Mobile cybercrime has moved past the era of simple, massive attacks; you are now facing high-evasion, surgical threats. Recently, security researchers have identified two new and serious threats for Android: BankBot-YNRK and DeliveryRAT.
These Trojans are not only designed to steal financial data and credentials, but their objective extends to compromising the operational integrity of your company if you manage corporate device fleets or implement BYOD policies.
The fundamental shift is that the attack is no longer just against the end-user, but against the security of your business value chain. This escalation demands that your IT and DevOps teams adopt proactive measures. Applivery, as a Unified Endpoint Management (UEM) platform, helps your organization stay one step ahead.
Technical breakdown of the threat
To understand how to protect your organization, it is essential that you break down the capabilities of each threat.
BankBot-YNRK: the evasion and credential theft tactic
This advanced banking Trojan variant, analyzed by CYFIRMA, stands out for its capacity for evasion and adaptation to the environment.
Evasion and persistence techniques
Social engineering: it is distributed through disguised APKs (e.g., “IdentitasKependudukanDigital.apk”).
Environment detection: if BankBot-YNRK detects that it is running in an emulator, it avoids activating its malicious payload, complicating your forensic analysis.
Persistence: it uses the Android JobScheduler to ensure the malware automatically restarts even after turning the device off or on, maintaining long-term access.
Data theft capabilities
-
Abuse of accessibility: it mutes notification volume not to alert you and requests access to accessibility services to gain elevated permissions, allowing it to automate actions.
-
Overlay attack (superposition): it uses overlays to trick you with fake screens (e.g., asking you to verify your personal data) while performing malicious tasks in the background.
-
Financial theft: it captures the interface of banking applications (“skeleton UI”) and activates automated transactions in cryptocurrency wallets like MetaMask or Trust Wallet, without your intervention.
-
General extraction: it steals sensitive data such as contacts, SMS, location, and clipboard content.
DeliveryRAT: the "Malware-as-a-Service" (MaaS) model
DeliveryRAT is another identified Trojan that operates under a MaaS (Malware-as-a-Service) model, distributed through a Telegram bot called “Bonvi Team”.
Attack vectors: it disguises itself as a “delivery app,” fake online market, or job offers, tricking users into installing it.
Functionalities: it gains access to SMS and call logs , hides its own icon to hinder detection, and in some versions, has even been identified with the capability to launch DDoS attacks.
Vulnerability: devices with Android 13 or lower are the most vulnerable, as these versions allow apps to abuse accessibility to automatically gain permissions.
Applivery,the unified solution
Mitigating these threats is not an antivirus task, but one of Security Posture Management. This is where the Applivery offers a complete solution for your IT and DevOps teams:
| Applivery functionality | Benefit against BankBot-YNRK / DeliveryRAT | Key Segment |
|---|---|---|
|
Allowed/blocked application policies (whitelisting/blacklisting) |
You block the installation of unverified APKs (the main attack vector), ensuring only approved business apps are on your devices. |
IT Teams (control and compliance) |
|
Remote restriction configuration for permissions |
You limit the abuse of Accessibility Services and device administration (BankBot-YNRK’s privilege escalation tactic). |
IT Teams (Zero Trust) |
|
Private and secure app distribution (private repository) |
You enable your DevOps teams to securely distribute builds, ensuring employees and testers do not look for unsecured alternatives outside the company. |
DevOps Teams (Agility and Control) |
|
Unified UEM dashboard |
You gain complete visibility of device status, allowing you to quickly identify and isolate a device with anomalous behavior before it spreads. |
IT Teams (Productivity) |
Mitigating credential theft through UEM policies
In addition to implementing a UEM platform, there are crucial steps to mitigate your exposure, especially in Android 13 or lower environments:
-
Operating System reinforcement: ensure all your managed devices have the latest available operating system version, as Android 14 has strengthened accessibility restrictions.
-
Granular sideloading control: review and rigorously restrict policies for installing unverified APKs on your corporate devices.
-
Monitoring with EDR/MTD: Integrate mobile security tools (Mobile Threat Defense) to monitor suspicious behaviors beyond basic MDM capabilities.
-
Continuous training: educate your employees about the risks of phishing and smishing, and in identifying dangerous permissions that the malware requests.
Is your current MDM solution exposing you to next-generation banking Trojans?
The evolution of threats like BankBot-YNRK and DeliveryRAT confirms that mobile risk is now a business risk that demands a unified and proactive response. Reacting to the latest news is not enough: you need to adopt a strategy that combines developer agility with IT security control.
At Applivery, our developer-centric DNA allows us to offer you a UEM platform that is not just a management tool, but a catalyst for a more secure and resilient DevOps strategy.
Are you concerned about the vulnerability of your devices to advanced malware or the fragmentation of your mobile security strategy? Contact us today for a security assessment and discover how Applivery can simplify your endpoint management and protect your business.
Frequently Asked Questions (FAQ)
What are BankBot-YNRK and DeliveryRAT?
They are two distinct, sophisticated Android Trojans designed to steal financial data, banking credentials, and access cryptocurrency wallets. BankBot-YNRK uses overlay attacks and evasion tactics (like emulator detection), while DeliveryRAT operates as a "Malware-as-a-Service" (MaaS).
Why are these Trojans a B2B threat, not just a consumer problem?
These threats directly impact corporate security by targeting devices used for work, including those under BYOD policies. They lead to a loss of control, potential data breaches , and regulatory non-compliance (e.g., GDPR, HIPAA) if sensitive data is stolen from corporate endpoints.
How does Applivery UEM mitigate the risk of these Trojans?
Applivery mitigates the risk by enabling IT teams to:
-
Block unauthorized APKs using Whitelisting policies.
-
Configure remote restrictions to limit the use of dangerous permissions, such as Accessibility Services.
-
Provide a secure, private repository for app distribution, preventing employees from installing builds from unsafe, external sources.
