New Android Banking Trojan Silences Phones While Stealing Crypto

Beware of 'BankBot-YNRK,' an Android Trojan impersonating Indonesia's digital ID app, stealing crypto and banking data in SE Asia.

By Content Team

Nov 4, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Security researchers discovered a sophisticated Android banking Trojan called "BankBot-YNRK" targeting users in Indonesia and Southeast Asia. The malware disguises itself as Indonesia's official digital ID app, tricking users into installing it from outside Google Play Store.

Once installed, the Trojan mutes all device alerts—calls, notifications, messages—to avoid detection while stealing cryptocurrency wallet data, banking credentials, and personal information. It specifically targets devices running Android 13 and earlier, exploiting accessibility features to gain complete remote control.

The malware takes real-time screenshots of banking and crypto wallet apps to map their interfaces, then automates fraudulent transactions. It targets Bitcoin, Ethereum, Litecoin, and Solana wallets, extracting seed phrases and private keys without user knowledge.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Europol Shuts Down Massive SIM Card Fraud Network That Hit 80+ Countries

Oct 19, 2025

Hackers Rapidly Exploit XWiki Vulnerability for Botnets and Crypto Mining

Nov 17, 2025

CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

Nov 22, 2025

Critical Net-SNMP Vulnerability Threatens Network Infrastructure Worldwide

Dec 26, 2025