Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer

We have been closely investigating the Android BianLian botnet (also known as Hydra). This botnet emerged in 2018. It is still very alive in 2022, particularly active since the beginning of 2022, where we are closely monitoring at least three independent campaigns.

The Android malware typically poses as a video player, Google Play app, or a mobile banking application. Once installed, it asks the victim to activate Accessibility Services for the app to “work correctly.” In reality, this is needed by the malware to overlay images and validate forms without user interaction. Asking for Accessibility Services activation should raise an alarm in the victim’s mind. Unfortunately, many won’t understand this is not legitimate. Android/BianLian Botnet Trying to Bypass Photo TAN Used for Mobile Banking