New Android Malware BankBot YNRK Targets Banking Apps and Crypto Wallets

NEW YORK, New York — November 27, 2025 — Security researchers have identified a new Android malware strain called BankBot YNRK that poses a significant threat to mobile banking and cryptocurrency users. According to cybersecurity experts, this malware is among the most advanced mobile threats discovered to date, capable of silently taking control of infected devices to steal sensitive financial information and drain accounts.

BankBot YNRK infiltrates devices by disguising itself as legitimate Android applications, often mimicking official digital ID tools. Once installed, the malware collects detailed information about the device, including brand, model, and installed apps, while also detecting whether it is running on an emulator to evade automated security analysis. To avoid detection by users, it can change its app name and icon to appear as Google News, loading the genuine news.google.com site within the app interface to maintain the illusion of legitimacy.

After installation, the malware immediately silences audio and notification alerts, preventing victims from hearing incoming messages or alarms that might indicate suspicious activity. It then requests access to Accessibility Services, which, if granted, allows it to interact with the device interface as if it were the user. This access enables BankBot YNRK to press buttons, scroll through screens, and read all displayed content.

The malware also registers itself as a Device Administrator app, making removal more difficult and allowing it to restart automatically after a device reboot. It schedules recurring background tasks to relaunch itself every few seconds when the phone is connected to the internet, ensuring persistent control.

Once connected to its remote server, BankBot YNRK can send detailed device information and lists of installed applications. It is capable of taking screenshots of banking apps, reading clipboard entries, and automating cryptocurrency wallet transactions. This combination of capabilities allows the malware to steal banking credentials and drain crypto wallets without the user’s knowledge.

Android users have faced a growing number of financial malware threats in recent years, with previous strains such as Hydra, Anatsa, and Octo demonstrating similar abilities to take over phones and empty accounts. While security updates have mitigated some risks, malware developers continue to evolve their tactics, as exemplified by BankBot YNRK’s sophisticated methods.

Experts emphasize the importance of vigilance when downloading apps and recommend avoiding unofficial sources to reduce the risk of infection. Users should also monitor their devices for unusual behavior and keep security software up to date to help protect against emerging threats like BankBot YNRK.