Technology
New Android malware can empty your bank account in seconds
NEWYou can now listen to Fox News articles!
Android users have been dealing with a steady rise in financial malware for years. Threats like Hydra, Anatsa and Octo have shown how attackers can take over a phone, read everything on the screen and drain accounts before you even notice anything wrong. Security updates have helped slow some of these strains, but malware authors keep adapting with new tricks.
The latest variant spotted in circulation is one of the most capable yet. It can silence your phone, take screenshots of banking apps, read clipboard entries, and even automate crypto wallet transactions. This threat is now known as Android BankBot YNRK, and it is far more advanced than typical mobile malware.
Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter
How the malware infiltrates devices
HOW ANDROID MALWARE LETS THIEVES ACCESS YOUR ATM CASH
Android banking malware is getting harder to spot as attackers use new tricks to take over phones and drain accounts. (Thomas Trutschel/Photothek via Getty Images)
BankBot YNRK hides inside fake Android apps that appear legitimate when installed. In the samples analyzed by researchers at Cyfirma, the attackers used apps that impersonated official digital ID tools. Once installed, the malware begins profiling the device by collecting details such as brand, model and installed apps. It checks whether the device is an emulator to avoid automated security analysis. It also maps known models to screen resolutions, which helps it tailor its behavior to specific phones.
To blend in, the malware can disguise itself as Google News. It does this by changing its app name and icon, then loading the real news.google.com site inside a WebView. While the victim believes the app is genuine, the malware quietly runs its background services.
One of its first actions is to mute audio and notification alerts. This prevents victims from hearing incoming messages, alarms or calls that could signal unusual account activity. It then requests access to Accessibility Services. If granted, this allows the malware to interact with the device interface just like a user. From that point onward, it can press buttons, scroll through screens and read everything displayed on the device.
BankBot YNRK also adds itself as a Device Administrator app. This makes it harder to remove and helps it restart itself after a reboot. To maintain long-term access, it schedules recurring background jobs that relaunch the malware every few seconds as long as the phone is connected to the internet.
What does the malware steal
Once the malware receives commands from its remote server, it gains near-complete control of the phone. It sends device information and installed app lists to the attackers, then receives a list of financial apps it should target. This list includes major banking apps used in Vietnam, Malaysia, Indonesia and India, along with several global cryptocurrency wallets.
With Accessibility permissions enabled, the malware can read everything shown on the screen. It captures UI metadata such as text, view IDs and button positions. This helps it reconstruct a simplified version of any app’s interface. Using this data, it can enter login details, swipe through menus or confirm transfers. It can also set text inside fields, install or remove apps, take photos, send SMS, turn call forwarding on and open banking apps in the background while the screen appears inactive.
In cryptocurrency wallets, the malware acts like an automated bot. It can open apps such as Exodus or MetaMask, read balances and seed phrases, dismiss biometric prompts, and carry out transactions. Because all actions happen through Accessibility, the attacker never needs your passwords or PINs. Anything visible on the screen is enough.
The malware also monitors the clipboard, so if users copy OTPs, account numbers or crypto keys, the data is immediately sent to the attackers. With call forwarding enabled, incoming bank verification calls can be silently redirected. All of these actions happen within seconds of the malware activating.
BankBot YNRK hides inside fake apps that look legitimate, then disguises itself as Google News while it runs in the background. (AP Photo/Don Ryan, File)
7 steps you can take to stay safe from banking malware
Banking trojans are getting harder to spot, but a few simple habits can reduce the chances of your phone getting compromised. Here are seven practical steps that help you stay protected.
FBI WARNS OVER 1 MILLION ANDROID DEVICES HIJACKED BY MALWARE
1) Install strong antivirus software
Strong antivirus software helps catch trouble early by spotting suspicious behavior before it harms your Android device or exposes your data. It checks apps as you install them, alerts you to risky permissions and blocks known malware threats. Many top antivirus options also scan links and messages for danger, which adds an important layer of protection when scams move fast.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com
2) Use a data-removal service to shrink your digital footprint
Data brokers quietly collect and sell your personal details, which helps scammers target you with more convincing attacks. A reputable data-removal service can find and delete your information from dozens of sites so that criminals have less to work with. This reduces spam, phishing attempts and the chances of ending up on a malware attack list.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com
3) Install apps only from trusted sources
Avoid downloading APKs from random websites, forwarded messages or social media posts. Most banking malware spreads through sideloaded apps that look official but contain hidden code. The Play Store is not perfect, but it offers scanning, app verification and regular take-downs that greatly reduce the risk of installing infected apps.
4) Keep your device and apps updated
System updates often patch security issues that attackers exploit to bypass protections. Updating your apps is just as important, since outdated versions may contain weaknesses. Turn on automatic updates so that your device stays protected without you having to check manually.
5) Use a strong password manager
A password manager helps you create long, unique passwords for every account. It also saves you from typing passwords directly into apps, which reduces the chance of malware capturing them from your clipboard or keystrokes. If one password gets exposed, the rest of your accounts remain safe.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Once active, the malware can read your screen, steal financial data, automate crypto transfers and intercept OTPs within seconds. (Kurt “CyberGuy” Knutsson)
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com
6) Enable two-factor authentication wherever possible
2FA adds a confirmation step through an OTP, authenticator app or hardware key. Even if attackers steal your login details, they still need this second step to get in. It cannot stop malware that takes over your device, but it significantly limits how far an attacker can go with stolen credentials.
GOOGLE ISSUES WARNING ON FAKE VPN APPS
7) Review app permissions and installed apps regularly
Malware often abuses permissions such as Accessibility or Device Admin because they allow deep control over your phone. Check your settings to see which apps have these permissions and remove anything that looks unfamiliar. Also, look through your installed apps and uninstall any tool or service you do not remember adding. Regular reviews help you spot threats early before they can steal data.
Kurt’s key takeaway
BankBot YNRK is one of the most capable Android banking threats discovered recently. It combines device profiling, strong persistence, UI automation and data theft to gain full control over a victim’s financial apps. Because much of its activity relies on Accessibility permissions, a single tap from the user can give attackers complete access. Staying safe means avoiding unofficial APKs, reviewing installed apps regularly and being cautious of any sudden request to enable special permissions.
Do you think Android phone makers like Samsung or Google are doing enough to protect you from malware? Let us know by writing to us at Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter
Copyright 2025 CyberGuy.com. All rights reserved.
The Federal Aviation Administration (FAA) has struggled for years to have enough air traffic controllers to address shortages, with the US Government Accountability Office (GAO) saying in January that the number of people in the job in the US has declined by around 6 percent “in the last decade.” Now the Trump administration is rolling out a recruiting campaign targeting gamers ahead of the opening of the annual air traffic control hiring window on April 17th.
Even with the campaign, getting qualified individuals through training and into the role may still be a challenge: according to the Department of Transportation’s Office of Inspector General (OIG), the FAA is facing “considerable challenges with training, including a shortage of qualified instructors, training capacity limitations, an outdated curriculum, and high training failure rates.”
An FAA video full of clips of things like Madden NFL, Fortnite, League of Legends esports, and the Xbox One stinger from commercials promises an average salary of $155,000 per year after three years and says that “you’ve been training for this.”
In a press release, the FAA says that air traffic controllers said in exit interviews that gaming was an influence on “their ability to think quickly, stay focused, and manage complexity.” The FAA’s website about the application process encourages applicants to “level up” their career. However, the Trump administration isn’t the first to target gamers for the role; according to The New York Times, the Biden administration launched a “Level Up” recruiting push in 2021, encouraging gamers as well as women and members of minority groups to become air traffic controllers.
Getting more air traffic controllers has been a focus for Sean Duffy, President Trump’s secretary of transportation, and he announced a plan to “supercharge” hiring shortly after he was sworn in for the job last year. That campaign closed in March 2025 and “attracted more than 10,000 applications,” resulting in about 600 trainees entering the Controller Training Academy, the OIG says. And the GAO says that some attrition during the air traffic controller hiring process “may be preventable,” noting that the hiring process can be “difficult to navigate” and that applicants may have already accepted other jobs by the time they get an employment offer.
The National Air Traffic Controllers Association (NATCA), the union representing air traffic controllers, “welcomes innovative approaches to expanding the candidate pool,” including “outreach to individuals with high-level aptitude skills such as gamers,” according to a statement from NATCA president Nick Daniels.
NEWYou can now listen to Fox News articles!
You book a flight. You reschedule. Then you try to handle travel insurance quickly so you can move on with your day. That’s exactly what happened to Rosette. She was trying to reach Allianz, a large travel insurance company that many airlines direct customers to after booking.
Within seconds, she was talking to a scammer who sounded completely legitimate. Here’s how she described it:
“I Googled Allianz and clicked on the phone number. It was answered within 1 second. . . . It was NOT Allianz I was speaking to. They have my Citicard number and my date of birth. . . . When I questioned it, he said ‘I will not charge your card’ and disconnected.”
That realization hits hard. Suddenly, you start replaying everything in your head. Maybe you thought you knew what to look for. Still, the frustration sets in fast. Here’s the truth: This happens every day to smart, careful people. And the scams keep getting more convincing.
TECH GIANTS UNITE TO FIGHT ONLINE SCAMS
Fake phone numbers in search results are fueling a surge in travel insurance scams targeting unsuspecting callers. (Yuliya Taba/Getty Images)
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com — trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
How this fake travel insurance phone scam works
This is known as a search result scam, and it is one of the fastest-growing fraud tactics right now.
Here’s the typical playbook:
- You search for a company like a travel insurance provider, airline or your bank
- A fake phone number appears at the top of the results or in an ad
- You call and reach a professional-sounding call center
- The scammer acts helpful, fast and confident
- They ask for payment details or personal information
In Rosette’s case, there were several clear signs once you step back:
- The call was answered instantly
- The pricing felt unusually high
- The email came from a fake domain
- The agent pushed for authorization
Once she questioned it, the scammer disconnected. That’s classic behavior.
Why this phone scam is so easy to fall for
This is not sloppy fraud. It’s polished, fast and designed to catch you when you are distracted. Here’s why it works so well:
1) You trust search results
Most people assume search results are safe. Scammers exploit that trust with fake listings and ads.
2) Timing creates pressure
You are often dealing with travel changes, delays or deadlines. That lowers your guard.
3) They sound legitimate
These are not obvious scammers. Many operate scripted call centers with trained agents.
4) They move fast
Answering within seconds creates the illusion that you reached the right company.
SSA IMPERSONATION SCAMS ARE GETTING MORE PERSONAL
A quick Google search led one woman to a convincing scam call center posing as a legitimate insurer. (golibo/Getty Images)
What information did the scammer actually get?
In Rosette’s situation, the scammer obtained:
- Credit card number
- Date of birth
That combination matters. Even without an immediate charge, scammers often:
- Test small transactions later
- Attempt identity-based fraud
- Sell your data to other criminals
This is why you should treat it as a compromised card situation, even if nothing has been charged yet.
What this means to you
This type of scam does not rely on hacking your device. It relies on tricking you into calling the wrong number. That means anyone can fall for it.
You could be booking travel, fixing a billing issue or calling tech support. One wrong click puts you in direct contact with a scammer who already sounds like the real company.
The danger is not just the initial call. It is what happens next if your information is reused or shared.
How to protect yourself from fake phone scams
Here’s how to protect yourself from this exact scenario moving forward:
1) Never trust phone numbers from search results
Always go directly to the company’s official website and find the contact page there.
2) Use the number on your card or confirmation email
These are far more reliable than anything you find through a quick search.
3) Watch for instant answers and pressure
Real companies rarely answer instantly and push for immediate payment details.
WHY THAT $4 CHARGE ON YOUR STATEMENT COULD BE FRAUD
A traveler searching for Allianz support reached a scammer instead, exposing personal and financial information in seconds. (fizkes/Getty Images)
4) Check the email domain carefully
If it does not match the official company domain, it is a red flag.
5) Replace compromised cards immediately
Do not wait for fraud to appear. Request a new card number right away.
6) Turn on real-time alerts
Enable transaction alerts so you can catch suspicious activity early.
7) Freeze your credit if personal data is exposed
This adds a strong layer of protection against identity theft.
8) Consider identity theft protection
If your personal information was exposed, identity theft protection can monitor your identity, alert you to suspicious activity and help you respond quickly if something goes wrong. See my tips and best picks on Best Identity Theft Protection at Cyberguy.com.
9) Remove your personal data from public databases
Data broker sites collect and sell your personal details. Removing your information reduces the chances scammers can find and target you again. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
What Rosette did right
It’s important to call this, out because it matters.
- She questioned the pricing
- She challenged the caller
- She stopped before a charge went through
- She contacted her bank quickly
Those steps significantly reduced the damage. This could have gone much further.
Kurt’s key takeaways
Scams like this are not about being careless. They are about being human. You were trying to solve a problem quickly. The scammer was ready for that exact moment. The biggest takeaway is simple: Slow down when money or personal information is involved. Even a few extra seconds to verify a phone number can make all the difference. And if something feels off, trust that instinct.
If you needed to call your bank or airline right now, would you trust the first number you see online? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com — trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Microsoft is starting to remove “unnecessary” Copilot buttons from its Windows 11 apps. In the latest version of the Notepad app for Windows Insiders, Microsoft has removed the Copilot button in favor of a “writing tools” menu. The Copilot button in the Snipping Tool app also no longer appears when you select an area to capture.
The change is part of “reducing unnecessary Copilot entry points, starting with apps like Snipping Tool, Photos, Widgets and Notepad,” that Microsoft promised to complete as part of its broader plan to fix Windows 11. While Copilot buttons are being removed, it looks like the underlying AI features are here to stay, though.
The Copilot button has been removed from Notepad, but the writing tools replacement still uses AI-powered features and looks like the identical menu of options that existed before. I still think these features are largely unnecessary in what’s supposed to be a lightweight text app, but removing the superfluous Copilot branding is a good first step.
Video: Harris Signals Potential Third Presidential Run In 2028
Shortlisted for an Oscar, ‘Homebound’ is a daring movie about two dear friends
Now the FAA says gamers are the answer to its air traffic controller shortage
Iran regime uses former Soviet republic to dodge sanctions, fund war machine: report
Swalwell’s former female staffer drops bombshell allegations of sexual assault, exposing himself: report
Florida High School Football Rankings: Top 25 teams – Oct. 21
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
99th annual Pony Swim held in Virginia
Indiana Members Credit Union announced as new anchor tenant at Bottleworks District
Swalwell’s former female staffer drops bombshell allegations of sexual assault, exposing himself: report
NASA’s Artemis II prepares for splashdown on Earth
Trump proposes painting executive office building white
Rep Randy Fine joins House Freedom Caucus: ‘Strongest group of conservative patriots in Congress’
Trump issues NATO ultimatum to reopen Strait of Hormuz ‘within days’
-
Atlanta, GA6 days ago1 teenage girl killed, another injured in shooting at Piedmont Park, police say
-
Education1 week agoVideo: YouTube’s C.E.O. on the Rise of Video and the Decline of Reading
-
Movie Reviews1 week agoVaazha 2 first half review: Hashir anchors a lively, chaos-filled teen tale
-
Georgia3 days agoGeorgia House Special Runoff Election 2026 Live Results
-
Education1 week agoVideo: Toy Testing with a Discerning Bodega Cat
-
Pennsylvania4 days agoParents charged after toddler injured by wolf at Pennsylvania zoo
-
Milwaukee, WI4 days agoPotawatomi Casino Hotel evacuated after fire breaks out in rooftop HVAC system
-
Entertainment1 week agoInside Ye’s first comeback show at SoFi Stadium