HOMETHREATSDroidBot
APT / THREAT GROUP

DroidBot

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

According to Cleafy, DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-like capabilities, such as keylogging and user interface monitoring. Moreover, it leverages dual-channel communication, transmitting outbound data through MQTT and receiving inbound commands via HTTPS, providing enhanced operation flexibility and resilience.

Threat Analysis

DroidBot is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

DroidBotapk.droidbot

External Intelligence

Malpedia: apk.droidbot

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.