A new Android malware called Herodotus has been discovered, designed to perform device takeover while mimicking human behavior to bypass biometric detection. Active campaigns have been observed in Italy and Brazil. Herodotus is being offered as Malware-as-a-Service and shows links to the previously known Brokewell malware. It uses side-loading for distribution and employs various techniques to steal credentials and perform remote device control. A unique feature is its attempt to humanize remote actions by randomizing delays between text inputs. The malware targets financial organizations and crypto wallets, with potential for global expansion. Its development highlights the growing threat of Device-Takeover banking Trojans and the need for advanced, layered security approaches.