June 13, 2024 at 10:25AM The threat actor Arid Viper is behind a mobile espionage campaign using trojanized Android apps to distribute spyware called AridSpy. The campaign targets users in Palestine and Egypt through fake messaging and job opportunity apps. AridSpy is capable of downloading additional payloads and harvesting data from infected devices. From the … Read more
February 21, 2024 at 09:45AM Promon recently discovered the Android banking malware “FjordPhantom” and published an analysis and report assessing vulnerable online banking applications. The malware spreads through email, SMS, and messaging apps, prompting users to download a fake app, running in a virtual environment, and employing social engineering attacks to steal user credentials and … Read more
February 19, 2024 at 06:21AM The Android banking trojan Anatsa has extended its reach to Slovakia, Slovenia, and Czechia in a new campaign observed in November 2023, exploiting accessibility service and bypassing Google Play’s protections. Anatsa targets banking customers with dropper apps on the Play Store, gaining control over devices, stealing credentials, and perpetrating fraudulent … Read more
December 21, 2023 at 11:28AM A new variant of the Android banking Trojan, Chameleon, has evolved to target users in Australia, Poland, UK, and Italy by bypassing biometric security and utilizing new commands. This includes the ability to interrupt biometric operations, employ Android’s Accessibility service for device takeover attacks, and task scheduling through the AlarmManager … Read more
December 21, 2023 at 09:33AM The Chameleon Android banking trojan is back with new tricks, disabling biometrics to steal PINs on Android devices. This upgraded version evades detection by posing as Google Chrome through the Zombinder service. It now targets Android 13 and 14, bypassing security settings to gain accessibility permissions and disrupting biometric operations. … Read more