#androidmalware — Public Fediverse posts

Android Malware Campaign Silently Invoices Users via Fake Apps

Malware hidden in nearly 250 fake Android apps has been silently invoicing users for premium services, with victims largely unaware of the charges. The sneaky campaign, dubbed Premium Deception, targeted subscribers in several countries, including Malaysia, Thailand, Romania, and Croatia, over a 10-month period.

https://osintsights.com/android-malware-campaign-silently-invoices-users-via-fake-apps?utm_source=mastodon&utm_medium=social

#AndroidMalware #PremiumDeception #FakeApps #EmergingThreats #MobileSecurity

Malicious Android Apps Fuel 659M Daily Ad Fraud Bid Requests

Meet Trapdoor, a massive ad fraud scam driven by 455 malicious Android apps that generated a whopping 659 million daily bid requests at its peak, all while hiding in plain sight as harmless utilities like PDF viewers and file managers. These fake apps tricked users into installing malware, unleashing a hidden ad fraud operation…

https://osintsights.com/malicious-android-apps-fuel-659m-daily-ad-fraud-bid-requests?utm_source=mastodon&utm_medium=social

#AdFraud #Malvertising #AndroidMalware #MobileSecurity #EmergingThreats

TrickMo Trojan Adopts TON Blockchain for Evasive C2 Routing

A new variant of the TrickMo Trojan, tracked as TrickMo C, has emerged, cleverly using The Open Network (TON) blockchain to disguise its command-and-control traffic, making it even harder to detect. This sneaky malware targets banking and wallet users in France, Italy, and Austria through convincing TikTok-themed lures on Facebook…

https://osintsights.com/trickmo-trojan-adopts-ton-blockchain-for-evasive-c2-routing?utm_source=mastodon&utm_medium=social

#TrickmoTrojan #TonBlockchain #AndroidMalware #MobileThreats #EvasiveC2Routing

TrickMo Malware Adopts TON Blockchain for Covert Command-and-Control

Meet Trickmo.C, a sneaky new variant of the TrickMo Android banker that's been hiding in plain sight as a TikTok or streaming app, targeting unsuspecting users in France, Italy, and Austria since January. This cunning malware has evolved to use the TON blockchain for covert command-and-control, making traditional domain…

https://osintsights.com/trickmo-malware-adopts-ton-blockchain-for-covert-command-and-control?utm_source=mastodon&utm_medium=social

#Trickmo #TonBlockchain #AndroidMalware #Commandandcontrol #EmergingThreats

https://www.europesays.com/at/111936/ Android-Malware „God Mode“ und biometrische Lücken verschärfen Smartphone-Risiken #AndroidMalware #AT #Austria #Lücken #Mode #notfallmaßnahmen #Österreich #Schadsoftware #Schwächen #Science #Science&Technology #SmartphoneKontrolle #SmartphoneRisiken #TechKonzerne #Technik #Technology #Test #Wissenschaft #Wissenschaft&Technik

https://www.europesays.com/at/111297/ Neue Android-Malware bedroht Senioren-Konten #Albiriox #AndroidMalware #AT #Austria #Einfallstor #God #Mode #Österreich #Raffinierte #Router #Schadsoftware #Science #Science&Technology #SeniorenKonten #Smartphones #Technik #Technology #Wissenschaft #Wissenschaft&Technik

Malware Exploits APK Flaws to Evade Android Static Analysis

Malware developers have found a sneaky trick to evade detection on Android devices, exploiting APK flaws to hide their malicious code from static analysis - and over 3,000 malware samples have already adopted this tactic. This widespread technique allows malware to fly under the radar, posing a significant threat to…

https://osintsights.com/malware-exploits-apk-flaws-to-evade-android-static-analysis?utm_source=mastodon&utm_medium=social

#AndroidMalware #StaticAnalysisEvasion #ApkMalformation #MalwareDetection #EmergingThreats

Google clamps down on Android developers with mandatory verification

https://fed.brid.gy/r/https://nerds.xyz/2026/03/android-developer-verification/

Google clamps down on Android developers with mandatory verification

https://fed.brid.gy/r/https://nerds.xyz/2026/03/android-developer-verification/

https://www.europesays.com/at/60722/ Perseus: Neuer Android-Trojaner übernimmt Smartphones komplett – AD HOC NEWS #AndroidMalware #AndroidTrojaner #Anstieg #AT #Austria #BankingTrojaner #Finanzbetrug #Geräte #Google #Österreich #Perseus #Report #Science #Science&Technology #Smartphones #Technik #Technology #Wissenschaft #Wissenschaft&Technik

📬 Oblivion Android RAT: Kapert SMS, 2FA und umgeht Schutzmechanismen bis Android 16
#ITSicherheit #Malware #2FA #AccessibilityService #Android16 #AndroidMalware #AndroidRAT #HiddenVNC #MalwareasaService #MobileSecurity #Oblivion #PermissionBypass https://sc.tarnkappe.info/345ceb

📬 Oblivion Android RAT: Kapert SMS, 2FA und umgeht Schutzmechanismen bis Android 16
#ITSicherheit #Malware #2FA #AccessibilityService #Android16 #AndroidMalware #AndroidRAT #HiddenVNC #MalwareasaService #MobileSecurity #Oblivion #PermissionBypass https://sc.tarnkappe.info/345ceb

📬 Oblivion Android RAT: Kapert SMS, 2FA und umgeht Schutzmechanismen bis Android 16
#ITSicherheit #Malware #2FA #AccessibilityService #Android16 #AndroidMalware #AndroidRAT #HiddenVNC #MalwareasaService #MobileSecurity #Oblivion #PermissionBypass https://sc.tarnkappe.info/345ceb

📬 Oblivion Android RAT: Kapert SMS, 2FA und umgeht Schutzmechanismen bis Android 16
#ITSicherheit #Malware #2FA #AccessibilityService #Android16 #AndroidMalware #AndroidRAT #HiddenVNC #MalwareasaService #MobileSecurity #Oblivion #PermissionBypass https://sc.tarnkappe.info/345ceb

📬 Oblivion Android RAT: Kapert SMS, 2FA und umgeht Schutzmechanismen bis Android 16
#ITSicherheit #Malware #2FA #AccessibilityService #Android16 #AndroidMalware #AndroidRAT #HiddenVNC #MalwareasaService #MobileSecurity #Oblivion #PermissionBypass https://sc.tarnkappe.info/345ceb

Android Malware Leverages Google Gemini for Adaptive Operations

PromptSpy, a new Android malware, uses Google Gemini AI to adapt and steal sensitive data like PINs and passwords. Learn how it affects your phone.

#PromptSpy, #AndroidMalware, #GoogleGemini, #CyberSecurity, #DataTheft

https://newsletter.tf/android-malware-promptspy-uses-gemini-ai/

New Android malware called PromptSpy uses Google Gemini AI to change its behavior and steal your data. This is the first time AI has been used this way in malware.

#PromptSpy, #AndroidMalware, #GoogleGemini, #CyberSecurity, #DataTheft

https://newsletter.tf/android-malware-promptspy-uses-gemini-ai/

Android’s AI nightmare begins as malware turns Gemini into a hacking tool

https://fed.brid.gy/r/https://nerds.xyz/2026/02/android-ai-malware-gemini-promptspy/

Android’s AI nightmare begins as malware turns Gemini into a hacking tool

https://web.brid.gy/r/https://nerds.xyz/2026/02/android-ai-malware-gemini-promptspy/

Android’s AI nightmare begins as malware turns Gemini into a hacking tool

https://web.brid.gy/r/https://nerds.xyz/2026/02/android-ai-malware-gemini-promptspy/

Android’s AI nightmare begins as malware turns Gemini into a hacking tool

https://web.brid.gy/r/https://nerds.xyz/2026/02/android-ai-malware-gemini-promptspy/

Android’s AI nightmare begins as malware turns Gemini into a hacking tool

https://web.brid.gy/r/https://nerds.xyz/2026/02/android-ai-malware-gemini-promptspy/

Hugging Face infrastructure was recently leveraged in an Android malware campaign distributing thousands of polymorphic APK variants.

The operation relied on user deception, accessibility abuse, and trusted content delivery paths rather than zero-day exploitation - reinforcing the role of social engineering and platform trust in modern mobile threats.

How are teams accounting for abuse of legitimate platforms?

Follow @technadu for balanced infosec reporting.

#Infosec #AndroidMalware #HuggingFace #ThreatIntelligence #MobileSecurity #CyberDefense

#ActuLibre Over 50 Android Apps for Kids on Google Play Store Caught in Ad Fraud Scheme -> http://feedproxy.google.com/~r/TheHackersNews/~3/IAheiFn_tvw/android-apps-ad-fraud.html #AndroidMalware #adwaremalware #mobilehacking #Clickjacking #clickfraud #Android

📬 Gecrackte Android Apps 2025
#WarezListen #AndroidAPKs #AndroidMalware #Cheats #downloadAndroid #gecrackteAPKs #Mods https://sc.tarnkappe.info/f08008

Snowblind Abuses Android seccomp Sandbox To Bypass Security Mechanisms https://gbhackers.com/snowblind-android-seccomp-bypass/ #CVE/vulnerability #CyberSecurityNews #AndroidMalware #SecurityBypass #SystemCalls #Android #Malware #Seccomp

New Android Malware SpyAgent Taking Screenshots Of User’s Devices https://gbhackers.com/android-malware-spyagent-screenshots/ #CryptocurrencySecurity #Cryptocurrencyhack #CyberSecurityNews #AndroidMalware #PhishingAttack #Android #Malware

"🔥 CapraTube Alert! Transparent Tribe's Sneaky Move 📺📲"

Transparent Tribe, a suspected Pakistani actor, has unveiled CapraTube, a deceptive Android application that mimics YouTube. SentinelLabs discovered three Android application packages (APKs) linked to Transparent Tribe's CapraRAT mobile remote access trojan (RAT). These apps give the illusion of being YouTube but are far less feature-rich than the genuine Android YouTube app.

CapraRAT is a potent tool, granting attackers control over vast amounts of data on infected Android devices. This RAT has been used for surveillance against targets related to the disputed Kashmir region and human rights activists focusing on Pakistan. The group distributes these Android apps outside the Google Play Store, using self-hosted websites and social engineering to lure users into installing weaponized applications.

In 2023, the group spread CapraRAT Android apps disguised as a dating service that carried out spyware activities. One of the newly identified APKs connects to a YouTube channel owned by Piya Sharma, suggesting the actor continues to employ romance-based social engineering tactics.

Key features of CapraRAT include:

• Recording via microphone, front & rear cameras 🎥
• Collecting SMS, multimedia message contents, call logs 📞
• Sending SMS messages, blocking incoming SMS 📩
• Initiating phone calls 📲
• Taking screen captures 🖼️
• Overriding system settings like GPS & Network 🛰️
• Modifying files on the phone's filesystem 📁

For those in the India and Pakistan regions linked to diplomatic, military, or activist matters, it's crucial to be cautious of this actor and threat. Always be wary of apps outside the Google Play store and evaluate the permissions they request.

Source: SentinelOne Labs

Tags: #CapraTube #TransparentTribe #CapraRAT #CyberSecurity #AndroidMalware #SentinelLabs #MobileSecurity #APT 🌐🔐📱

Author: Alex Delamotte.

Android malware steals your card details and PIN to make instant ATM withdrawals https://www.malwarebytes.com/blog/news/2025/11/android-malware-steals-your-card-details-and-pin-to-make-instant-atm-withdrawals #SocialEngineering #androidmalware #Android #NGate #News #nfc

Android malware steals your card details and PIN to make instant ATM withdrawals https://www.malwarebytes.com/blog/news/2025/11/android-malware-steals-your-card-details-and-pin-to-make-instant-atm-withdrawals #SocialEngineering #androidmalware #Android #NGate #News #nfc

Android malware steals your card details and PIN to make instant ATM withdrawals https://www.malwarebytes.com/blog/news/2025/11/android-malware-steals-your-card-details-and-pin-to-make-instant-atm-withdrawals #SocialEngineering #androidmalware #Android #NGate #News #nfc

Android malware steals your card details and PIN to make instant ATM withdrawals https://www.malwarebytes.com/blog/news/2025/11/android-malware-steals-your-card-details-and-pin-to-make-instant-atm-withdrawals #SocialEngineering #androidmalware #Android #NGate #News #nfc

📬 Android Apps haben Malware im Schlepptau – dank “Zombinder”
#Malware #AndroidApps #AndroidMalware #darknet #GooglePlayProtect #KryptoWallet #WindowsMalware #Zombinder https://tarnkappe.info/artikel/malware/android-apps-haben-malware-im-schlepptau-dank-zombinder-260705.html

Octo2 Android Malware Attacking Users To Steal Banking Credentials https://cybersecuritynews.com/octo2-android-malware-banking-credentials/ #CyberSecurityNews #BankingSecurity #AndroidMalware #cybersecurity #Android #Malware

SoumniBot Exploiting Android Manifest Flaws to Evade Detection https://gbhackers.com/soumnibot-android-banker-techniques/ #CyberSecurityNews #BankingSecurity #AndroidMalware #cybersecurity #Android #Malware

📬 FireScam: Malware für Android kommt als Telegram Premium App
#Malware #Smartphones #AndroidMalware #Firebase #FireScam #Infostealer #RuStore #TelegramPremium https://sc.tarnkappe.info/34099b

"🔍 Dive Deep into SpyNote: The Stealthy Android Spyware 📱🕵️‍♂️"

SpyNote, a notorious Android spyware, has been making waves in the cybersecurity realm. This malware, primarily spread via smishing, aims to snoop on users, capturing a plethora of personal data. Some intriguing features of SpyNote include:

🔹 Stealth Mode: Once installed, it remains hidden, making it challenging for users to detect.
🔹 Diehard Services: It employs unique services that restart themselves, ensuring the malware remains active.
🔹 Phone Call Recording: SpyNote can record incoming calls, sending the recordings to its Command & Control server.
🔹 Screenshots: Using the MediaProjection API, it captures images of the user's phone screen.
🔹 Keylogging: All keystrokes are logged, capturing sensitive data like passwords.
🔹 Challenging Uninstallation: The spyware makes its removal extremely tricky, often leaving victims with the sole option of a factory reset.

Stay vigilant and ensure your devices are protected against such threats. 🛡️🔒

Source: F-Secure Blog

Tags: #SpyNote #AndroidMalware #Spyware #CyberSecurity #MobileSecurity #InfoSec #ThreatAnalysis

Author: Amit Tambe

Landfall Android Spyware Targeted Samsung Phones via Zero-Day https://www.securityweek.com/landfall-android-spyware-targeted-samsung-phones-via-zero-day/ #Malware&Threats #Androidmalware #exploited #Landfall #Samsung #spyware #ZeroDay

New Albiriox Android Malware Developed by Russian Cybercriminals https://www.securityweek.com/new-albiriox-android-malware-developed-by-russian-cybercriminals/ #Malware&Threats #Androidmalware #Androidtrojan #bankingtrojan #Albiriox

Anatsa Android Banking Trojan Now Targeting 830 Financial Apps https://www.securityweek.com/anatsa-android-banking-trojan-now-targeting-830-financial-institutions/ #Malware&Threats #Androidmalware #Androidtrojan #bankingtrojan #malware #Anatsa

Anatsa Android Banking Trojan Now Targeting 830 Financial Apps https://www.securityweek.com/anatsa-android-banking-trojan-now-targeting-830-financial-institutions/ #Malware&Threats #Androidmalware #Androidtrojan #bankingtrojan #malware #Anatsa

Godfather Android Trojan Creates Sandbox on Infected Devices – Source: www.securityweek.com https://ciso2ciso.com/godfather-android-trojan-creates-sandbox-on-infected-devices-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Malware&Threats #securityweekcom #Androidmalware #Androidtrojan #bankingtrojan #securityweek #GodFather #Malware

Godfather Android Trojan Creates Sandbox on Infected Devices https://www.securityweek.com/godfather-android-trojan-creates-sandbox-on-infected-devices/ #Malware&Threats #Androidmalware #Androidtrojan #bankingtrojan #Godfather #malware

Godfather Android Trojan Creates Sandbox on Infected Devices https://www.securityweek.com/godfather-android-trojan-creates-sandbox-on-infected-devices/ #Malware&Threats #Androidmalware #Androidtrojan #bankingtrojan #Godfather #malware

‘Crocodilus’ Android Banking Trojan Allows Device Takeover, Data Theft – Source: www.securityweek.com https://ciso2ciso.com/crocodilus-android-banking-trojan-allows-device-takeover-data-theft-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #Malware&Threats #securityweekcom #Androidmalware #bankingtrojan #securityweek #Crocodilus #Malware

‘Crocodilus’ Android Banking Trojan Allows Device Takeover, Data Theft https://www.securityweek.com/crocodilus-android-banking-trojan-allows-device-takeover-data-theft/ #Malware&Threats #Androidmalware #bankingtrojan #Crocodilus #malware

‘Crocodilus’ Android Banking Trojan Allows Device Takeover, Data Theft https://www.securityweek.com/crocodilus-android-banking-trojan-allows-device-takeover-data-theft/ #Malware&Threats #Androidmalware #bankingtrojan #Crocodilus #malware

DroidLock: Malware Built for Extortion, Device Takeover, and Insider Threat Risk in Spain
https://www.technadu.com/droidlock-malware-build-for-extortion-device-takeover-and-insider-threat-risk-in-spain/615553/

DroidLock is an Android malware campaign using phishing sites and Accessibility abuse to enable full device takeover. Capabilities include PIN changes, full wipes, screen recording, camera capture, and credential theft via dual overlay screens.

BYOD devices pose additional insider-risk implications due to accessible MFA codes and internal accounts.

Which detection controls do you consider most effective against Android Accessibility-abusing malware?

#CyberSecurity #AndroidMalware #DroidLock #MobileSecurity #ThreatIntel #Spain #TechNadu

📬 An alle Besitzer von Krypto-Wallets! CherryBlos will an eure Daten
#Malware #Smartphones #AndroidMalware #CherryBlos #Clipper #KryptoWallets #mnemonischePhrasen #OCRTechnologie #TrendMicro https://tarnkappe.info/artikel/it-sicherheit/malware/an-alle-besitzer-von-krypto-wallets-cherryblos-will-an-eure-daten-279036.html

New Android Banking Trojan Targets More Than 750 Financial and Crypto Apps https://thecyberexpress.com/tsarbot-android-banking-trojan-malware/ #Androidbankingtrojan #Androidcryptomalware #TheCyberExpressNews #TheCyberExpress #AndroidMalware #FirewallDaily #CyberNews #malware #cyble