Android hackers are now targeting more than 800 applications across banking, cryptocurrency and social media sectors.
The cybersecurity firm Zimperium says its researchers have identified four active malware families that use advanced command-and-control infrastructure to steal credentials, conduct unauthorized financial transactions and exfiltrate data at scale.
“Collectively, these campaigns target over 800 applications across the banking, cryptocurrency, and social media sectors.
By employing advanced anti-analysis techniques and structural APK tampering, these families often maintain near-zero detection rates against traditional signature-based security mechanisms.”
The names of the malware families are RecruitRat, SaferRat, Astrinox and Massiv.
Attackers commonly rely on phishing websites, fraudulent job offers, fake software updates, text-message scams and promotional lures to convince victims to install malicious Android apps.
Once installed, the malware can request Accessibility permissions, hide app icons, block uninstall attempts, steal PINs and passwords through fake lock screens, capture one-time passcodes, stream live device screens and overlay counterfeit login pages on legitimate banking or crypto apps.
“Overlay attacks remain the cornerstone of the credential-harvesting lifecycle. Using Accessibility Services to monitor the foreground, the malware detects the exact moment a victim launches a financial application. The malware then fetches a malicious HTML payload and overlays it onto the legitimate application’s user interface, creating a highly convincing, deceptive facade.”
The company said the campaigns use HTTPS and WebSocket communications to blend malicious traffic with normal app activity, while some variants add extra encryption layers to evade detection.
Follow us on X, Facebook and Telegram
Don’t Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Surf The Daily Hodl Mix
 
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any assets including cryptocurrencies, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated Image: Midjourney