Android hackers are now targeting more than 800 apps across the banking, cryptocurrency and social media sectors.
Cybersecurity company Zimperium He says Its researchers identified four active malware families that use advanced command and control infrastructure to steal credentials, conduct unauthorized financial transactions, and exfiltrate data on a large scale.
“Collectively, these campaigns target more than 800 apps across the banking, cryptocurrency and social media sectors.
By using advanced anti-parsing techniques and structural tampering with APK files, these families often maintain near-zero detection rates versus traditional signature-based security mechanisms.
The malware family names are RecruitRat, SaferRat, Astrinox, and Massiv.
Attackers typically rely on phishing websites, fraudulent job offers, fake software updates, text message scams, and promotional lures to convince victims to install malicious Android apps.
Once installed, the malware can request accessibility permissions, hide app icons, block uninstall attempts, steal PINs and passwords through fake lock screens, capture one-time passcodes, stream live device screens, and overlay fake login pages on legitimate banking or crypto apps.
“Overlay attacks remain the cornerstone of the credential harvesting lifecycle. Using accessibility services to monitor the foreground, the malware detects the precise moment a victim launches a financial application. The malware then fetches a malicious HTML payload and overlays it onto the legitimate application’s UI, creating a deceptive and highly convincing interface.”
The campaigns use HTTPS and WebSocket connections to mix malicious traffic with normal app activity, while some variants add additional encryption layers to avoid detection, the company said.
Follow us on X, Facebook and cable
Never miss a beat – Subscribe Get email alerts delivered directly to your inbox
browse Hodel’s daily mix
 
Disclaimer: The opinions expressed in The Daily Hodl are not investment advice. Investors should conduct due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please note that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the purchase or sale of any assets including cryptocurrencies, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated image: mid-flight
