New Android banking Trojan targets more than 180 banking, financial and cryptocurrency apps in 10 countries.
Cybersecurity company Cyble He says The malware is called OverlayPhantom and is distributed through malicious URLs that impersonate trusted applications.
Cyble says the malware uses a two-stage infection chain, starting with the dropper app impersonating ID Austria, Austria’s official government identity app, and TikTok. Once installed, OverlayPhantom masquerades as Google Play Services and abuses Android’s accessibility service to gain heightened control over the infected device.
The malware targets banking, financial and cryptocurrency applications in the US, Australia, Germany, France, Belgium, Finland, Netherlands, Italy, Spain and the UK.
The company says OverlayPhantom can execute more than 30 remote commands, perform real-time screen streaming, display fake overlays, and filter harvested credentials through command and control infrastructure.
The malware monitors the victim’s front-end applications and checks whether the application is on the list of encrypted targets or not. When a match is found, it displays a fake WebView overlay designed to resemble the legitimate application. These overlays can capture usernames, passwords, card details, PINs, and other sensitive information.
According to Cyble, the malware can also mimic gestures, manipulate clipboard content, lock the device’s screen, and display fake notifications. The report says that OverlayPhantom uses separate command and control ports to send commands and report device status and screen streaming.
Cyble says the malware has been active since May 2025 and was discovered during an investigation into government-themed URL impersonation.
Follow us on X, Facebook and cable
Never miss a beat – Subscribe Get email alerts delivered directly to your inbox
browse Hodel’s daily mix
 
Disclaimer: The opinions expressed in The Daily Hodl are not investment advice. Investors should conduct due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please note that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the purchase or sale of any assets including cryptocurrencies, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated image: mid-flight
