A new Android banking trojan is targeting more than 180 banking, financial and cryptocurrency applications across 10 countries.
The cybersecurity firm Cyble says the malware is called OverlayPhantom and is being distributed through malicious URLs that impersonate trusted applications.
Trending: Report: Teen Brain Dead After Falling from Car During Celebration After San Antonio Spurs’ Win
Cyble says the malware uses a two-stage infection chain, beginning with a dropper app that has impersonated ID Austria, Austria’s official government identity application, and TikTok. Once installed, OverlayPhantom disguises itself as Google Play Services and abuses Android’s Accessibility Service to gain elevated control over the infected device.
The malware targets banking, financial and cryptocurrency apps in the United States, Australia, Germany, France, Belgium, Finland, the Netherlands, Italy, Spain and the United Kingdom.
The firm says OverlayPhantom can execute more than 30 remote commands, conduct real-time screen streaming, display fake overlays and exfiltrate harvested credentials through command-and-control infrastructure.
The malware monitors the victim’s foreground applications and checks whether the app is
Continue reading
Join the conversation!
Please share your thoughts about this article below. We value your opinions, and would love to see you add to the discussion!