A brand new Android banking trojan is focusing on greater than 180 banking, monetary and cryptocurrency purposes throughout 10 international locations.
The cybersecurity agency Cyble says the malware known as OverlayPhantom and is being distributed by way of malicious URLs that impersonate trusted purposes.
Cyble says the malware makes use of a two-stage an infection chain, starting with a dropper app that has impersonated ID Austria, Austria’s official authorities id utility, and TikTok. As soon as put in, OverlayPhantom disguises itself as Google Play Providers and abuses Android’s Accessibility Service to realize elevated management over the contaminated machine.
The malware targets banking, monetary and cryptocurrency apps in the USA, Australia, Germany, France, Belgium, Finland, the Netherlands, Italy, Spain and the UK.
The agency says OverlayPhantom can execute greater than 30 distant instructions, conduct real-time display screen streaming, show pretend overlays and exfiltrate harvested credentials by way of command-and-control infrastructure.
The malware screens the sufferer’s foreground purposes and checks whether or not the app is included in its hardcoded goal listing. When a match is discovered, it shows a pretend WebView overlay designed to resemble the professional utility. These overlays can seize usernames, passwords, card particulars, PINs and different delicate data.
In line with Cyble, the malware may also simulate gestures, manipulate clipboard content material, lock the machine display screen and show pretend notifications. The report says OverlayPhantom makes use of separate command-and-control ports for command dispatch, machine standing reporting and display screen streaming.
Cyble says the malware has been lively since Might 2025 and was uncovered throughout an investigation into government-themed URL impersonation.
Comply with us on X, Fb and Telegram
Do not Miss a Beat – Subscribe to get electronic mail alerts delivered on to your inbox
Surf The Day by day Hodl Combine
 
Disclaimer: Opinions expressed at The Day by day Hodl are usually not funding recommendation. Buyers ought to do their due diligence earlier than making any high-risk investments in Bitcoin, cryptocurrency or digital property. Please be suggested that your transfers and trades are at your individual danger, and any losses you might incur are your accountability. The Day by day Hodl doesn’t suggest the shopping for or promoting of any property together with cryptocurrencies, neither is The Day by day Hodl an funding advisor. Please notice that The Day by day Hodl participates in affiliate internet marketing.
Generated Picture: Midjourney