CP
cyberpings
Malware & RansomwareHIGH

Perseus Android Banking Malware - Extracts Sensitive Data

THThe Hacker News
PerseusAndroid malwarefinancial fraudCerberusPhoenix
🎯

Basically, a new Android malware steals sensitive information from your notes and banking apps.

Quick Summary

A new Android malware named Perseus is on the rise, targeting users to steal sensitive data. It focuses on financial fraud and device takeover, affecting users in multiple countries. This evolving threat highlights the need for enhanced security measures.

What Happened

Cybersecurity researchers have unveiled a new Android malware family called Perseus. This malware is actively distributed and aims to conduct device takeover (DTO) and financial fraud. Built upon the foundations of previous malware like Cerberus and Phoenix, Perseus has evolved into a more flexible platform for compromising Android devices. It uses dropper apps that are often distributed via phishing sites, making it a significant threat to users.

Perseus operates through Accessibility-based remote sessions, allowing real-time monitoring and interaction with infected devices. This capability enables full device takeover, with a particular focus on regions such as Turkey and Italy. The malware goes beyond traditional credential theft by monitoring user notes, indicating a targeted approach to extracting high-value personal or financial information.

Who's Being Targeted

The campaigns distributing Perseus have primarily targeted users in Turkey, Italy, Poland, Germany, France, the U.A.E., and Portugal. By embedding its payload within commonly used apps, such as those for streaming services, Perseus effectively reduces user suspicion. This tactic increases the likelihood of successful infections, blending malicious activity with a familiar distribution model.

As users seek to sideload apps for premium content, they may unknowingly expose themselves to this malware. The malware's ability to launch overlay attacks and capture keystrokes allows it to intercept user input, particularly for banking and cryptocurrency services, making it a serious threat.

Signs of Infection

Once deployed, Perseus behaves like other Android banking malware. It captures keystrokes and displays fake interfaces over legitimate apps to steal credentials. The malware can remotely issue commands through a command-and-control (C2) panel, allowing operators to perform fraudulent transactions.

Some notable commands include:

  • scan_notes: Captures contents from various note-taking apps.
  • start_vnc: Launches a near-real-time visual stream of the victim's screen.
  • action_blackscreen: Displays a black screen overlay to hide device activity.

These capabilities highlight the malware's sophistication and the potential for widespread impact on users' financial security.

How to Protect Yourself

To mitigate the risks associated with Perseus, users should take proactive measures. Here are some recommended actions:

  • Avoid sideloading apps from untrusted sources. Stick to official app stores.
  • Monitor your device for unusual activity or unexpected app installations.
  • Use security software that can detect and block malware.
  • Regularly update your device and apps to ensure you have the latest security patches.

By staying vigilant and adopting these practices, users can better protect themselves from the evolving threats posed by malware like Perseus.

🔒 Pro insight: Perseus showcases a troubling trend in malware evolution, leveraging established families while introducing targeted enhancements for greater efficiency in data theft.

Original article from

The Hacker News

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Malware - Malicious ‘Pyronut’ Package Backdoors Telegram Bots

A new malicious package named pyronut has been found on PyPI, targeting Telegram bot developers. This package can backdoor bots, allowing hackers to execute remote commands. Developers must act quickly to secure their systems and data.

Cyber Security News·
HIGHMalware & Ransomware

Horabot Banking Trojan - Resurfaces in Mexico with Tactics

The Horabot banking trojan is back, targeting users in Mexico with clever phishing tactics. Infected machines become phishing relays, increasing the threat. Awareness and proactive measures are essential to combat this layered attack.

Cyber Security News·
HIGHMalware & Ransomware

Malware - Google Limits Android Accessibility API Access

Google is tightening access to Android's accessibility API to combat malware abuse. This affects apps not designed for accessibility, reducing risks for users. Enhanced protections aim to safeguard sensitive data from banking Trojans and other malicious software.

Help Net Security·
HIGHMalware & Ransomware

Perseus Malware - New Android Threat Targets User Notes

A new Android malware named Perseus is stealing sensitive information from user notes. It primarily targets financial institutions and crypto services in Turkey and Italy. Users should avoid sideloading apps and ensure their devices are secure.

BleepingComputer·
HIGHMalware & Ransomware

AI in Malware - Analyzing Current Trends and Impacts

Unit 42's latest research reveals how AI is transforming malware. With AI, attackers can create more sophisticated threats, putting users at risk. Stay informed and protected against these evolving dangers.

Palo Alto Unit 42·
HIGHMalware & Ransomware

Malware Alert - Backdoored Open VSX Extension Discovered

A popular code editor extension was found backdoored, silently installing malware on developer machines. Over 26,000 users are at risk. Immediate action is required to secure affected systems.

Cyber Security News·