Android Security

A new wave of Android malware is exploiting Microsoft’s .NET MAUI framework to evade detection and steal sensitive data. Disguised as banking and social media apps, this malware tricks users into installing fake applications, harvesting their personal information, and sending it to cybercriminals.

A dangerous banking trojan named Anatsa (TeaBot) was found hiding in a File Manager and Document Reader app on Google Play. Before it was removed, the app had over 220,000 downloads and targeted users worldwide. This malware steals banking passwords, bypasses two-factor authentication (2FA), and enables hackers to transfer money from victims' accounts.

A dangerous new version of the Android Remote Access Tool (RAT), called AndroRAT, is being used by hackers to steal unlock patterns, PINs, and passcodes from Android devices. Originally an open-source university project in 2012, AndroRAT has now evolved into a powerful malware that bypasses security defenses up to Android 15. This latest variant spreads through fake apps and phishing links, using advanced techniques to hijack device controls, steal biometric data, and break into locked smartphones.

A dangerous Android malware app, SpyLend, was downloaded 100,000+ times from Google Play, pretending to be a financial tool. Instead, it stole user data and was used for predatory loan scams in India. Users were harassed, blackmailed, and threatened if they failed to repay high-interest loans.

Hackers are exploiting QR codes in a new scam called “quishing”, tricking users into scanning fake QR codes that lead to phishing sites, malware downloads, or financial fraud. These attacks are bypassing traditional security measures, making individuals and businesses vulnerable.

Hackers are using fake virus warnings to scare mobile users into downloading malicious antivirus apps. These scareware attacks create a false sense of urgency, tricking people into installing apps that can steal data, encrypt files, or cause system damage.

A newly discovered malware campaign, “FatBoyPanel,” is targeting Indian bank users, stealing Aadhaar numbers, PAN details, ATM PINs, and credit card information. Researchers from zLabs (Zimperium) have identified nearly 900 malware samples designed to trick users into revealing sensitive data.

A dangerous Android malware called FireScam is disguising itself as "Telegram Premium" to steal sensitive data and remotely control infected devices. Distributed via phishing sites mimicking legitimate platforms, FireScam demonstrates advanced techniques to evade detection and maintain control over devices.

Over 8 million Android users across nine countries have been impacted by SpyLoan malware embedded in loan apps downloaded from the Google Play Store. These apps exploit user trust, financial desperation, and intrusive permissions to harvest sensitive data, leading to extortion, harassment, and financial loss.

A dangerous new Android banking malware, dubbed ToxicPanda, has infected over 1,500 devices by bypassing security measures and exploiting Android’s accessibility features to facilitate fraudulent money transfers. With roots in the TgToxic malware, ToxicPanda is suspected to be the work of a Chinese-speaking threat actor targeting bank customers in Europe and Latin America.