A brand new Android banking trojan is concentrating on greater than 180 banking, monetary and cryptocurrency functions throughout 10 nations.
The cybersecurity agency Cyble says the malware known as OverlayPhantom and is being distributed by means of malicious URLs that impersonate trusted functions.
Cyble says the malware makes use of a two-stage an infection chain, starting with a dropper app that has impersonated ID Austria, Austria’s official authorities identification utility, and TikTok. As soon as put in, OverlayPhantom disguises itself as Google Play Companies and abuses Android’s Accessibility Service to realize elevated management over the contaminated system.
The malware targets banking, monetary and cryptocurrency apps in the USA, Australia, Germany, France, Belgium, Finland, the Netherlands, Italy, Spain and the UK.
The agency says OverlayPhantom can execute greater than 30 distant instructions, conduct real-time display screen streaming, show faux overlays and exfiltrate harvested credentials by means of command-and-control infrastructure.
The malware displays the sufferer’s foreground functions and checks whether or not the app is included in its hardcoded goal listing. When a match is discovered, it shows a faux WebView overlay designed to resemble the respectable utility. These overlays can seize usernames, passwords, card particulars, PINs and different delicate info.
In response to Cyble, the malware can even simulate gestures, manipulate clipboard content material, lock the system display screen and show faux notifications. The report says OverlayPhantom makes use of separate command-and-control ports for command dispatch, system standing reporting and display screen streaming.
Cyble says the malware has been energetic since Might 2025 and was uncovered throughout an investigation into government-themed URL impersonation.
Observe us on X, Fb and Telegram
Do not Miss a Beat – Subscribe to get e-mail alerts delivered on to your inbox
Surf The Each day Hodl Combine
 
Disclaimer: Opinions expressed at The Each day Hodl usually are not funding recommendation. Traders ought to do their due diligence earlier than making any high-risk investments in Bitcoin, cryptocurrency or digital belongings. Please be suggested that your transfers and trades are at your individual danger, and any losses you could incur are your duty. The Each day Hodl doesn’t advocate the shopping for or promoting of any belongings together with cryptocurrencies, neither is The Each day Hodl an funding advisor. Please observe that The Each day Hodl participates in online marketing.
Generated Picture: Midjourney
