A brand new Android banking trojan is concentrating on greater than 180 banking, monetary and cryptocurrency functions throughout 10 nations.
The cybersecurity agency Cyble says the malware is known as OverlayPhantom and is being distributed by means of malicious URLs that impersonate trusted functions.
Cyble says the malware makes use of a two-stage an infection chain, starting with a dropper app that has impersonated ID Austria, Austria’s official authorities identification utility, and TikTok. As soon as put in, OverlayPhantom disguises itself as Google Play Companies and abuses Android’s Accessibility Service to realize elevated management over the contaminated system.
The malware targets banking, monetary and cryptocurrency apps in america, Australia, Germany, France, Belgium, Finland, the Netherlands, Italy, Spain and the UK.
The agency says OverlayPhantom can execute greater than 30 distant instructions, conduct real-time display streaming, show pretend overlays and exfiltrate harvested credentials by means of command-and-control infrastructure.
The malware screens the sufferer’s foreground functions and checks whether or not the app is included in its hardcoded goal checklist. When a match is discovered, it shows a pretend WebView overlay designed to resemble the legit utility. These overlays can seize usernames, passwords, card particulars, PINs and different delicate info.
Based on Cyble, the malware also can simulate gestures, manipulate clipboard content material, lock the system display and show pretend notifications. The report says OverlayPhantom makes use of separate command-and-control ports for command dispatch, system standing reporting and display streaming.
Cyble says the malware has been energetic since Might 2025 and was uncovered throughout an investigation into government-themed URL impersonation.
Comply with us on X, Fb and Telegram
Do not Miss a Beat – Subscribe to get e-mail alerts delivered on to your inbox
Surf The Day by day Hodl Combine
 
Disclaimer: Opinions expressed at The Day by day Hodl aren’t funding recommendation. Buyers ought to do their due diligence earlier than making any high-risk investments in Bitcoin, cryptocurrency or digital belongings. Please be suggested that your transfers and trades are at your personal threat, and any losses you might incur are your duty. The Day by day Hodl doesn’t suggest the shopping for or promoting of any belongings together with cryptocurrencies, neither is The Day by day Hodl an funding advisor. Please observe that The Day by day Hodl participates in internet affiliate marketing.
Generated Picture: Midjourney
