A brand new Android banking trojan is focusing on greater than 180 banking, monetary and cryptocurrency purposes throughout 10 international locations.
The cybersecurity agency Cyble says the malware is known as OverlayPhantom and is being distributed by way of malicious URLs that impersonate trusted purposes.
Cyble says the malware makes use of a two-stage an infection chain, starting with a dropper app that has impersonated ID Austria, Austria’s official authorities identification utility, and TikTok. As soon as put in, OverlayPhantom disguises itself as Google Play Providers and abuses Android’s Accessibility Service to realize elevated management over the contaminated machine.
The malware targets banking, monetary and cryptocurrency apps in the USA, Australia, Germany, France, Belgium, Finland, the Netherlands, Italy, Spain and the UK.
The agency says OverlayPhantom can execute greater than 30 distant instructions, conduct real-time display screen streaming, show pretend overlays and exfiltrate harvested credentials by way of command-and-control infrastructure.
The malware screens the sufferer’s foreground purposes and checks whether or not the app is included in its hardcoded goal listing. When a match is discovered, it shows a pretend WebView overlay designed to resemble the reliable utility. These overlays can seize usernames, passwords, card particulars, PINs and different delicate info.
In response to Cyble, the malware may also simulate gestures, manipulate clipboard content material, lock the machine display screen and show pretend notifications. The report says OverlayPhantom makes use of separate command-and-control ports for command dispatch, machine standing reporting and display screen streaming.
Cyble says the malware has been lively since Could 2025 and was uncovered throughout an investigation into government-themed URL impersonation.
Observe us on X, Fb and Telegram
Do not Miss a Beat – Subscribe to get e mail alerts delivered on to your inbox
Surf The Each day Hodl Combine
 
Disclaimer: Opinions expressed at The Each day Hodl will not be funding recommendation. Traders ought to do their due diligence earlier than making any high-risk investments in Bitcoin, cryptocurrency or digital property. Please be suggested that your transfers and trades are at your personal threat, and any losses you might incur are your accountability. The Each day Hodl doesn’t advocate the shopping for or promoting of any property together with cryptocurrencies, neither is The Each day Hodl an funding advisor. Please be aware that The Each day Hodl participates in internet online affiliate marketing.
Generated Picture: Midjourney