Android Security Archives

New Perseus Android Banking Malware Monitors Notes Apps to Steal Sensitive Data

March 19, 2026

Cybersecurity researchers have identified a new Android malware strain called Perseus, which is actively being deployed to perform device takeover (DTO) and financial fraud. The malware is designed to compromise Android devices, steal sensitive information, and enable attackers to control infected systems remotely. According to ThreatFabric, Perseus builds upon earlier malware families like Cerberus and […]

New Perseus Android Banking Malware Monitors Notes Apps to Steal Sensitive Data Read More »

Android 17 Restricts Accessibility API Access to Stop Malware Abuse

March 16, 2026

Google is currently testing a new security control in Android 17 that prevents certain applications from accessing the system’s Accessibility Services API. The feature is being introduced as part of Android Advanced Protection Mode (AAPM), a security setting designed to protect users from advanced cyber threats. The change appeared in Android 17 Beta 2, according

Android 17 Restricts Accessibility API Access to Stop Malware Abuse Read More »

Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets

March 13, 2026

Cybersecurity researchers have uncovered six new Android malware families designed to steal sensitive data from infected devices and carry out financial fraud. These threats primarily target banking applications, cryptocurrency wallets, and digital payment platforms. The discovered malware includes several banking trojans and remote access tools capable of monitoring user activity, hijacking financial transactions, and gaining full control over

Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets Read More »

Google Confirms Active Exploitation of CVE-2026-21385 in Qualcomm Android Component

March 3, 2026

Google has confirmed that a high severity vulnerability affecting a Qualcomm open source component used in Android devices is being actively exploited in targeted attacks. The flaw, tracked as CVE-2026-21385 with a CVSS score of 7.8, impacts the Graphics component and involves a buffer over read issue that may lead to memory corruption. Qualcomm Advisory

Google Confirms Active Exploitation of CVE-2026-21385 in Qualcomm Android Component Read More »

PromptSpy Android Malware Exploits Gemini AI to Automate Recent-Apps Persistence

February 19, 2026

Cybersecurity researchers have uncovered a sophisticated Android malware, named PromptSpy, that leverages Google’s generative AI chatbot Gemini to automate actions and ensure persistence on infected devices. This marks one of the first known cases of malware incorporating generative AI into its operational flow. How PromptSpy Operates PromptSpy is capable of: According to Lukáš Štefanko, Gemini is

PromptSpy Android Malware Exploits Gemini AI to Automate Recent-Apps Persistence Read More »

Fake IPTV Apps Distribute Massiv Android Malware Targeting Mobile Banking Users

February 19, 2026

Cybersecurity experts have identified a new Android banking trojan called Massiv, designed to conduct device takeover (DTO) attacks for financial theft. The malware hides inside seemingly legitimate IPTV apps, luring users who are searching for online TV services and giving attackers remote control over infected devices. How Massiv Operates According to ThreatFabric, Massiv first appeared in

Fake IPTV Apps Distribute Massiv Android Malware Targeting Mobile Banking Users Read More »

Keenadu Firmware Backdoor Infects Android Tablets Through Signed OTA Updates

February 17, 2026

Kaspersky researchers have uncovered a sophisticated Android firmware backdoor, dubbed Keenadu, which silently harvests data and enables remote control of infected devices. The malware is embedded in device firmware, affecting brands including Alldocube, and is delivered through signed OTA updates dating back to August 2023. Unlike conventional malware, Keenadu operates at the firmware level, loading into the

Keenadu Firmware Backdoor Infects Android Tablets Through Signed OTA Updates Read More »

WhatsApp Worm Propagates Astaroth Banking Trojan in Brazil Through Auto-Messaging

January 8, 2026

Cybersecurity researchers have uncovered a new malware campaign that abuses WhatsApp as a distribution channel to spread the Astaroth banking trojan across Brazil. The operation specifically targets Windows users and represents an evolution in how financial malware is propagated in the region. The campaign has been named Boto Cor-de-Rosa by the Acronis Threat Research Unit.

WhatsApp Worm Propagates Astaroth Banking Trojan in Brazil Through Auto-Messaging Read More »

Kimwolf Android Botnet Infects Over 2 Million Devices Through Exposed ADB and Proxy Networks

January 6, 2026

Cybersecurity researchers have uncovered large scale activity linked to an Android botnet known as Kimwolf, which has compromised more than two million devices by abusing exposed Android Debug Bridge (ADB) services and tunneling through residential proxy networks. The findings were revealed in a recent analysis by Synthient. According to researchers, threat actors operating the Kimwolf botnet

Kimwolf Android Botnet Infects Over 2 Million Devices Through Exposed ADB and Proxy Networks Read More »