New Android malware hiding in streaming apps to spy on users’ personal notes

Steven

New Android malware hiding in streaming apps to spy on users’ personal notes

Summary

Researchers at ThreatFabric have discovered a new Android trojan called Perseus that is being disguised as IPTV/streaming apps to steal credentials, banking data and — unusually — the contents of personal note-taking apps. The malware is actively distributed in the wild and primarily targets users in Turkey and Italy. It repurposes leaked code from older banking trojans such as Cerberus and uses overlay attacks and keylogging to capture logins in real time. Perseus also scans for apps like Google Keep, Evernote and Simple Notes, opens them and extracts stored notes, which can contain highly sensitive information such as passwords and recovery phrases.

ThreatFabric highlights Perseus as another step in the steady evolution of Android banking malware, following recent families that mimic human behaviour or manipulate contact lists to social-engineer victims.

Key Points

  • Perseus is an Android banking trojan hidden inside IPTV/streaming apps, often installed outside official app stores.
  • The malware targets users mainly in Turkey and Italy and is actively distributed in the wild.
  • It builds on leaked Cerberus code and inherits sophisticated banking-fraud capabilities.
  • Perseus performs overlay attacks and keylogging to capture credentials and banking information in real time.
  • Its notable feature is automated scanning and exfiltration of personal notes from apps like Google Keep, Evernote and Simple Notes.
  • Notes are targeted because they frequently store passwords, financial details and recovery phrases — high-value information for attackers.
  • The discovery underscores ongoing advances in Android malware techniques, such as human-like evasion and contact-list manipulation seen in other trojans.

Why should I read this?

Because if you install dodgy streaming apps you might be handing crooks the keys to your digital life — including the notes you stash sensitive stuff in. We’ve read the technical bits so you don’t have to; this is a quick heads-up to stop you installing apps from dubious sources and to check what’s saved in your note apps right now.

Context and relevance

This story matters to anyone using Android devices, especially those who sideload IPTV or unofficial streaming apps. It highlights two growing trends: attackers reusing leaked trojan code to speed development, and a shift towards targeting non-traditional data stores (note apps) that users treat as private. Organisations and individuals should treat note-taking apps as high-risk storage and review installation habits, permissions and backup/security practices accordingly.

Author style

Punchy: This isn’t just another banking trojan — it’s clever and invasive. If you care about account safety and privacy, read the detail and act.

Source

Source: https://therecord.media/malware-streaming-apps-android