New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data
The Hacker News • • technology
Key Points:
- Researchers have uncovered a new Android malware family called Perseus, designed for device takeover and financial fraud, primarily targeting users in Turkey, Italy, and several other countries by masquerading as IPTV service apps.
- Perseus builds upon earlier malware like Cerberus and Phoenix, using dropper apps distributed via phishing sites and leveraging Android's accessibility services to perform real-time remote control, overlay attacks, keystroke logging, and fraudulent transactions.
- The malware employs advanced features such as monitoring notes apps for sensitive information, issuing remote commands through a command-and-control panel, and conducting environment checks to evade detection and ensure operation on real devices.
- Threat actors behind Perseus likely used a large language model to aid development, as indicated by extensive logging and emojis
