New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft
New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft
16.02.2026 11:37
π 0
π 1
π¬ 0
π 0
Apple Tests End-to-End Encrypted RCS Messaging in iOS 26.4 Developer Beta
Apple Tests End-to-End Encrypted RCS Messaging in iOS 26.4 Developer Beta
17.02.2026 07:38
π 1
π 1
π¬ 0
π 0
Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices
Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices
12.02.2026 07:26
π 2
π 2
π¬ 0
π 0
Malicious App on The Google Play with 50K+ Downloads Deploy Anatsa Banking Malware
A dangerous banking malware called Anatsa has been discovered spreading through the Google Play Store, reaching more than fifty thousand downloads before detection.
The malicious application was cleverly hidden as a document reader, making it appear harmless to unsuspecting users searching for legitimate file management tools.
This discovery highlights how cybercriminals continue to exploit official app stores as distribution channels for sophisticated financial threats targeting Android users worldwide.
The Anatsa banking trojan is particularly concerning because it specifically targets banking credentials and sensitive financial information from infected devices.
The malware operates as an installer that downloads and deploys the full Anatsa banking trojan payload once the initial application gains access to a device.
Users who downloaded and installed this fake document reader application unknowingly gave the malware permission to operate with elevated access, creating a gateway for financial theft and personal data extraction .
The distribution method through Googleβs official marketplace made this attack particularly effective, as users typically trust applications found on authorized platforms.
This represents a significant breach in app store security screening processes, demonstrating how malicious developers continue to evade detection systems.
Zscaler ThreatLabz analysts identified this malicious application and immediately began tracking its distribution network and associated command-and-control infrastructure.
The security researchers confirmed the malwareβs connection to banking theft operations and provided detailed technical indicators to help other security teams detect infected devices.
ThreatLabz has identified another malicious app on the Google Play Store disguised as a document reader. The app currently has over 50K downloads and serves as an installer for the Anatsa banking trojan. IOCs below: Google Play URL:β¦ pic.twitter.com/fAuREdKiQF β Zscaler ThreatLabz (@Threatlabz) February 2, 2026
Their investigation revealed the attack chain and documented how the malware communicates with external servers to receive commands and exfiltrate stolen banking information.
Analyzing the Malwareβs Infection and Communication Mechanism
Understanding how Anatsa establishes persistence on infected Android devices is crucial for users and security professionals seeking to prevent compromise.
Once installed, the banking trojan integrates itself into the operating system and actively monitors user activity, particularly focusing on banking application interactions.
When users open their banking applications or enter financial credentials, the malware captures this sensitive information through overlay attacks and credential logging techniques.
The malware then communicates with command-and-control servers located at specific IP addresses, transmitting stolen banking details directly to threat actors.
This direct connection to attacker-controlled infrastructure means compromised devices remain under active threat actor control, continuously feeding banking information and session tokens to criminal operations.
Security researchers recommend users immediately remove any suspicious document reader applications, verify app authenticity through official channels, and enable multi-factor authentication on all banking accounts to mitigate potential compromise risks.
Follow us onΒ Google News ,Β LinkedIn ,Β andΒ X Β to Get More Instant Updates ,Β Set CSN as a Preferred Source inΒ Google .
The post Malicious App on The Google Play with 50K+ Downloads Deploy Anatsa Banking Malware appeared first on Cyber Security News .
Malicious App on The Google Play with 50K+ Downloads Deploy Anatsa Banking Malware
03.02.2026 07:35
π 0
π 1
π¬ 0
π 0
experienced engineers: one change, test, one change, test
junior engineers: batch everything because they're in a hurry
this is exactly backwards
the person least capable of batching is the one most likely to batch
28.01.2026 01:33
π 50
π 17
π¬ 3
π 2
New AI-Android Malware that Auto Clicks Ads from the Infected Devices
A dangerous Android malware campaign has emerged, targeting users through mobile games and pirated streaming app modifications.
The threat, known as Android.Phantom, employs machine learning technology to perform automated ad-click fraud on infected smartphones.
Over 155,000 downloads of compromised games have been recorded, with additional infections spreading through modified versions of Spotify, YouTube, Netflix, and Deezer across unofficial platforms.
Spotify Plus website (Source β Dr.Web)
The malware propagates through several channels, including the official GetApps store for Xiaomi devices, where six infected games from developer SHENZHEN RUIREN NETWORK CO., LTD. were discovered.
These apps initially launched without malicious code, but updates released in late September introduced the Android.Phantom trojan.
GetApps distributing Trojans (Source β Dr.Web)
Distribution extends beyond official stores to dedicated modding websites, Telegram channels attracting tens of thousands of subscribers, and Discord servers where administrators actively promote infected downloads.
Dr.Web researchers noted that Android.Phantom operates using two distinct modes called phantom and signaling. The malware connects to attacker-controlled command servers that dictate its behavior patterns.
Its sophisticated design incorporates TensorFlowJS, a machine learning framework that enables intelligent identification and automated clicking of advertising elements displayed within hidden browsers running on infected devices.
The threat consists of multiple interconnected components. Android.Phantom.2.origin serves as the primary variant, later enhanced by Android.Phantom.5, which functions as a dropper delivering remote code loaders.
These loaders retrieve additional click-fraud modules designed for specific advertising platforms.
How the Machine Learning Attack Works
The phantom mode represents the malwareβs most advanced capability, utilizing artificial intelligence for fraudulent ad interactions.
Android.Phantom.2.origin deploys a hidden browser based on WebView widget technology, loading target websites as directed by command servers.
Spotify X with approximately 24,000 subscribers (Source β Dr.Web)
The malware then injects JavaScript automation scripts alongside the TensorFlowJS framework.
An AI model downloaded from external servers analyzes webpage screenshots captured from a virtual screen, identifying clickable advertisement components.
This intelligent approach mimics genuine user behavior, making fraudulent clicks harder for advertising networks to detect compared to basic automated scripts.
Follow us onΒ Google News ,Β LinkedIn ,Β andΒ X Β to Get More Instant Updates ,Β Set CSN as a Preferred Source inΒ Google .
The post New AI-Android Malware that Auto Clicks Ads from the Infected Devices appeared first on Cyber Security News .
New AI-Android Malware that Auto Clicks Ads from the Infected Devices
22.01.2026 08:45
π 0
π 1
π¬ 0
π 0
Why iPhone users should update and restart their devices now
Apple has confirmed active exploitation, but full protections are limited to iPhones running iOS 26+ (yes, the one with Liquid Glass).
Upgrading requires a restart, which makes this a win-win: you get the latest protections, and any memory-resident malware is flushed at the same time.
13.01.2026 14:19
π 5
π 4
π¬ 0
π 0
Q4 2025 Malware Trends: Telegram Backdoor, Banking Trojans Surge, Joker Returns to Google Play
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
π£β οΈ New Q4 2025 malware report reveals a rise in Android banking trojans, resurgence of Joker malware on Google Play, and widespread use of backdoored apps.
Read: hackread.com/q4-2025-malw...
#CyberSecurity #Android #Malware #MobileThreats #Trojan
13.01.2026 12:42
π 0
π 1
π¬ 0
π 0
Astaroth Banking Trojan Targets Brazilians via WhatsApp Messages
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
Watch out as the Astaroth banking Trojan is now spreading via #WhatsApp messages in a Brazil-focused campaign, using friendly-looking ZIP files to auto-infect contacts and steal banking credentials and data.
Read: hackread.com/astaroth-ban...
#Astaroth #Malware #Cybersecurity #Banking #Brazil
08.01.2026 21:17
π 0
π 1
π¬ 0
π 0
WhatsApp Vulnerabilities Leaks Userβs Metadata Including Deviceβs Operating System
WhatsApp Vulnerabilities Leaks Userβs Metadata Including Deviceβs Operating System
05.01.2026 17:15
π 0
π 1
π¬ 0
π 0
Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks
Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks
05.01.2026 17:55
π 0
π 1
π¬ 0
π 0
Mobile devices are the main gateway to our money, identity, and personal lives. And with mobile users 39% more likely to click a link on their phone than on their laptop, protecting your device is more important than ever.
Learn more in our Android threat report.
https://bit.ly/4pLuoOq
17.12.2025 14:55
π 3
π 2
π¬ 0
π 0
Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App
Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App
18.12.2025 09:38
π 0
π 1
π¬ 0
π 0
New Android Malware Mimic as mParivahan and e-Challan Attacking Android Users to Steal Login Credentials
New Android Malware Mimic as mParivahan and e-Challan Attacking Android Users to Steal Login Credentials
15.12.2025 14:31
π 0
π 1
π¬ 0
π 0
Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users
Apple 0-Day Vulnerabilities Exploited in Sophisticated Attacks Targeting iPhone Users
13.12.2025 02:54
π 0
π 1
π¬ 0
π 0
Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features
Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features
08.12.2025 11:33
π 1
π 1
π¬ 0
π 0
Malicious Document Reader App in Google Play With 50K Downloads Installs Anatsa Malware
Malicious Document Reader App in Google Play With 50K Downloads Installs Anatsa Malware
08.12.2025 17:49
π 0
π 1
π¬ 0
π 0
