{“lastseen”:”2025-11-04T14:42:37″,”description”:”Researchers at Cyfirma have investigated Android Trojans capable of stealing sensitive data from compromised devices. The malware spreads by pretending to be trusted apps\u2014like a news reader or even digital ID apps\u2014tricking users into downloading it by accident.\\n\\nIn reality, it\u2019s Android-targeting malware that preys on people who use banking and cryptocurrency apps. And a sneaky one. Once installed, it doesn\u2019t announce itself in any way, but quietly works in the background to steal information such as login details and money.\u200b\\n\\nFirst, it checks if it\u2019s running on a real phone or in a security test system so it can avoid detection. Then, it asks users for special permissions called \u201cAccessibility Services,\u201d claiming these help improve the app but actually giving the malware control over the device without the owner noticing. It also adds itself as a Device Administrator app.\\n\\nImage courtesy of Cyfirma\\n\\nWith these permissions, the Trojan can read what\u2019s on the screen, tap buttons, and fill in forms as if it were the user. It also overlays fake login screens on top of real banking and cryptocurrency apps, so when someone enters their username and password, the malware steals them. \\n\\nSimply put, the Android overlay feature allows an app to appear on top of another app. Legitimate apps use overlays to show messages or alerts\u2014like Android chat bubbles in Messenger\u2014without leaving the current screen.\\n\\nThe Trojan connects to a remote command center, sending information about the phone, its location, and which banking apps are installed. At this point, attackers can send new instructions to the malware, like downloading updates to hide better or deleting traces of its activity. As soon as it runs, the Trojan also silences notifications and sounds so users don\u2019t notice anything out of the ordinary.\\n\\nThe main risk is financial loss: once cybercriminals have banking credentials or cryptocurrency wallet codes, they can steal money or assets without warning. At this point in time the malware targets banking users in Southeast Asia, but its techniques could spread anywhere.\\n\\nAs we rely more on our phones for payments and important tasks, it’s clear that our mobile devices need the same level of protection that we expect on our laptops.\\n\\nMalwarebytes for Android detects these banking Trojans as Android\/Trojan.Spy.Banker.AUR9b9b491bC44.\\n\\n## How to stay safe\\n\\n * **Stick to trusted sources. **Download apps\u2014especially VPNs and streaming services\u2014only from Google Play, Apple\u2019s App Store, or the official provider. Never install something just because a link in a forum or message promises a shortcut.\\n * **Check an app\u2019s permissions. **If an app asks for control over your device, your settings, Accessibility Services, or wants to install other apps, stop and ask yourself why. Does it really need those permissions to do what you expect it to do?\\n * **Use layered, up-to-date protection. **Install real-time anti-malware protection on your Android that scans for new downloads and suspicious activity. Keep both your security software and your device system updated\u2014patches fix vulnerabilities that attackers can exploit.\\n * **Stay informed. **Follow trustworthy cybersecurity news and share important warnings with friends and family.\\n\\n\\n\\n## Indicators of compromise\\n\\nFile name: IdentitasKependudukanDigital.apk\\n\\nSHA-256: cb25b1664a856f0c3e71a318f3e35eef8b331e047acaf8c53320439c3c23ef7c\\n\\nFile Name: identitaskependudukandigital.apk\\n\\nSHA256:19456fbe07ae3d5dc4a493bac27921b02fc75eaa02009a27ab1c6f52d0627423\\n\\nFile Name: identitaskependudukandigital.apk\\n\\nSHA-256: a4126a8863d4ff43f4178119336fa25c0c092d56c46c633dc73e7fc00b4d0a07\\n\\n* * *\\n\\n**We don\u2019t just report on phone security\u2014we provide it**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.”,”published”:”2025-11-04T12:51:34″,”modified”:”2025-11-04T12:51:34″,”type”:”malwarebytes”,”title”:”\\u0026#8220;Sneaky\\u0026#8221; new Android malware takes over your phone, hiding in fake news and ID apps”,”source”:””,”references”:””,”id”:”MALWAREBYTES:725D3DA10B8E0D34E6C0EDCFF8164112″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/11\/sneaky-new-android-malware-takes-over-your-phone-hiding-in-fake-news-and-id-apps”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-11-04T14:42:37″,”description”:”Researchers at Cyfirma have investigated Android Trojans capable of stealing sensitive data from compromised devices. The malware spreads by pretending to be trusted apps\u2014like a…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-24623","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n