Android banking Trojan OverlayPhantom's recent operation is really ruthless, first disguising as official apps then hijacking accessibility permissions, over 180 financial apps have been targeted. Everyone, be extra cautious when installing apps lately.

View Original
CoinNetwork
Cyble: New malware targets 180 financial and crypto applications
Cyble has discovered the Android banking trojan OverlayPhantom, which overlays more than 180 banks and financial and crypto apps across 10 countries. Through a two-stage infection process, it first disguises itself as an Austrian official identity app with ID Austria or as a TikTok dropper, then disguises itself as Google Play Services and uses accessibility permissions to take control. It can execute more than 30 remote commands, perform real-time screen streaming, display fake overlay layers, and steal sensitive data such as usernames, passwords, card information, and PINs. It has been active since May 2025 and was found masquerading in government-themed investigation websites.
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned