Reports about Android malware infecting devices aren’t all that new. There are scrapers, trojans, spyware, adware, and more, and although all kinds of malware can be equally disruptive to the Android experience, some can be especially invasive.
Your phone might be clicking on ads because of these malware-infected apps
Researchers discovered two seperate malware infections embedded in a number of apps
That’s exactly where a new data harvesting variant comes in. Identified as Perseus by the ThreatFabric, the malware builds on its predecessors Cerberus and Phoenix.
What makes the new variant especially invasive is the fact that it can perform targeted data extraction.
The malware can, via accessibility-based remote sessions, capture real-time screenshots, simulate taps, launch apps, toggle a black screen overlay to hide device activity from the user, and a lot more.
However, the report describes one of the malware’s capabilities as completely new and “distinctive.” “Beyond traditional credential theft, Perseus monitors user notes, indicating a focus on extracting high-value personal or financial information,” indicates ThreatFabric.
It can target several note-taking apps, including:
- Google Keep
- Xiaomi Notes
- Samsung Notes
- ColorNote Notepad Notes
- Evernote – Note Organizer
- Microsoft OneNote
- Simple Notes Pro
- Simple Notes
Instead of manually taking over a device to scan for sensitive information, the malware has a command baked in. Once triggered, Perseus can “systematically explore the contents of note-taking applications without user involvement. Combined with its logging capabilities, this allows the malware to capture and record the contents of the notes.”
This is especially useful for threat actors, considering that Notes often contain sensitive data, including passwords, PINs, crypto recovery phrases, and more.
What apps should I stay away from ?
According to ThreatFabric, Perseus is propagating among applications masquerading as IPTV services. Said applications are often distributed outside the Google Play Store, which means they’re downloaded by users that are less likely to question permission requests or Android’s warnings.
Additionally, keep Play Protect on and avoid downloading unnecessary streaming apps from outside the Play Store.
6 privacy settings every Android user should check immediately
Don’t overlook these privacy settings
