4 new Android malware families target 800+ apps

Four new Android malware families have been identified by cybersecurity researchers at Zimperium zLabs, actively engaged in campaigns to steal private data from over 800 applications, as reported by HackRead.com.

These malware families, named RecruitRat, SaferRat, Astrinox, and Massiv, employ various tactics like phishing and smishing to trick users into downloading malicious APK files. SaferRat uses fake streaming service websites, while RecruitRat targets job seekers with fake job application files. Astrinox mimics business tools and was found on a fake Apple App Store page, though it currently targets Android. Massiv's distribution method remains unknown.

Once installed, these malware families launch overlay attacks, presenting fake login screens over legitimate banking and crypto apps. They abuse Accessibility Service permissions to freeze the screen, while secretly capturing credentials, contacts, SMS messages, and even recording the screen. They can also intercept one-time passwords (OTPs) sent via text and use keylogging to record every tap. RecruitRat alone reportedly contains over 700 fake login pages.

Source: HackRead