Cybersecurity researchers have discovered a new Android malware codenamed “Perseus” that can steal sensitive, high-value information from your mobile phones and even “take over” them completely. The Perseus malware was identified by researchers at ThreatFabric's Mobile Threat Intelligence Team.
According to the ThreatFabric report, the Perseus Android malware represents the next stage in the evolution of mobile malware and builds upon the codebase of earlier malware families like Cerberus and Phoenix. Perseus goes beyond credential theft; it can actively target high-value personal and financial information stored in note-taking apps on your Android phone.
Perseus malware: List of affected note-taking applications
The following note-taking apps were found to be vulnerable to Perseus malware attacks:
5 Ways Perseus Android malware is extremely dangerous
Perseus is an evolved version of earlier threats like Phoenix
As per the researchers, the Perseus mobile malware has adapted to the new Android security features with new techniques and the capability to leverage legitimate system features to remain effective.
Hackers can take full control of your Android phone remotely
Through accessibility-based remote sessions, the Perseus malware “enables real-time monitoring and precise interaction with infected devices,” the researchers said in the report. Regions in Turkey and Italy were found to be heavily targeted by Perseus, with Poland, Germany, France, the UAE and Portugal also affected.
Going beyond credential theft with targeted data collection
According to ThreatFabric researchers, Perseus goes beyond traditional credential theft and can monitor user notes on Android devices, demonstrating its ability to extract high-value information.
To monitor user-created notes on apps, Perseus leverages the Accessibility Services on the targeted device to automate user interactions. “It navigates the UI by iterating over elements, selecting target nodes, and programmatically triggering click actions. After a short delay, it performs a global “back” action to return to the previous screen and continues the process,” the researchers explain. This is how the Perseus malware systematically reads your notes on the note-taking apps. It can thus capture and record the information written in the notes.
Perseus comes protected with inbuilt anti-analysis measures
Perseus comes fortified with inbuilt measures so that it can work undetected. “Extensive environment checks, including detection of tools like Frida, highlight a clear focus on evading analysis and maintaining operational secrecy,” said the report.
Perseus-infected IPTV applications are used to distribute malware
Perseus is “being increasingly used as masquerading for mobile threats distribution,” the researchers said. IPTV applications that offer television content are often distributed outside of official marketplaces like Google Play Store. Mobile users download these APK files, unaware that they are infected with Perseus malware.
How to stay safe from Perseus malware attacks
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
