Android

_20.11.2025	Sturnus	_{Sturnus: Mobile Banking Malware bypassing WhatsApp, Telegram and Signal Encryption}	MALWARE	_{Andorid banking}
4.4.23	FastFire	Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware	MALWARE	Android
_21.03.2026	KEENADU	_{Keenadu malware gives an attacker control over a device but appears to be used primarily to facilitate ad fraud}	MALWARE	_ANDROID
_20.03.2026	Perseus	_{Perseus: DTO malware that takes notes}	MALWARE	_ANDROID
_16.03.2026	DRILLAPP	_{Stealthy Backdoor Attack to Real-world Models in Android Apps}	MALWARE	_ANDROID
_12.03.2026	BeatBanker	_{BeatBanker: A dual‑mode Android Trojan}	MALWARE	_Android
_21.02.2026	Android.Phantom	_{Android.Phantom trojans are bundled with modded games and popular apps to infiltrate smartphones. They use machine learning and video broadcasts to engage in click fraud}	MALWARE	_ANDROID
_20.02.2026	PromptSpy	_{PromptSpy ushers in the era of Android threats using GenAI}	MALWARE	_ANDROID
_24.12.2025	Wonderland	Choose Your Fighter: A New Stage in the Evolution of Android SMS Stealers in Uzbekistan	MALWARE	_ANDROID
_24.12.2025	NexusRoute	NexusRoute: Attempting to Disrupt an Indian Government Ministry	MALWARE	_ANDROID
_18.12.2025	DOCSWAP	Kimsuky Distributing Malicious Mobile App via QR Code	MALWARE	_ANDROID
_08.12.2025	SEEDSNATCHER	_{Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases}	MALWARE	_ANDROID
_08.12.2025	FvncBot	_{New FvncBot Android banking trojan targets Poland}	MALWARE	_ANDROID
_02.12.2025	Albiriox	_{Albiriox Exposed: A New RAT Mobile Malware Targeting Global Finance and Crypto Wallets}	MALWARE	_Android
_08.11.2025	LANDFALL	_{LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices}	MALWARE	ANDROID
_01.11.2025	Android/BankBot-YNRK	_{Investigation Report: Android/BankBot-YNRK Mobile Banking Trojan Executive Summary This report covers the analysis and findings related to three Android application packages (APKs)}	MALWARE	Android
29.10.2025	Herodotus	New Android Malware Herodotus Mimics Human Behaviour to Evade Detection	MALWARE	Android
25.10.2025	GHOSTGRAB	Sophisticated Android malware that mines crypto and silently steals banking credentials. EXECUTIVE SUMMARY CYFIRMA is dedicated to providing advanced warning and strategic	MALWARE	Android
05.10.2025	Klopatra	Klopatra: exposing a new Android banking trojan operation with roots in Turkey	MALWARE	Android
09.09.2025	RatOn	The Rise of RatOn: From NFC heists to remote control and ATS	MALWARE	ANDROID
02.09.2025	Silent Gatekeepers	Android Droppers: The Silent Gatekeepers of Malware	MALWARE	Android
30.08.2025	Anatsa	Android Document Readers and Deception: Tracking the Latest Updates to Anatsa	MALWARE	Android
30.08.2025	Android.Backdoor.916.origin	Android backdoor spies on employees of Russian businesses	MALWARE	Android
17.08.2025	ERMAC V3.0	Hunt.io Exposes and Analyzes ERMAC V3.0 Banking Trojan Full Source Code Leak	MALWARE	Android
14.08.2025	PhantomCard	PhantomCard: New NFC-driven Android malware emerging in Brazil	MALWARE	Android
22.07.2025	DCHSpy	Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict	MALWARE	ANDROID
03.06.2025	Crocodilus	Crocodilus Mobile Malware: Evolving Fast, Going Global	MALWARE	Android
22.04.2025	SuperCard X Malware	A novel Android malware offered through a Malware-as-a-Service (MaaS) model, enabling NFC relay attacks for fraudulent cash-outs.	MALWARE	ANDROID
16.04.2025	Android.Clipper	Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?	MALWARE	Android
29.03.2025	Crocodilus	Exposing Crocodilus: New Device Takeover Malware Targeting Android Devices	MALWARE	ANDROID
20.03.2025	Paragon's Adroid Spyware	Virtue or Vice? A First Look at Paragon’s Proliferating Spyware Operations	MALWARE	Android
08.03.2025	BADBOX 2.0	Satori Threat Intelligence Disruption: BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes	MALWARE	Android
27.02.2025	TgToxic	Android trojan TgToxic updates its capabilities	MALWARE	Android
10.02.2025	SparkCat	Take my money: OCR crypto stealers in Google Play and App Store	MALWARE	Android
16.12.2024	NoviSpy	“A Digital Prison”: Surveillance and the suppression of civil society in Serbia	MALWARE	ANDROID
12.12.2024	BoneSpy	Lookout Discovers Two Russian Android Spyware Families from Gamaredon APT	MALWARE	ANDROID
12.12.2024	PlainGnome	Lookout Discovers Two Russian Android Spyware Families from Gamaredon APT	MALWARE	ANDROID
06.12.2024	DroidBot	DroidBot: Insights from a new Turkish MaaS fraud operation	MALWARE	ANDROID
04.11.2024	FakeCall	As part of our ongoing mission to identify emerging threats to mobile security, ...	MALWARE	ANDROID
24.09.2024	Octo2	Octo2: European Banks Already Under Attack by New Malware Variant	MALWARE	Android
09.09.2024	Android SpyAgent	New Android SpyAgent Campaign Steals Crypto Credentials via Image Recognition	MALWARE	Android
26.08.2024	NGate	NGate Android malware relays NFC traffic to steal cash	MALWARE	Android
06.08.2024	LianSpy	LianSpy: new Android spyware targeting Russian users	MALWARE	Android
09.07.2024	GuardZoo	Lookout Discovers Houthi Surveillanceware Targeting Middle Eastern Militaries	MALWARE	Android
01.07.2024	CapraTube	CapraTube Remix \| Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts	MALWARE	Android
01.07.2024	Snowblind	Beware of Snowblind: A new Android malware	MALWARE	Android
30.05.2024	AhMyth	AhMyth is malware that spreads through a few different infection vectors and uses various means to collect and exfiltrate sensitive information from infected devices.	MALWARE	Android
10.05.2024	Coper	Coper is a descendant of ExoBotCompat, which was a rewritten version of Exobot.	MALWARE	Android
27.04.2024	Brokewell	Brokewell: do not go broke from new banking malware!	MALWARE	Android
01.04.2024	Vultur	Android Malware Vultur Expands Its Wingspan	MALWARE	Android
31.03.2024	Vultur	The authors behind Android banking malware Vultur have been spotted adding new technical features, ...	MALWARE	Android
22.03.2024	AndroxGh0st	AndroxGh0st is a Python-based malware designed to target Laravel applications.	MALWARE	Android
13.03.2024	PixPirate	PixPirate: The Brazilian financial malware you can’t see	MALWARE	Android
19.02.2024	Anatsa	Anatsa Trojan Returns: Targeting Europe and Expanding Its Reach	MALWARE	Android
09.02.2024	MoqHao	MoqHao evolution: New variants start automatically right after installation	MALWARE	Android
06.02.2024	Skygofree	Skygofree: Following in the footsteps of HackingTeam	MALWARE	Android
18.01.2024	AndroxGh0st	CISA and FBI Release Known IOCs Associated with Androxgh0st Malware	MALWARE	Android
27.12.2023	Android/Xamalicious	Stealth Backdoor “Android/Xamalicious” Actively Infecting Devices	MALWARE	Android
24.12.2023	Chameleon	Android Banking Trojan Chameleon can now bypass any Biometric Authentication	MALWARE	Android
11.12.2023	SpyLoan	Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths	MALWARE	Android
01.12.2023	FjordPhantom	Promon discovers new Android banking malware, “FjordPhantom”	MALWARE	Android
21.11.2023	Enchant	Enchant malware uses the Accessibility Service feature to target specific cryptocurrency wallets, including imToken, OKX, Bitpie Wallet, and TokenPocket wallet.	MALWARE	Android
11.11.2023	Kamran	Unlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-Baltistan	MALWARE	Android
06.11.2023	SecuriDropper	Droppers are a specific category of malware whose main purpose is to install a payload on an infected device.	MALWARE	Android
01.11.2023	AridViper	Arid Viper disguising mobile spyware as updates for non-malicious Android applications	MALWARE	Android
16.10.2023	SpyNote	The malware has been released on github at https://github.com/EVLF/Cypher-Rat-Source-Code	MALWARE	Android
05.10.2023	GoldDigger	Let's dig deeper: dissecting the new Android Trojan GoldDigger with Group-IB Fraud Matrix	MALWARE	Android
05.10.2023	WyrmSpy	Lookout Attributes Advanced Android Surveillanceware to Chinese Espionage Group APT41	MALWARE	Android
05.10.2023	DragonEgg	Lookout Attributes Advanced Android Surveillanceware to Chinese Espionage Group APT41	MALWARE	Android
03.10.2023	Zanubis	According to cyware, Zanubis malware pretends to be a malicious PDF application. The threat actor uses it as a key to decrypt responses received from the C2 server.	MALWARE	Android
19.09.2023	Hook	According to ThreatFabric, this is a malware family based on apk.ermac. The name hook is the self-advertised named by its vendor DukeEugene. It provides WebSocket communication and has RAT capabilities.	MALWARE	Android
31.08.2023	BadBazaar	ESET researchers have discovered active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code that has previously targeted Uyghurs	MALWARE	Android
03.08.2023	SharkBot	SharkBot is a piece of malicious software targeting Android Operating Systems (OSes).	MALWARE	Android
30.07.2023	CherryBlos	Trend Micro’s Mobile Application Reputation Service (MARS) team discovered two new related Android malware families involved in cryptocurrency-mining and financially-motivated scam campaigns targeting Android users.	MALWARE	Android
22.07.2023	BianLian	Hunting the AndroidBianLian botnet	MALWARE	Android
19.07.2023	DragonEgg	Lookout Attributes Advanced Android Surveillanceware to Chinese Espionage Group APT41	MALWARE	Android
19.07.2023	WyrmSpy	Lookout Attributes Advanced Android Surveillanceware to Chinese Espionage Group APT41	MALWARE	Android
04.07.2023	Neo_Net	Neo_Net has been conducting an eCrime campaign targeting clients of prominent banks globally, with a focus on Spanish and Chilean banks..	MALWARE	Android
30.06.2023	Fluhorse	According to Check Point, this malware features several malicious Android applications that mimic legitimate applications...	MALWARE	Android
30.06.2023	LetMeSpy	Polish security research blog Niebezpiecznik, which first reported the breach and analyzed a dump of the stolen data..	MALWARE	Android
30.05.2023	Predator	Predator: Looking under the hood of Intellexa’s Android spyware	MALWARE	Android
25.05.2023	AhRat	It is rare for a developer to upload a legitimate app, wait almost a year, and then update it with malicious code.	MALWARE	Android
19.05.2023	Triada	It's worth noting that the same technique of modifying the zygote process has also been adopted by another mobile trojan called Triada.	MALWARE	Android
06.05.2023	Nexus	Nexus is the name of a banking trojan targeting Android Operating Systems (OSes). According to the research done by Cyble analysts, Nexus is the rebranded version of the S.O.V.A. banking trojan.	MALWARE	Android
06.05.2023	Predator	Predator is the name of spyware (malicious software) targeting Android users. Between August and October 2021, the attackers utilized zero-day exploits that targeted Chrome and the Android OS to install Predator spyware implants on Android devices, even those that were fully up-to-date.	MALWARE	Android
06.05.2023	Goldoson	Goldoson is an Android malware that compiles a list of installed applications and records the history of Wi-Fi and Bluetooth devices, including GPS locations in close proximity.	MALWARE	Android
06.05.2023	Chameleon	Chameleon is the name of a trojan targeting Android Operating Systems (OSes).	MALWARE	Android
06.05.2023	Fleckpe	Fleckpe is a recently discovered Android Trojan family found on Google Play, which secretly subscribes victims to paid services.	MALWARE	Android
05.05.2023	CryCryptor	New ransomware posing as COVID‑19 tracing app targets Canada; ESET offers decryptor	MALWARE	Android
05.05.2023	RambleOn	Scarcruft Bolsters Arsenal for targeting individual Android devices	MALWARE	Android
20.04.2023	BADCALL	Malware Analysis Report (AR19-252A)	MALWARE	Android
11.04.2023	SOVA ANDROID BANKING	BEWARE: SOVA ANDROID BANKING TROJAN EMERGES MORE POWERFUL WITH NEW CAPABILITIES	MALWARE	Android
18.03.2023	BrasDex	The mobile malware landscape of the LATAM region, more specifically Brazil, has recently risen to prominence in the news due to families like Brata and Amextroll, extending their reach all the way to Europe.	MALWARE	Android
18.03.2023	PixPirate	Between the end of 2022 and the beginning of 2023, a new Android banking trojan was discovered by the Cleafy TIR team. Since the lack of information and the absence of a proper nomenclature of this malware family, we decided to dub it PixPirate, to better track this family inside our internal Threat Intelligence taxonomy.	MALWARE	Android
18.02.2023	RambleOn	The malware has multiple stages, payloads and exfiltrates data from the Android device continually. Below, we describe in simple steps how the malware executes and compromises its victims.	MALWARE	Android
14.02.2023	Clipper	First clipper malware discovered on Google Play	MALWARE	Android
22.01.2023	Wroba	Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking.	MALWARE	Android
22.01.2023	Wroba	Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking.	MALWARE	Android
18.05.2022	Facestealer	Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys	MALWARE	Android
10.05.2022	Joker malware	Joker, a repeat offender, refers to a class of harmful apps that are used for billing and SMS fraud, while also performing a number of actions of a malicious hacker's choice, such as stealing text messages, contact lists, and device information.	MALWARE	Android
10.01.2023	StrongPity backdoor	This StrongPity backdoor has various spying features: its 11 dynamically triggered modules are responsible for recording phone calls, collecting SMS messages, lists of call logs, contact lists, and much more.	MALWARE	Android Backdoor
_24.12.2025	Frogblight	Frogblight threatens you with a court case: a new Android banker targets Turkish users	MALWARE	_{ANDROID BANKING}
05.08.2024	BlankBot	BlankBot - a new Android banking trojan with screen recording, keylogging and remote control capabilities	MALWARE	Android Banking
18.04.2024	SoumniBot	SoumniBot: the new Android banker’s unique techniques	MALWARE	Android Banking
_24.12.2025	Cellik	Meet Cellik - A New Android RAT With Play Store Integration	MALWARE	_{ANDROID RAT}
11.04.2025	SpyNote	Newly Registered Domains Distributing SpyNote Malware	MALWARE	Android RAT
28.03.2025	PJobRAT	PJobRAT makes a comeback, takes another crack at chat apps	MALWARE	ANDROID RAT
30.09.2023	Xenomorph	Xenomorph is a Android Banking RAT developed by the Hadoken.Security actor.	MALWARE	Android RAT
30.09.2023	AndroRAT	Androrat is a remote administration tool developed in Java Android for the client side and in Java/Swing for the Server.	MALWARE	Android RAT
31.08.2023	MMRat	The Trend Micro Mobile Application Reputation Service (MARS) team discovered a new, fully undetected Android banking trojan, dubbed MMRat, that has been targeting mobile users in Southeast Asia since late June 2023.	MALWARE	Android RAT
09.01.2023	SpyNote	Android Spyware is one of the most common kinds of malware used by attackers to gain access to personal data and carry out fraud operations.	MALWARE	Android RAT
20.05.2022	Cytrox	Google's Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users.	MALWARE	Android Spyware
14.06.2022	SeaFlower	How SeaFlower 藏海花 installs backdoors in iOS/Android web3 wallets to steal your seed phrase	MALWARE	Android/iOS