Sophisticated Android Banking Trojan Threat Evades Detection via High-Trust Lures

Researchers identified a large-scale Android banking trojan campaign that spreads via fake app packages and deceptive update prompts to obtain persistent Accessibility and MediaProjection privileges. The malware, reported to target 180+ banking, finance, and cryptocurrency apps across 10 countries, injects WebView-based phishing overlays to harvest credentials, streams the device screen to capture verification codes, and exposes a multi-port command-and-control infrastructure (ports 9090–9092) enabling extensive remote control and data exfiltration.