Frogblight threatens you with a court case: a new Android banker targets Turkish users

Kaspersky researchers identified "Frogblight", an actively developed Android banking Trojan targeting users in Turkey by luring victims with phishing/smishing links to fake government or app pages. The malware abuses WebView to inject JavaScript and capture banking credentials, collects and exfiltrates SMS, contacts, app lists and files, can send arbitrary SMS messages, and maintains persistence via accessibility services and background services; it communicates with C2 via REST or WebSocket and is likely distributed under a MaaS model. The report provides technical details of commands/APIs, evidence of active infections, and IoCs including APK hashes, domains, IPs, GitHub repositories and distribution URLs.