Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Hook Android banking Trojan GitHub distribution campaign

Campaign
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

A Hook malware operation is now using GitHub to distribute malicious Android Package Kit (APK) files, expanding its reach beyond phishing sites and increasing exposure for Android users. The campaign matters because the latest Hook variant combines credential theft, device control, and ransomware-style locking. It also demonstrates that repository poisoning is being used as a broader delivery channel for multiple Android malware families.

Related Happenings

Google Android developer verification rollout for sideloaded apps

Security Tool/Service
First: 31.03.2026 21:28 Last: 31.03.2026 21:28 Sources 1

About this happening: Google is rolling out **Android developer verification** for apps distributed outside **Google Play**, tightening sideloading controls to make anonymous abuse harder. The first en...

Open Happening

Google Android Advanced Flow adds safer APK sideloading for unverified developers

Security Tool/Service
First: 21.03.2026 16:18 Last: 21.03.2026 16:18 Sources 1

About this happening: **Google** is rolling out **Advanced Flow** on **Android** to let power users sideload APKs from **unverified developers** with more friction and warnings, reducing the risk of **...

Open Happening

Shai-Hulud Chrome extension trojanized backdoor with wallet mnemonic theft

Malware Activity
First: 31.12.2025 18:29 Last: 31.12.2025 18:29 Sources 1

About this happening: The **Shai-Hulud** supply-chain operation delivered a trojanized **Google Chrome extension** build with a backdoor that could steal **wallet mnemonic phrases**, creating a direct...

Open Happening

DroidLock Android malware with ransom lock and device-control capabilities

Malware Activity
First: 10.12.2025 23:53 Last: 10.12.2025 23:53 Sources 1

About this happening: The **DroidLock** Android malware can **lock victim screens for ransom** and steal **messages, call logs, contacts, and audio recordings**, putting infected users at immediate ext...

Open Happening

Android framework information disclosure and elevated-access flaws under limited targeted exploitation (multiple vulnerabilities)

Vulnerability
First: 02.12.2025 13:15 Last: 02.12.2025 13:15 Sources 1

About this happening: **Google** patched **CVE-2025-48633** and **CVE-2025-48572**, two **Android framework** flaws that may be under **limited, targeted exploitation**, leaving **Android 13-16** devic...

Open Happening

Timeline

  1. 26.08.2025 20:39 1 articles · 9mo ago

    Hook Android Trojan spreads through GitHub APK repositories

    Initial Disclosure

    Threat actors are using GitHub to distribute malicious Android Package Kit (APK) files tied to the Hook Android banking Trojan, expanding exposure for Android users beyond phishing websites. The same Hook variant adds a ransomware-style full-screen overlay, a fake NFC screen, deceptive PIN and pattern prompts, transparent overlays that capture gestures, screen-streaming, abuse of Android Accessibility Services, and support for 107 remote commands, including 38 added in the latest variant.

    Show sources
    Open in new tab