Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

RewardDropMiner Android dropper activity delivering spyware and a Monero miner

Malware Activity
First reported
Last updated
Happening score
H score 12
1 unique sources, 1 articles

Summary

Hide ▲

Android dropper activity linked to RewardDropMiner is now delivering SMS stealers, spyware, and a remotely activatable Monero miner, expanding what a single installer can place on Android devices. The droppers are disguised as government and banking apps, with targeting concentrated in India and other parts of Asia. The modular design hides the payload behind a fake "Update" flow and lets operators swap components as defenses change.

Related Happenings

NGate malware trojanized HandyPay NFC-stealing variant

Malware Activity
First: 21.04.2026 12:00 Last: 21.04.2026 12:00 Sources 1

About this happening: A **new NGate variant** is stealing **NFC payment data** from **Android users in Brazil**, raising the risk of **unauthorized purchases** and **ATM cash withdrawals**. The malware...

Open Happening

Perseus Android malware family actively distributed in the wild

Malware Activity
First: 19.03.2026 14:43 Last: 19.03.2026 14:43 Sources 1

About this happening: The **Perseus** **Android malware** family is being actively distributed in the wild, putting infected devices at risk of **device takeover** and **financial fraud**. It spreads t...

Open Happening

Perseus Android note-stealing and remote-control malware activity

Malware Activity
First: 19.03.2026 12:13 Last: 19.03.2026 12:13 Sources 1

About this happening: The **Perseus** Android malware is now being used to inspect user notes for secrets, creating theft risk for **passwords**, **recovery phrases**, and **financial data**. It is als...

Open Happening

IPTV app lure campaign distributing Massiv Android banking malware

Campaign
First: 19.03.2026 12:13 Last: 19.03.2026 12:13 Sources 1

About this happening: A **recent IPTV app lure campaign** is distributing **Massiv Android banking malware**, putting users who seek **free or low-cost live sports broadcasts** at risk of device compro...

Open Happening

BeatBanker Android phishing campaign targeting Brazilian users

Campaign
First: 12.03.2026 09:56 Last: 12.03.2026 09:56 Sources 1

About this happening: A **BeatBanker** Android phishing campaign is targeting **Brazilian users**, creating a risk of device compromise and payment theft. The lure uses **Google Play Store** lookalike...

Open Happening

Timeline

  1. 01.09.2025 20:28 2 articles · 8mo ago

    RewardDropMiner delivers spyware and a remotely activatable Monero miner

    Initial Disclosure

    Android dropper activity targeting users in India and other parts of Asia is delivering spyware payloads and, in the RewardDropMiner variant, a Monero cryptocurrency miner that can be activated remotely. The same ecosystem includes droppers such as SecuriDropper, Zombinder, BrokewellDropper, HiddenCatDropper, and TiramisuDropper, which use fake government or banking app lures and a harmless-looking 'Update' screen to evade Google Play Protect and the targeted Pilot Program.

    Show sources
    Open in new tab