Find notable cyber news and cases, enriched with sources, timelines, and signals.

Android remote access tool abusing Accessibility Services

Malware Activity
First reported
Last updated
Happening score
H score 26
1 unique sources, 1 articles

Summary

Hide ▲

An unnamed Android remote access tool was found abusing Accessibility Services to take over devices, capture screenshots, steal credentials, and block removal. The malware’s always-on C2 connection lets operators push commands, updates, and fake in-app content, making account compromise and persistence harder to stop.

Related Happenings

RedWing Android spyware rented through Telegram

Malware Activity
H score21 First: 08.07.2026 18:30 Last: 08.07.2026 18:30 Sources 1

About this happening: The **RedWing** Android spyware operation is being rented through **Telegram**, lowering the barrier for criminals to hijack phones and steal **banking credentials**. The malware...

RedWing Android bank-fraud malware rental service

Malware Activity
H score21 First: 07.07.2026 20:10 Last: 07.07.2026 20:10 Sources 1

About this happening: The **RedWing** Android malware service is being rented on **Telegram** to steal **banking logins**, **OTPs**, and device control, raising fraud risk for **banking and cryptocurre...

Google Play Protect adds warnings and app disabling for compromised SDK abuse

Security Tool/Service
H score11 First: 03.07.2026 12:35 Last: 03.07.2026 12:35 Sources 1

About this happening: **Google Play Protect** was updated in **July 2026** to **warn Android users automatically** and **disable apps** tied to **compromised SDKs**, limiting abuse of consumer devices...

Rokarolla Android banking trojan activity

Malware Activity
H score26 First: 16.06.2026 16:15 Last: 16.06.2026 16:15 Sources 1

About this happening: The **Rokarolla** **Android banking trojan** is expanding phone-level control on infected devices, letting attackers steal credentials, intercept authentication codes, and hide fr...

Google Gemini on Android notification-injection bypass using Fake Context Alignment

Technical Analysis
H score16 First: 03.06.2026 22:11 Last: 03.06.2026 22:11 Sources 1

About this happening: Researchers found a **notification-based prompt-injection bypass** in **Google Gemini on Android** that could turn hostile notification text into **unauthorized assistant actions*...

Timeline

  1. 30.01.2026 00:08 2 articles · 5mo ago

    Android remote access tool abusing Accessibility Services

    Initial Disclosure

    The payload first requests **Accessibility Services** under the pretext of a security function, then uses that access to gain broad control over the device. That initial permission abuse enables screen capture, input manipulation, and resistance to removal.

    Show sources