Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Perseus Android malware family actively distributed in the wild

Malware Activity
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

The Perseus Android malware family is being actively distributed in the wild, putting infected devices at risk of device takeover and financial fraud. It spreads through dropper apps on phishing sites and uses Accessibility-based remote sessions to control devices, steal credentials, and hide activity. The malware targets users in Turkey and Italy and can also monitor notes and authorize fraudulent transactions through a C2 panel.

Related Happenings

Grandoreiro and BTMOB banking trojan activity targeting Windows and Android

Malware Activity
First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: The **Grandoreiro** and **BTMOB** trojans are being used in active campaigns against **Windows** and **Android** targets across **Europe** and **Latin America**, increasing the ri...

Open Happening

Google rolls out Android Intrusion Logging in Android Advanced Protection Mode

Security Tool/Service
First: 14.05.2026 16:30 Last: 14.05.2026 16:30 Sources 1

About this happening: Google has released **Android Intrusion Logging** for **Android Advanced Protection Mode**, giving **high-risk Android users** encrypted forensic logs to investigate suspected **s...

Open Happening

Android Intrusion Logging forensic logging rollout for spyware investigations

Security Tool/Service
First: 13.05.2026 09:55 Last: 13.05.2026 09:55 Sources 1

About this happening: **Android** is adding **Intrusion Logging**, an opt-in forensic feature in **Advanced Protection Mode** that preserves device and network activity for suspected spyware compromise...

Open Happening

TrickMo Android banking malware adds TON-based covert command-and-control

Malware Activity
First: 11.05.2026 12:03 Last: 11.05.2026 12:03 Sources 1

About this happening: The **TrickMo Android banking malware** has added **TON-based covert command-and-control**, making its operator infrastructure harder to identify, block, or take down for victims...

Open Happening

TCLBANKER banking trojan activity targeting 59 financial platforms

Malware Activity
First: 08.05.2026 21:12 Last: 08.05.2026 21:12 Sources 1

About this happening: **TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...

Open Happening

Timeline

  1. 19.03.2026 14:43 2 articles · 2mo ago

    Perseus Android malware disclosed with active in-the-wild distribution

    Initial Disclosure

    Cybersecurity researchers disclosed Perseus, a new Android malware family that is actively distributed in the wild for device takeover and financial fraud. The malware is built on Cerberus and Phoenix, spreads through dropper apps on phishing sites and IPTV-themed lures, and uses Accessibility-based remote sessions, overlay attacks, keystroke capture, note monitoring, and C2 commands to steal credentials and authorize fraudulent transactions. Campaigns have primarily targeted Turkey and Italy, with additional activity affecting Poland, Germany, France, the U.A.E., and Portugal.

    Show sources
    Open in new tab