Perseus IPTV-lure distribution campaign targeting Europe and the Middle East
Campaign
Summary
Hide ▲
Show ▼
The Perseus distribution campaign is actively pushing Android malware through phishing sites and IPTV-lure apps, increasing the risk of device takeover and financial fraud across multiple regions. The operation is targeting Turkey, Italy, Poland, Germany, France, the U.A.E., and Portugal, showing broad geographic reach rather than a single-country effort. Once installed, the payload can steal credentials, monitor notes, and support remote fraud through interactive control features.
Related Happenings
Grandoreiro DLL side-loading campaign targeting banks in Portugal
Campaign
First: 27.05.2026 19:10
Last: 27.05.2026 19:10
Sources 1
About this happening:
**Grandoreiro** is running a new **DLL side-loading** campaign against **banks in Portugal**, extending a long-lived banking-malware operation into **2026**. The latest wave uses...
Grandoreiro DLL side-loading campaign targeting banks in Portugal
CampaignAbout this happening: **Grandoreiro** is running a new **DLL side-loading** campaign against **banks in Portugal**, extending a long-lived banking-malware operation into **2026**. The latest wave uses...
TrickMo Android banking trojan variant with TON C2 and network pivots
Malware Activity
First: 12.05.2026 15:50
Last: 12.05.2026 15:50
Sources 1
About this happening:
A new **TrickMo** Android banking trojan variant now uses **The Open Network (TON)** for C2, turning infected phones into **network pivots** and **traffic-exit nodes**. It was obs...
TrickMo Android banking trojan variant with TON C2 and network pivots
Malware ActivityAbout this happening: A new **TrickMo** Android banking trojan variant now uses **The Open Network (TON)** for C2, turning infected phones into **network pivots** and **traffic-exit nodes**. It was obs...
TrickMo C TikTok-lure campaign targeting banking and wallet users in France, Italy, and Austria
Campaign
First: 11.05.2026 18:15
Last: 11.05.2026 18:15
Sources 1
About this happening:
The **TrickMo** operators ran an active **TikTok-themed** campaign between **January and February 2026**, targeting **banking and wallet users** in **France, Italy and Austria**....
TrickMo C TikTok-lure campaign targeting banking and wallet users in France, Italy, and Austria
CampaignAbout this happening: The **TrickMo** operators ran an active **TikTok-themed** campaign between **January and February 2026**, targeting **banking and wallet users** in **France, Italy and Austria**....
TrickMo Android banking malware adds TON-based covert command-and-control
Malware Activity
First: 11.05.2026 12:03
Last: 11.05.2026 12:03
Sources 1
About this happening:
The **TrickMo Android banking malware** has added **TON-based covert command-and-control**, making its operator infrastructure harder to identify, block, or take down for victims...
TrickMo Android banking malware adds TON-based covert command-and-control
Malware ActivityAbout this happening: The **TrickMo Android banking malware** has added **TON-based covert command-and-control**, making its operator infrastructure harder to identify, block, or take down for victims...
CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific
Campaign
First: 08.05.2026 18:08
Last: 08.05.2026 18:08
Sources 1
About this happening:
The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...
CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific
CampaignAbout this happening: The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...
Timeline
-
19.03.2026 14:43 2 articles · 2mo ago
Perseus Android distribution campaign spans multiple regions
Campaign Scope UpdateCybersecurity researchers disclosed Perseus, a new Android malware family actively distributed in the wild through dropper apps on phishing sites and IPTV-lure apps. The campaign targets Android users in Turkey, Italy, Poland, Germany, France, the U.A.E., and Portugal, and the malware is described as built on Cerberus and Phoenix with capabilities for device takeover, credential theft, note monitoring, and remote fraud.
Show sources
- New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data — thehackernews.com — 19.03.2026 14:43
- New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data — thehackernews.com — 19.03.2026 14:43