Bleepingcomputer
Perseus Android Malware Targets User Notes for Sensitive Data Theft
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A new Android malware named Perseus has been identified, actively targeting user notes to extract sensitive information such as passwords and financial data. Distributed via unofficial app stores disguised as IPTV applications, Perseus allows complete device takeover, including screenshot capturing and overlay attacks. The malware primarily affects users in Turkey and Italy, with a focus on financial institutions and cryptocurrency services. Researchers from ThreatFabric report that Perseus is built on the Phoenix codebase, which itself is derived from the Cerberus malware. The malware features two versions: one in Turkish and a more refined English variant that includes enhanced debugging capabilities and extensive logging. Notably, Perseus uses Accessibility Services to scan various note-taking applications, marking a significant shift in malware tactics to target personal data. The malware's dropper can bypass Android 13+ sideloading restrictions, indicating a sophisticated attack vector. This campaign reflects a broader trend of malware evolving to exploit user-generated content for data theft.
Key Points: • Perseus malware targets user notes to steal sensitive information. • The malware is distributed via unofficial stores disguised as IPTV apps. • It primarily affects users in Turkey and Italy, focusing on financial institutions.