Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to malware
Malware

Fakemoney

Fakemoney is an Android mobile malware/scam app family identified by Kaspersky as fake investment, payout, and financial-service applications. It is described as phishing/scam malware that tricks users with promises of easy earnings, payments, or financial services and then collects victims’ personal data. Kaspersky repeatedly ranked Trojan.AndroidOS.Fakemoney.v among the most prevalent mobile malware detections: it was identified as the most frequently detected mobile malware family in 2024 by share of attacked users, remained highly prevalent in Q3 2024, and in Q2 2025 Kaspersky reported that Fakemoney activity had decreased but it still held the top position among the most frequently detected mobile malware. In Q3 2025, Kaspersky stated that Triada and Fakemoney were the most popular Trojan families, with Fakemoney accounting for 24.6% among the most widespread Trojans. The malware targets Android users and is associated with social-engineering infection vectors via fake apps rather than a specific named threat actor in the provided content. High-confidence identifiers in the content include the family name Fakemoney and the detection name Trojan.AndroidOS.Fakemoney.v.

Share:
For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial
MITRE ATT&CK

Techniques & procedures

1 distinct technique documented for this family, organized by ATT&CK tactic.

Credential Access

1 technique
T1056Input CaptureEvidence1

Fakemoney – fake apps that collect users’ personal data under the guise of providing payments or financial services.

Collection

1 technique
T1056Input CaptureEvidence1

Fakemoney – fake apps that collect users’ personal data under the guise of providing payments or financial services.

ACTIVITY FEED

Recent activity

6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

6 SOURCESView more in app
securelist ruNews
May 18, 2026
Ландшафт угроз для Android за первый квартал 2026 года | Securelist

Android trojan family listed among the top mobile malware detections for the quarter.

Read more
securelistNews
Sep 5, 2025
IT threat evolution in Q2 2025. Mobile statistics

Android scam-app trojan family; activity decreased in Q2 2025 but remained highly prevalent in detections; also referenced as behaviorally similar to droppers that open attacker-provided URLs leading to casinos/phishing.

Read more
securelistNews
Mar 28, 2025
The mobile threat landscape in 2024 | Securelist

Family of Android investment and payout scam apps that showed the highest activity level in 2024.

Read more
securelistNews
May 13, 2021
Q1 2026 Android threat landscape | Securelist

An Android trojan family listed among the most frequently detected mobile malware in Q1 2026.

Read more
+2 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.
Start free trial
IOC matching

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping1

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.