Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to malware
Malware

Rewardsteal

Rewardsteal is an Android banking Trojan family active primarily in India. Kaspersky reporting cited in the provided content repeatedly identifies Rewardsteal as a banker targeting Indian users, including activity observed in 2024, Q2 2025, Q3 2025, and Q1 2026. It has been described as a banking trojan camouflaged as software purportedly backed by major Indian credit or financial organizations, including ICICI, SBI, Axis, and PM Kisan. The malware is associated with mobile banking-trojan activity rather than general adware or spyware campaigns, and it appears alongside other Android banker families such as Mamont, Faketoken, Creduz, and Coper in Kaspersky’s regional threat reporting. High-confidence details in the content indicate that Rewardsteal specifically targeted users in India; however, the provided material does not include deeper technical specifics such as persistence mechanisms, permissions abuse, command-and-control infrastructure, or concrete indicators of compromise.

Share:
For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial
MITRE ATT&CK

Techniques & procedures

2 distinct techniques documented for this family, organized by ATT&CK tactic.

Credential Access

2 techniques
T1056Input CaptureEvidence2

Среди вредоносного ПО для мобильных устройств самой распространенной угрозой стали троянцы класса Trojan-Banker... Наиболее активными банковскими троянцами стали варианты Mamont (73,5%).

T1555Credentials from Password StoresEvidence1

“exfiltrates browser passwords, messaging app credentials…”

Collection

1 technique
T1056Input CaptureEvidence2

Среди вредоносного ПО для мобильных устройств самой распространенной угрозой стали троянцы класса Trojan-Banker... Наиболее активными банковскими троянцами стали варианты Mamont (73,5%).

ACTIVITY FEED

Recent activity

8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

8 SOURCESView more in app
securelist ruNews
May 18, 2026
Ландшафт угроз для Android за первый квартал 2026 года | Securelist

Mobile banking trojan family mentioned among active banker threats.

Read more
news drweb comNews
Jan 15, 2026
Dr.Web - Doctor Web’s review of virus activity on mobile devices in 2025

Android banking trojan family targeting India, masquerading as apps associated with major financial institutions/government-linked schemes to steal banking data.

Read more
news drweb comNews
Jan 15, 2026
Dr.Web - Doctor Web’s review of virus activity on mobile devices in 2025

Banking trojan family active in India, masquerading as apps associated with major financial institutions to steal banking data.

Read more
the hacker newsNews
Sep 15, 2025
⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More

Rewardsteal is a mobile banking trojan active in India, used to steal financial data from users.

Read more
+4 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.
Start free trial
IOC matching

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping2

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.