Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
11 distinct techniques documented for this family, organized by ATT&CK tactic.
Switching on the camera and microphone, reading files, stealing contacts and call logs, and tracking location.
Live screen streaming and a keylogger, so operators can watch and control the phone in real time.
Fake login screens, called overlays, that appear over real banking and cryptocurrency apps to steal passwords.
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Android banking malware sold as a subscription service via Telegram. It uses phishing-delivered droppers, staged permission abuse, Accessibility abuse, SMS interception, overlay attacks, call forwarding, live screen streaming, keylogging, remote device control, camera/microphone access, file/contact/call-log theft, location tracking, and can also use infected devices for denial-of-service activity.
Android MaaS spyware with remote-control and credential-theft capabilities. It exfiltrates SMS, contacts, call logs, files, and device metadata; uses overlays to steal banking and cryptocurrency credentials; supports VNC-style live screen control, keylogging, camera/microphone capture, call forwarding abuse, and can launch DDoS attacks from infected devices.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.