{
	"id": "6e074cf5-2fe0-4e11-80d2-6168f008c7dc",
	"created_at": "2026-04-06T00:15:02.512363Z",
	"updated_at": "2026-04-10T03:30:33.889064Z",
	"deleted_at": null,
	"sha1_hash": "260f5c5f01dd5759513c00358c7fd8330a8f17c5",
	"title": "New Android trojan targeting over 60 banks and social apps",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 31304,
	"plain_text": "New Android trojan targeting over 60 banks and social apps\r\nPublished: 2024-10-01 · Archived: 2026-04-05 19:53:38 UTC\r\nSince the beginning of this year, ThreatFabric’s threat hunters have discovered several Google Play malware\r\ncampaigns using new modi operandi such as clean dropper apps that effectively evaded all antivirus and Google\r\nPlay protection solutions (Bouncer \u0026 Protect) for months. Unfortunately this was not the only threat this year.\r\nAndroid actors such as ExoBot have also been very busy adding Remote Access Trojan capabilities (SOCKS5 and\r\nVNC) to their software in their attempt to evade fraud detection solutions of financial organizations that mainly\r\nrely on IP-based geolocation and device binding vectors.\r\nThe shift of malware campaigns from desktop (Windows) to mobile (Android) seems largely related to the fact\r\nthat these days most transactions are initiated from mobile devices instead of the desktop. This motivates actors to\r\ninvest in developing solutions that target Android and have the same capabilities as the malware variants that have\r\nbeen evolving on the desktop for years.\r\nSource: https://www.threatfabric.com/blogs/new_android_trojan_targeting_over_60_banks_and_social_apps.html\r\nhttps://www.threatfabric.com/blogs/new_android_trojan_targeting_over_60_banks_and_social_apps.html\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"references": [
		"https://www.threatfabric.com/blogs/new_android_trojan_targeting_over_60_banks_and_social_apps.html"
	],
	"report_names": [
		"new_android_trojan_targeting_over_60_banks_and_social_apps.html"
	],
	"threat_actors": [
		{
			"id": "75108fc1-7f6a-450e-b024-10284f3f62bb",
			"created_at": "2024-11-01T02:00:52.756877Z",
			"updated_at": "2026-04-10T02:00:05.273746Z",
			"deleted_at": null,
			"main_name": "Play",
			"aliases": null,
			"source_name": "MITRE:Play",
			"tools": [
				"Nltest",
				"AdFind",
				"PsExec",
				"Wevtutil",
				"Cobalt Strike",
				"Playcrypt",
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434502,
	"ts_updated_at": 1775791833,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/260f5c5f01dd5759513c00358c7fd8330a8f17c5.pdf",
		"text": "https://archive.orkl.eu/260f5c5f01dd5759513c00358c7fd8330a8f17c5.txt",
		"img": "https://archive.orkl.eu/260f5c5f01dd5759513c00358c7fd8330a8f17c5.jpg"
	}
}