Reports of Android malware infecting devices are nothing new. There are scrapers, trojans, spyware, adware, and more, and while all types of malware can be equally disruptive to the Android experience, some of them can be very invasive.
Your phone may be clicking on ads because of these malware-infected apps
Researchers discovered two separate malware infections embedded in a number of applications
This is where new data collection variants emerge. Identified as Perseus by ThreatFabric, this malware is built on its predecessors Cerberus and Phoenix.
What makes this new variant so invasive is the fact that it can perform targeted data extraction.
This malware can, through accessibility-based remote sessions, capture screenshots in real-time, simulate taps, launch apps, activate a black screen overlay to hide device activity from the user, and more.
However, the report describes one of the malware’s capabilities as completely new and “distinctive.” “In addition to traditional credential theft, Perseus monitors user records, showing a focus on extracting high-value personal or financial information,” ThreatFabric said.
It can target multiple note-taking applications, including:
-
Google Save
-
Xiaomi Notes
-
Samsung Notes
-
ColorNote Notepad Notes
-
Evernote – Notes Organizer
-
Microsoft OneNote
-
Simple Notes Pro
-
Simple Notes
Instead of manually taking over the device to scan for sensitive information, this malware has commands embedded in it. Once triggered, Perseus can “systematically explore the content of note-taking applications without user involvement. Combined with its logging capabilities, this allows the malware to capture and record note-taking content.”
This is especially useful for threat actors, considering Notes often contain sensitive data, including passwords, PINs, crypto recovery phrases, and more.
What apps should I avoid?
According to ThreatFabric, Perseus spreads among applications disguised as IPTV services. These apps are often distributed outside the Google Play Store, meaning they are downloaded by users who are less likely to question Android’s permission requests or warnings.
Additionally, keep Play Protect enabled and avoid downloading unnecessary streaming apps from outside the Play Store.
6 privacy settings every Android user should check immediately
Don’t ignore these privacy settings
PakarPBN
A Private Blog Network (PBN) is a collection of websites that are controlled by a single individual or organization and used primarily to build backlinks to a “money site” in order to influence its ranking in search engines such as Google. The core idea behind a PBN is based on the importance of backlinks in Google’s ranking algorithm. Since Google views backlinks as signals of authority and trust, some website owners attempt to artificially create these signals through a controlled network of sites.
In a typical PBN setup, the owner acquires expired or aged domains that already have existing authority, backlinks, and history. These domains are rebuilt with new content and hosted separately, often using different IP addresses, hosting providers, themes, and ownership details to make them appear unrelated. Within the content published on these sites, links are strategically placed that point to the main website the owner wants to rank higher. By doing this, the owner attempts to pass link equity (also known as “link juice”) from the PBN sites to the target website.
The purpose of a PBN is to give the impression that the target website is naturally earning links from multiple independent sources. If done effectively, this can temporarily improve keyword rankings, increase organic visibility, and drive more traffic from search results.