A newly identified Android malware is raising concern for how the OS handles sensitive data. Called Perseus, the new malware targeting Android devices scans your notes to steal your passwords for major apps and websites. This Android Trojan disguises itself as popular streaming apps to target devices.
Once installed, it performs an unusual and highly invasive action. It actively goes through your personal note-taking apps to steal stored passwords, recovery phrases, and other important details.
Threat actors are distributing Perseus through unofficial app stores
According to a report by Threat Fabric, threat actors target Android users who download applications outside the official Google Play Store. Threat actors typically hide the malware payload inside fake IPTV applications. Users often download these apps to watch pirated live sports.
By posing as streaming services, these attackers rely on users bypassing Google Play restrictions and ignoring standard security warnings to sideload the malicious application. Once active, the Perseus malware abuses Android Accessibility Services to scan your notes to steal password data.
The traditional banking trojans focus mainly on intercepting SMS codes or logging keystrokes. However, Perseus introduces a specific function to systematically open and scan your applications in which you save your notes with sensitive information.
The major apps targeted by the Perseus malware
According to the source, the Perseus Android malware targets major note-taking applications, including Google Keep, Xiaomi Notes, Samsung Notes, ColorNote Notepad Notes, Evernote – Note Organizer, Microsoft OneNote, Simple Notes Pro, and Simple Notes. The malware reads the text inside these apps, looking for account passwords, crypto recovery phrases, and bank details.
The researchers of the report have pointed out that this is the first time they’ve observed an Android malware specifically designed to scrape personally curated text files for sensitive information. Furthermore, the source suggests that Perseus runs extensive checks on device hardware, battery data, and app count before executing its data thrift routines.
As per the report, the Perseus threat campaign is currently targeting Android users in Turkey and Italy. There, it is targeting dozens of local financial institutions and crypto services. To stay safe, Android users should download apps exclusively from official channels and completely avoid third-party APK files.
The post Android Perseus Malware Scans Your Personal Notes for Passwords appeared first on Android Headlines.
​Â
