Android threat alert.
BeatBanker Android Trojan spreads via fake Google Play Store pages.
Features include:
• Crypto miner
• Banking overlays targeting Binance, Trust Wallet
• RAT payload via BTMOB Remote Access Trojan
Source: https://securelist.com/beatbanker-miner-and-banker/119121/
Follow TechNadu for threat intel.
I smell a RAT — new Android malware can hack every top phone maker's security, and costs less than a second-hand iPhone
I smell a RAT — new Android malware can hack every top phone maker's security, and costs less than a second-hand iPhone
#Androidmalware #Iphone
https://opr.news/7e371e29260228en_us?link=1&client=ex_global
Download Now
https://opr.as/share
Android’s Accessibility Service is designed to assist users, but it’s being exploited Oblivion can intercept SMS, push notifications, and two-factor authentication codes silently Malware bypasses Accessibility Service, granting attackers full device control without prompts A remote control allows concealed access while the user sees fake overlays
Android Malware Leverages Google Gemini for Adaptive Operations
PromptSpy, a new Android malware, uses Google Gemini AI to adapt and steal sensitive data like PINs and passwords. Learn how it affects your phone.
#PromptSpy, #AndroidMalware, #GoogleGemini, #CyberSecurity, #DataTheft
https://newsletter.tf/android-malware-promptspy-uses-gemini-ai/
New Android malware called PromptSpy uses Google Gemini AI to change its behavior and steal your data. This is the first time AI has been used this way in malware.
#PromptSpy, #AndroidMalware, #GoogleGemini, #CyberSecurity, #DataTheft
https://newsletter.tf/android-malware-promptspy-uses-gemini-ai/
Android users beware: Pre-installed malware can access system data, including private information and banking details
Android users beware: Pre-installed malware can access system data, including private information and banking details
#Keenadu #Androidmalware
https://opr.news/415612fe260223en_us?link=1&client=ex_global
Download Now
https://opr.as/share
ⓘ Tima Miroshnichenko, Google, edited Security researchers have discovered a new pre-installed Android malware, dubbed Keenadu, which is not only extremely dangerous, granting almost complete device privileges to bad actors, but is also nearly impossible to remove without expert help. Sambit Saha, Published 02/23/2026
'The AI model and prompt are predefined in the code and cannot be changed': Experts say PromptSpy is the first known Android malware to use Gemini to ensure infection
'The AI model and prompt are predefined in the code and cannot be changed': Experts say PromptSpy is the first known Android malware to use Gemini to ensure infection
#Gemini #Androidmalware
https://opr.news/44db9eb8260223en_us?link=1&client=ex_global
Download Now
https://opr.as/share
Chinese-developed PromptSpy malware exploits Gemini AI to hack Android devices PromptSpy malware uses Gemini to automate its persistence The malware blocks removal through an AI-guided interface control Gemini interprets screen data and returns actionable gestures Security experts have revealed new findings on PromptSpy, an Android malware whose code contains a predefined prompt and AI configuration that are hardcoded and cannot be changed at runtime.
Android’s AI nightmare begins as malware turns Gemini into a hacking tool
https://fed.brid.gy/r/https://nerds.xyz/2026/02/android-ai-malware-gemini-promptspy/
Keenadu: Android malware that comes preinstalled and can’t be removed by users
Keenadu: Android malware that comes preinstalled and can’t be removed by users
#Keenadu #Androidmalware
https://opr.news/41f8ad4c260218en_us?link=1&client=ex_global
Download Now
https://opr.as/share
Keenadu infiltrated devices by posing as legitimate system components, prompting calls for tighter controls on firmware integrity across manufacturing and supply‑chain pipelines. There’s too little a user can do when hit with a complex Android malware that comes preinstalled on their new smartphone or tablet. Security researchers at Kaspersky have flagged a multifaceted Android malware dubbed Keenadu that can ship preinstalled via device firmware, compromising users before they even complete setup.
Hugging Face infrastructure was recently leveraged in an Android malware campaign distributing thousands of polymorphic APK variants.
The operation relied on user deception, accessibility abuse, and trusted content delivery paths rather than zero-day exploitation - reinforcing the role of social engineering and platform trust in modern mobile threats.
How are teams accounting for abuse of legitimate platforms?
Follow @technadu for balanced infosec reporting.
#Infosec #AndroidMalware #HuggingFace #ThreatIntelligence #MobileSecurity #CyberDefense
TechNadu
Tarnkappe.info
Martin Reitsma
NewsletterTF
NERDS.xyz – Real Tech News for Real Nerds