New Android Banking Malware ‘Perseus’ Revealed

Cybersecurity researchers from ThreatFabric disclosed a new Android malware family in March 2026 built to conduct device takeover and financial fraud. The malware, named Perseus, is a highly flexible and capable platform distributed through dropper apps disguised as IPTV services.

However, Perseus expands on the leaked source code of its predecessors, Cerberus and Phoenix. Consequently, it evolves into a more dangerous tool for compromising devices through phishing.

Perseus leverages Android’s accessibility service to grant itself extensive permissions. It then launches overlay attacks atop legitimate financial and cryptocurrency apps to steal credentials.

The malware provides operators with a command-and-control panel for remote device control. This allows for authorizing fraudulent transactions and even monitoring victims’ note-taking apps for high-value information.

Campaigns distributing the malware have primarily targeted Turkey, Italy, Poland, Germany, France, the U.A.E., and Portugal. Meanwhile, typical distribution occurs via sideloaded apps masquerading as IPTV services.

“Perseus highlights the continued evolution of Android malware, demonstrating how modern threats build upon established families like Cerberus and Phoenix while introducing targeted improvements,” ThreatFabric observed.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• DeFi Trader’s $50M Swap Blunder Enriches Titan
• Crypto.com Cuts 12% of Staff in Pivot to “AI-Driven ops”
• Bitcoin Outperforms Gold, Silver Amid Market Chaos
• SlowFi DeFi Launch on Bitcoin Triggers Scaling Debate
• Bitcoin Drops Below $70K on Fed Rate Pause, Whale Sales