"Through Accessibility-based remote sessions, the malware enables real-time monitoring and precise interaction with infected devices, allowing full device takeover and targeting various regions, with a strong focus on Turkey and Italy. Beyond traditional credential theft, Perseus monitors user notes, indicating a focus on extracting high-value personal or financial information."
"Perseus is built upon the foundations of Cerberus and Phoenix, at the same time evolving into a more flexible and capable platform for compromising Android devices through dropper apps distributed via phishing sites."
"ThreatFabric's analysis has uncovered that the malware expands on the Phoenix codebase, with the threat actors likely relying on a large language model (LLM) to assist with the development. This is based on indicators such as extensive in-app logging and the presence of emojis in the source code."
Perseus is a newly disclosed Android malware family built on Cerberus and Phoenix foundations, distributed through dropper apps via phishing sites. The malware leverages Android's accessibility service to enable real-time device monitoring and full device takeover. Beyond credential theft, Perseus monitors user notes to extract high-value personal and financial information. Threat actors distribute Perseus through masqueraded IPTV service apps, targeting users seeking to sideload premium content. Analysis indicates developers likely used large language models for development, evidenced by extensive in-app logging and emojis in source code. Primary targets include Turkey and Italy.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]