banking applications Archives

AppWizard

December 4, 2025

Android now warns before you open banking apps during risky calls

Google is adding new in-call scam protection tools to Android for users in the United States. The feature warns users when they share screens with unknown numbers during financial app calls and includes a 30-second alert to prevent sharing sensitive banking details. This protection has already been rolled out in the UK, India, and Brazil and applies to calls involving banking applications and peer-to-peer payment platforms.

AppWizard

December 3, 2025

Android scam protection pilot pauses screen sharing after opening bank apps

Android is rolling out enhanced scam protection features in the United States to combat sophisticated social engineering tactics. For users on calls with unrecognized numbers, Android 11 and later versions will activate a warning when screen sharing is enabled while accessing banking applications. This warning appears as a pop-up with a red "End call now" button, which also terminates the screen-sharing session. The alert introduces a 30-second delay before users can proceed, disrupting scammers' tactics that create urgency. Earlier this year, this feature was tested in the UK, helping thousands of users avoid financial losses. The initiative is being piloted in the US in collaboration with fintech companies and major banks.

AppWizard

November 29, 2025

The Spy in Your Pocket: How Ordinary Android Apps Are Turning Into Dangerous Spyware

Numerous commonly used Android applications, often appearing harmless, can contain malicious code that functions as spyware. These applications, which include phone cleaners, file managers, and wallpaper apps, can record screens, capture keystrokes, access microphones and cameras without consent, and transmit data to unknown servers. Uninstalling these apps may not eliminate the threat, as they can remain hidden. Users often grant unnecessary permissions to these apps, inadvertently allowing cybercriminals access to personal data. Recent cybersecurity assessments indicate a rise in mobile malware attacks, particularly in India, where weak enforcement and low awareness contribute to the problem. Spyware can drain device resources, leading to rapid battery depletion and lagging performance. Additionally, these apps can steal personal information, enabling identity theft and ongoing repercussions. Trusting apps solely based on their presence in the Play Store is a misconception, as modern spyware can bypass initial checks. To stay safe, users should verify developers, decline unnecessary permissions, conduct security scans, avoid third-party APKs, and keep their devices updated.

AppWizard

November 26, 2025

This new Android malware can control your phone and swipe your banking data

A new malware called Sturnus spreads through sideloaded APKs and can steal chats, banking information, and control devices. It reads decrypted chats, creates fake banking overlays, and can remotely access Android devices. Sturnus disguises itself with fake Android update screens, and users in Europe have already fallen victim to it. The malware is primarily spread through attachments sent via messaging applications and exploits Accessibility settings to read screen content and impose overlays on banking applications. Google has not detected this malware in the Google Play Store, thanks to Play Protect's scanning efforts. Users are advised to exercise caution when downloading APKs.

Tech Optimizer

November 25, 2025

Protect sensitive data with dynamic data masking for Amazon Aurora PostgreSQL

Amazon Aurora PostgreSQL-Compatible Edition has introduced a dynamic data masking feature that provides column-level protection, enhancing security alongside PostgreSQL’s row-level security. This feature is available for Aurora PostgreSQL versions 16.10 and higher, as well as 17.6. Dynamic data masking allows organizations to maintain a single copy of their data while applying role-based access controls, ensuring sensitive information is protected in real-time without data duplication. The pg_columnmask extension enables policy-based masking and runtime query rewriting, allowing different users to see varying levels of data based on their roles. For example, customer service representatives may see only the last four digits of account numbers, while executives see full details. The feature supports compliance with regulations such as GDPR, HIPAA, and PCI DSS. Users can create masking policies using standard SQL commands, and the policies can be defined to utilize built-in or custom functions for data masking.

Tech Optimizer

November 7, 2025

Herodotus Android Banking Malware Takes Full Control Of Device Evading Antivirus

A banking trojan named Herodotus targets Android users globally, operating as Malware-as-a-Service and disguising itself as a legitimate app to lure users into downloading an APK from unofficial sources. Once installed, it gains critical system permissions to perform banking operations on behalf of the user. The malware is primarily distributed through SMS phishing campaigns that lead victims to fraudulent download pages. Herodotus employs overlay attacks to steal credentials and hijack sessions, posing a significant threat to financial security. It uses advanced evasion tactics, including random delays and realistic typing patterns, to avoid detection by traditional antivirus solutions. The trojan captures screen content and keystrokes, allowing real-time monitoring of user activity. Detection is complicated as Herodotus circumvents defenses by installing from unknown sources and executing harmful actions only after obtaining user permissions. Effective defense requires recognizing multiple indicators of compromise, such as suspicious SMS links and behavioral anomalies, which traditional antivirus protection often overlooks.

Tech Optimizer

November 7, 2025

Herodotus Android Banking Trojan Takes Over Devices, Outsmarts Security Tools

A new Android banking Trojan named Herodotus has emerged, operating under the Malware-as-a-Service (MaaS) model and causing significant disruptions in the mobile banking sector. It primarily spreads through SMS phishing campaigns that disguise malicious links as legitimate messages, leading users to counterfeit web pages to download an APK file outside the official Play Store. Upon installation, Herodotus requests critical permissions, including Accessibility, allowing it to overlay fake screens on real banking apps and capture user data. The malware employs deceptive behaviors to evade detection by traditional antivirus solutions, which often fail to recognize it due to their reliance on signature-based and behavior-driven databases. Research indicates that antivirus providers have overlooked the Herodotus threat, highlighting the need for multilayered defense mechanisms. Pradeo’s Mobile Threat Defense (MTD) solution offers continuous monitoring of device behavior, proactive blocking of phishing links, and alerts for risky off-store installations, effectively neutralizing threats before they escalate.

Tech Optimizer

October 23, 2025

Delete the fake VPN app stealing Android users’ money

Malware targeting Android devices has become more sophisticated, with cybercriminals deploying fake banking applications and phishing campaigns. A recently identified dangerous app, Mobdro Pro IP TV + VPN, introduces a malware strain called Klopatra, which is used in campaigns against financial institutions. This app appears to be a free streaming platform but installs a banking Trojan and remote-access tool, allowing attackers to steal banking credentials and conduct fraudulent transactions. The infection process involves social engineering tactics to trick users into downloading the app from unofficial sources, and Klopatra can bypass Android's security measures. The rise of fake VPNs, like Mobdro, poses a significant risk, as many users rely on VPNs for privacy and security. Users are advised to take protective measures, including downloading apps only from trusted sources, checking app permissions, using secure VPNs, installing strong antivirus software, monitoring accounts, removing suspicious apps, keeping devices updated, changing passwords, enabling two-factor authentication, and reporting malicious apps.

AppWizard

October 10, 2025

Fake VPN and streaming app infects thousands of Android devices, drains bank accounts

Cybersecurity experts have warned Android users about the Mobdro Pro IP TV + VPN application, which has been identified as a means to distribute the Klopatra banking trojan. This trojan, first discovered in August 2025, is being spread through two active botnets, primarily targeting users in Spain and Italy, with nearly 3,000 confirmed infections. Klopatra allows cybercriminals complete remote access to infected devices, enabling them to read messages, steal login credentials, and execute fraudulent transactions. The malware exploits Android Accessibility Services permissions to carry out its activities. Mobdro Pro IP TV + VPN is distributed outside the Google Play Store, increasing users' vulnerability to such threats. Additionally, a VPN Transparency Report 2025 highlighted security risks in several popular legitimate VPN applications, indicating that some misrepresent their security protocols and may not provide adequate protection.

Tech Optimizer

October 7, 2025

New Fully Undetectable FUD Android RAT Discovered and Publicly Released for Download on GitHub

A new Android Remote Access Trojan (RAT) has appeared on GitHub, described as fully undetectable and capable of bypassing advanced permission and background process restrictions in customized Chinese ROMs like MIUI and EMUI. This malware utilizes a multi-layer dropper to integrate its payload within legitimate applications, allowing it to overcome autostart restrictions and battery optimization features. Upon installation, it escalates privileges to gain comprehensive access to the device, using AES-128-CBC encryption for command-and-control communication to evade detection. The RAT can record and delete call logs, intercept voice calls, manipulate SMS messages, and capture keystrokes through a keylogger. It also has capabilities for live screen captures, camera access, audio and video recording, and clipboard hijacking. Additionally, it can encrypt files and lock the device, demanding a ransom for access. The malware employs social engineering tactics, such as spoofed notifications and phishing prompts, to facilitate credential theft. Its persistence mechanisms allow it to operate with minimal resource usage, making detection difficult. The attacker interface is web-based, enabling control from any standard browser without specialized infrastructure. The public release of this RAT raises concerns about the misuse of open-source repositories for distributing malicious tools, prompting calls for stricter oversight on platforms like GitHub.