The new banking expert for Android is targeting more than 180 banks, currencies and cryptocurrency in 10 countries.
Cybersecurity company Cyble he says The malware is called OverlayPhantom and is being distributed via malicious URLs that impersonate legitimate software.
Cyble says the malware uses two methods of infection, starting with a downloader that mimics ID Austria, the Austrian government’s identification number, and TikTok. Once installed, OverlayPhantom disguises itself as Google Play Services and abuses Android’s Accessibility Service to gain access to the device.
The malware targets banking, financial and cryptocurrency software in the United States, Australia, Germany, France, Belgium, Finland, the Netherlands, Italy, Spain and the United Kingdom.
The company says that OverlayPhantom can track more than 30 rules, generate real-time visuals, display false overlays and extract information harvested through control and manipulation.
The malware monitors the victim’s past activities and checks whether the program is included in the target list. When a match is found, it displays a fake WebView overlay to match the legitimate application. These attachments can capture usernames, passwords, credit card information, PINs and more.
According to Cyble, the malware can also mimic gestures, change clipboard contents, lock the device’s screen and display fake notifications. The report states that OverlayPhantom uses special command-and-control ports for sending messages, device status reports and screen editing.
Cyble says the malware has been active since May 2025 and was discovered by scanning URLs containing a government header.
Follow us X, Facebook and Telegram
Don’t Miss Out – Sign up to receive email notifications straight to your inbox
Swimming Daily Hodl Mix
 
Disclaimer: The views expressed in Daily Hodl are not financial advice. Investors should do their due diligence before making any risky investments in Bitcoin, cryptocurrency or digital assets. Please note that your transfers and transactions are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend buying or selling any assets including cryptocurrencies, nor is The Daily Hodl a financial advisor. Please note that The Daily Hodl participates in affiliate marketing.
Image Created: Midjourney
