Cybersecurity researchers have disclosed a new Android malware family called Perseus that's being actively distributed in the wild with an aim to conduct device takeover (DTO) and financial fraud.
Perseus is built upon the foundations of Cerberus and Phoenix, at the same time evolving into a "more flexible and capable platform" for compromising Android devices through dropper apps distributed
"Through Accessibility-based remote sessions, the malware enables real-time monitoring and precise interaction with infected devices, allowing full device takeover and targeting various regions, with a strong focus on Turkey and Italy," ThreatFabric said in a report shared with The Hacker News.
"Beyond traditional credential theft, Perseus monitors user notes, indicating a focus on extracting high-value personal or financial information."
Cerberus was first documented by the Dutch mobile security company in August 2019, highlighting the malware's abuse of Android's accessibility service to grant itself additional permissions, as well as steal sensitive data and credentials by serving fake overlay screens.
Following the leak of its source code in 2020, multiple variants have emerged, including Alien, ERMAC , and Phoenix .