Skip to content
logo The magazine for digital lifestyle and entertainment
A brand of Bild
Android CoBi News Security All topics
Act Now

Millions of Devices at Risk: New Trojan Monitors Smartphones

Smartphone With Warning Signal
New Malware Disguises Itself as Harmless App, Often Remains Undetected on Android Devices Photo: Getty Images
Share article

May 8, 2026, 11:37 am | Read time: 2 minutes

Security researchers are warning of a new wave of dangerous malware targeting Android smartphones. The focus is on so-called banking trojans, which are particularly sophisticated. According to the cybersecurity company Zimperium, four new campaigns have been discovered. These are named “RecruitRat,” “SaferRat,” “Astrinox,” and “Massiv.”

Together, they target more than 800 apps, including those in finance and social networking. The attacks could already be affecting millions of devices. Banking trojans are considered especially critical because they give criminals direct access to sensitive account data.

Spread via seemingly legitimate websites

The malware does not end up on devices by chance. According to Zimperium, the attackers deliberately use deceptively real websites. These include fake job portals, streaming sites, and download platforms. Users are prompted to install an app to access content. Those who comply unknowingly install the trojan. During installation, several deception tactics are used. For example, the installation screen looks like a regular update from the Google Play Store. However, in the background, the malware installs itself and requests access to important system areas.

After installation, the trojans take it a step further. They replace their app icon with a transparent graphic, making them invisible on the device. This not only makes them hard to find but also difficult to delete. Additionally, the uninstallation process is manipulated, causing attempts to fail. Simultaneously, the programs mimic familiar interfaces, such as lock screens or log-in pages of banks. The goal is to capture login credentials. Sometimes fake update notifications block the screen to prevent interference.

Also of interest: Deceptively real banking app spies on smartphones in real-time

Live monitoring and coordinated attacks

According to Zimperium, the malware can even transmit screen content to servers in real-time. This allows attackers to see directly what is happening on the device. Through encrypted connections, many infected smartphones can be controlled simultaneously. This is how attackers organize large-scale fraud operations.

Traditional antivirus programs have difficulty detecting the trojans. The reason is that the attackers do not exploit security vulnerabilities but rely on deception. To protect oneself, it is important to be especially cautious with unknown websites and not install apps from unofficial sources.

This article is a machine translation of the original German version of TECHBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@techbook.de.

You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.