211/69 Monday, April 20, 2026
Cybersecurity researchers from Zimperium zLabs have identified a new Android malware campaign involving four families-RecruitRat, SaferRat, Astrinox, and Massiv-targeting more than 800 banking and cryptocurrency applications globally. The campaign relies on sophisticated social engineering techniques such as phishing and smishing. Examples include fake job recruitment websites that trick victims into downloading malicious APK files (RecruitRat), and fake free video streaming sites used as lures (SaferRat). Some campaigns even mimic the Apple App Store interface to appear legitimate, while actually aiming to install malware on Android devices to steal sensitive data.
A particularly dangerous tactic used by these malware strains is the “blindfold” technique, which abuses Accessibility Services permissions to display a fake screen-such as a “system update” message-overlaying the real interface. While the device appears frozen or updating, attackers secretly access contacts, read SMS messages, and perform overlay attacks by placing fake login screens over legitimate banking apps. Any credentials entered by the user are immediately exfiltrated. Additionally, the malware employs keylogging to capture all keystrokes on the device.
In terms of mitigation, experts warn that these attacks can bypass OTP-based security since the malware can intercept SMS messages in real time. Users are strongly advised to avoid clicking on urgent or suspicious links received via SMS and to never install applications from outside official app stores. It is also important to regularly review app permissions-especially requests for Accessibility Services-and treat any unnecessary or suspicious requests as potential indicators of malware attempting to gain remote control of the device.
Source https://hackread.com/recruitrat-saferrat-astrinox-massiv-android-malware/