Overview
- Security firm Zimperium detailed four active Android trojan campaigns — RecruitRat, SaferRat, Astrinox and Massiv — that target financial and social platforms.
- The operators plant apps on fake job boards, illegal streaming portals and download pages that mimic Google Play update screens to trick users into installing them.
- Once installed, the apps hide by replacing their icon with a transparent image and by interfering with the uninstall process to block removal.
- Several strains stay dormant to evade scans, then download extra payloads and hide code inside ZIP archives to slip past checks.
- Beyond stealing credentials, the trojans can execute transactions and live‑stream a phone’s screen to attacker servers for coordinated fraud, while the true infection count remains unconfirmed and users are urged to use official app stores.