This Android malware pretends to be IPTV and steals your information without you knowing it.
A new piece of malware is making its way around Android devices right now. It could steal your bank account information, passwords, and even the notes you have on your phone. Known as Perseus, this malware disguises itself as an IPTV application to deceive its victims. Once installed, it records everything you type and steals information from your phone without your knowledge.
Researchers at ThreatFabric have documented the Perseus malware, describing it as a direct evolution of previous malware such as Cerberus and Phoenix. These malware programs have been causing problems on Android for years, focusing on stealing banking credentials. The difference is that Phoenix goes further, targeting the contents of Notes, the space where users typically store passwords and other sensitive information.
To infect devices, Perseus disguises itself as an IPTV application, a type of service many users are accustomed to installing from outside the Google Play Store. This is precisely what the attackers aim for: to make the installation process appear legitimate. To bypass the security restrictions of Android 13 and later versions, the malware uses a helper installer that also distributes other threats known as Medusa.
According to researchers, the three apps containing the Perseus malware are Roja AppDirect, TvTApp, and PolBox TV. None of them are available on the Google Play Store; they are downloaded from external websites. The Roja AppDirect app, in particular, exploits its well-known name to trick users into believing they are watching a Spanish league match when, in reality, they are exposing their phones to attackers.
The best way to avoid viruses is to refrain from installing apps from outside the Google Play Store, especially IPTV services. It's also advisable to periodically check your device's access permissions via Settings > Accessibility and disable any services you don't recognize.