The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

RatOn Android Malware

Sep 19, 2025 2:18:19 PM / by The Hivemind posted in Threat Bulletin, overlay attacks, Accessibility Services abuse, RatOn, Android banking trojan, automated transfer system, cryptocurrency wallet takeover, mobile malware, NFSkate, NFC relay attack

0 Comments

Verticals Targeted: Financial
Regions Targeted: Czech Republic, Slovakia
Related Families: NFSkate

Executive Summary

RatOn is a sophisticated Android banking trojan that integrates NFC relay capabilities with remote access and automated transfer functionalities, marking a notable evolution in mobile fraud tactics.

Read More

Hook Android Banking Trojan Evolves

Sep 2, 2025 12:52:33 PM / by The Hivemind posted in Threat Bulletin, Evolving Threat, Android Malware, ransomware overlay, fake NFC overlay, phishing overlay, Accessibility Services abuse, lockscreen bypass, GitHub malware distribution, financial sector threats, Hook banking trojan

0 Comments

Verticals Targeted: Financial, Enterprises
Regions Targeted: Not specified
Related Families: Ermac, Brokewell

Executive Summary

Hook Version 3 is an advanced Android banking trojan with ransomware, phishing, and lockscreen bypass capabilities, posing significant risks to financial institutions and enterprises. Its distribution via phishing websites and GitHub amplifies its reach, necessitating robust mobile threat defenses.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More