Insights, news, education and announcements from PolySwarm | overlay attacks

RatOn Android Malware

Sep 19, 2025 2:18:19 PM / by The Hivemind posted in Threat Bulletin, overlay attacks, Accessibility Services abuse, RatOn, Android banking trojan, automated transfer system, cryptocurrency wallet takeover, mobile malware, NFSkate, NFC relay attack

Verticals Targeted: Financial
Regions Targeted: Czech Republic, Slovakia
Related Families: NFSkate

Executive Summary

RatOn is a sophisticated Android banking trojan that integrates NFC relay capabilities with remote access and automated transfer functionalities, marking a notable evolution in mobile fraud tactics.

Read More

Anatsa Android Banking Trojan Targets US Banks

Jul 18, 2025 2:08:41 PM / by The Hivemind posted in Threat Bulletin, Banker, Banking Trojan, Anatsa, Android Malware, overlay attacks, Google Play Store, credential theft, North America, financial fraud, device takeover, mobile banking

Verticals Targeted: Financial
Regions Targeted: US, Canada
Related Families: None

Read More

Godfather Evolves With Advanced On-Device Virtualization Capabilities

Jun 30, 2025 1:56:44 PM / by The Hivemind posted in Threat Bulletin, Evolving Threat, Android Malware, Godfather Malware, Mobile Banking Trojan, on-device virtualization, cryptocurrency app attacks, accessibility service abuse, overlay attacks, mobile security threats, banking app hijacking

Verticals Targeted: Financial
Regions Targeted: Not specified
Related Families: None

Executive Summary

Industry researchers have identified an advanced evolution of the Godfather banking trojan, which employs on-device virtualization to hijack mobile banking and cryptocurrency applications on Android devices. This sophisticated technique allows attackers to monitor and control user interactions within a virtualized app environment, posing a significant threat to mobile security.

Read More