TsarBot

Description

(Cuble) Cyble Research and Intelligence Labs (CRIL) discovered a new Android banking trojan that uses an overlay attack to target over 750 applications, including banking, finance, cryptocurrency, payment, social media, and e-commerce applications, across multiple regions.

While the malware mainly utilizes overlay attacks to steal credentials, it also carries out various other malicious actions. It is capable of recording and remotely controlling the screen, enabling attackers to monitor and manipulate the device. Additionally, it employs lock-grabbing techniques, keylogging, and intercepting SMS messages.

Names

Name
TsarBot

Category

Malware

Type

• Banking trojan
• Backdoor
• Credential stealer

Information

• https://cyble.com/blog/tsarbot-using-overlay-attacks-targeting-bfsi-sector/

Other Information

Uuid

ecff7a23-a928-40dc-8d8f-8790c55b3be0

Last Card Change

2025-04-21