ANY.RUN Uncovers Salvador Stealer: A New Android Malware Targeting Banking Credentials
DUBAI, DUBAI, UNITED ARAB EMIRATES, April 1, 2025 /EINPresswire.com/ -- ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions, has uncovered a new Android malware variant, internally naming it Salvador Stealer. Disguised as a legitimate banking application, this malware is designed to steal sensitive personal and financial data, including net banking credentials and OTPs.
๐๐จ๐ฐ ๐๐๐ฅ๐ฏ๐๐๐จ๐ซ ๐๐ญ๐๐๐ฅ๐๐ซ ๐๐จ๐ซ๐ค๐ฌ
Salvador Stealer follows a two-stage infection chain. It is first delivered as a dropper APK, which silently installs a second-stage payload โ the actual banking credential stealer.
Once active, the malware displays a fake banking interface inside the app to trick users into entering their personal and banking details. It also abuses SMS permissions to intercept OTPs and verification codes, allowing attackers to bypass two-factor authentication.
๐๐๐ฒ ๐๐ข๐ง๐๐ข๐ง๐ ๐ฌ
ยท ๐ง๐๐ผ-๐๐๐ฎ๐ด๐ฒ ๐ถ๐ป๐ณ๐ฒ๐ฐ๐๐ถ๐ผ๐ป ๐ฐ๐ต๐ฎ๐ถ๐ป: Dropper APK installs the banking stealer payload.
ยท ๐ฃ๐ต๐ถ๐๐ต๐ถ๐ป๐ด-๐ฏ๐ฎ๐๐ฒ๐ฑ ๐ฐ๐ฟ๐ฒ๐ฑ๐ฒ๐ป๐๐ถ๐ฎ๐น ๐๐ต๐ฒ๐ณ๐: Victims are tricked into entering personal and banking data.
ยท ๐ฅ๐ฒ๐ฎ๐น-๐๐ถ๐บ๐ฒ ๐ฒ๐ ๐ณ๐ถ๐น๐๐ฟ๐ฎ๐๐ถ๐ผ๐ป: Stolen information is sent to a phishing server and Telegram C2.
ยท ๐ข๐ง๐ฃ ๐ถ๐ป๐๐ฒ๐ฟ๐ฐ๐ฒ๐ฝ๐๐ถ๐ผ๐ป: The malware captures incoming SMS messages to steal OTPs.
ยท ๐ฃ๐ฒ๐ฟ๐๐ถ๐๐๐ฒ๐ป๐ฐ๐ฒ ๐๐ฒ๐ฐ๐ต๐ป๐ถ๐พ๐๐ฒ๐: Automatically restarts after being stopped and survives device reboots.
ยท ๐๐ ๐ฝ๐ผ๐๐ฒ๐ฑ ๐ถ๐ป๐ณ๐ฟ๐ฎ๐๐๐ฟ๐๐ฐ๐๐๐ฟ๐ฒ: Publicly accessible admin panel and attackerโs contact information.
To explore the full technical analysis and see how Salvador Stealer operates in real time, visit the detailed report on the ANY.RUN Blog.
๐๐๐จ๐ฎ๐ญ ๐๐๐.๐๐๐
ANY.RUN is a leading provider of interactive malware analysis and threat intelligence solutions. Trusted by over 15,000 companies and more than 500,000 cybersecurity professionals worldwide, ANY.RUN empowers security teams to detect, analyze, and investigate cyber threats in real time across Windows, Linux, and Android environments. Every day, the platform processes more than 20,000 malware samples, helping organizations stay ahead of evolving cyber threats.
The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
X
LinkedIn
YouTube
Distribution channels: Banking, Finance & Investment Industry, Companies, IT Industry, International Organizations, Technology
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
Submit your press release