GhostGrab Android Malware: Dual Threat of Crypto Mining and Data Theft

A new Android malware called GhostGrab is targeting mobile users with a dual-monetization strategy that combines covert cryptocurrency mining with financial data theft. The malware harvests banking credentials, debit card details, and personal information through SMS interception. It also mines Monero cryptocurrency in the background, creating a dual-revenue stream for threat actors. The malware uses advanced persistence techniques and phishing pages to collect sensitive data, which is then transmitted to a Firebase Realtime Database controlled by attackers.

Latest mentioned: 10-28

Earliest mentioned: 10-28

Sources

gbhackers.com securityonline.info

Also Read

PhantomRaven Supply-Chain Attack Infects npm Ecosystem

Koi Security has discovered a massive supply-chain attack called PhantomRaven, which has infected the npm ecosystem with 126 malicious packages downloaded over 86,000 times. The campaign, active since August 2025, steals npm authentication tokens, GitHub credentials, and CI/CD secrets by concealing malicious code in dependencies. The attackers used Remote Dynamic Dependencies (RDD) to bypass security scanners, making the packages appear harmless. The malware executed automatically during installation, performing aggressive reconnaissance and exfiltration. Koi Security noted the use of AI-driven slopsquatting to create plausible-sounding package names, tricking developers into trusting malicious packages.

10-31Read more →