Frogblight banking Trojan targets Android users in Turkey
Essential information
- Published
- 15/12/2025 13:00
- Modified
- 21/12/2025 19:03
- Tags
- 2025-12-15 android banking trojan coper frogblight persistence remote access smishing spyware turkey
- Related entities
- 6 observables, 6 others
Description
A new Android banking Trojan called Frogblight has been discovered targeting users in Turkey. Initially disguised as an app for accessing court case files, it later adopted more universal disguises like the Chrome browser. Frogblight can steal banking credentials through official government websites and has spyware capabilities to collect SMS messages, app lists, and device information. It can also send arbitrary SMS messages. The malware has been actively updated with new features, indicating ongoing development. Distribution likely occurs through smishing attacks convincing users they are involved in court cases. Frogblight uses sophisticated techniques for remote device control, persistence, and protection against deletion. The majority of victims are located in Turkey, and the developers likely speak Turkish.