A newly discovered Android banking trojan known as OverlayPhantom is raising concerns among cybersecurity researchers after evidence revealed that the malware is actively targeting banking, financial, and cryptocurrency users across multiple Western countries. 

The malware campaign, uncovered by Cyble Research and Intelligence Labs (CRIL), demonstrates how modern threat actor groups are combining social engineering, remote device control, phishing overlays, and real-time surveillance capabilities into a single malicious framework. 

According to researchers, OverlayPhantom has been active since May 2025 and is currently targeting more than 180 applications across 10 countries, including...