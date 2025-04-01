DUBAI, DUBAI, UNITED ARAB EMIRATES, April 1, 2025 /EINPresswire / -- ANY , a leading provider of interactive malware analysis and threat intelligence solutions, has uncovered a new Android malware variant, internally naming it Salvador Stealer. Disguised as a legitimate banking application, this malware is designed to steal sensitive personal and financial data, including net banking credentials and OTPs.

How Salvador Stealer Works

Salvador Stealer follows a two-stage infection chain. It is first delivered as a dropper APK, which silently installs a second-stage payload - the actual banking credential stealer.

Once active, the malware displays a fake banking interface inside the app to trick users into entering their personal and banking details. It also abuses SMS permissions to intercept OTPs and verification codes, allowing attackers to bypass two-factor authentication.

Key findings

· Two-stage infection chain: Dropper APK installs the banking stealer payload.

· Phishing-based credential theft: Victims are tricked into entering personal and banking data.

· Real-time exfiltration: Stolen information is sent to a phishing server and Telegram C2.

· OTP interception: The malware captures incoming SMS messages to steal OTPs.

· Persistence techniques: Automatically restarts after being stopped and survives device reboots.

· Exposed infrastructure: Publicly accessible admin panel and attacker's contact information.

To explore the full technical analysis and see how Salvador Stealer operates in real time, visit the detailed report on the ANY Blog .

About ANY

ANY is a leading provider of interactive malware analysis and threat intelligence solutions. Trusted by over 15,000 companies and more than 500,000 cybersecurity professionals worldwide, ANY empowers security teams to detect, analyze, and investigate cyber threats in real time across Windows, Linux, and Android environments. Every day, the platform processes more than 20,000 malware samples, helping organizations stay ahead of evolving cyber threats.

