New Android Malware PlayPraetor Infects 11,000 Devices Worldwide
A new malware threat, PlayPraetor, has emerged, targeting Android users worldwide. With over 11,000 infected devices and 2,000 new weekly cases, this campaign is a significant entry from Chinese-speaking threat actors into global financial fraud.
PlayPraetor began as a localized threat but expanded using fake Google Play Store URLs, now infecting devices in Portugal, Spain, France, Morocco, Peru, and Hong Kong. It operates on a malware-as-a-service (MaaS) model, suggesting intensified attacks in the coming weeks.
The malware abuses Android Accessibility Services for real-time control, targeting nearly 200 banking apps and crypto wallets. It uses a resilient multi-protocol C2 setup, including heartbeat checks via HTTP/S, real-time commands via WebSocket, and screen streaming via RTMP. The PlayPraetor C2 panel, a Chinese-language, multi-tenant control hub, enables affiliates to operate independently while using shared infrastructure.
PlayPraetor targets Spanish and French speakers, with 58% of victims in Europe. It offers real-time device control, data exfiltration, and impersonation tools, representing a serious threat to users and financial institutions.
PlayPraetor, with its sophisticated techniques and global reach, poses a significant risk. Users are advised to be cautious when downloading apps and to keep their devices updated. Security researchers continue to monitor the situation, working to mitigate the threat.
Read also:
- InformationWarfare in the Modern Era: Enhancing an Information Strategy for today's Battlefield and Botnet Threats
- Ukraine's Drone Revolution: Rapid Evolution and Countermeasures
- EU's Energy Infrastructure Under Siege: Cyber Attacks Surge 67% in 2025
- Vito Schnabel's Art & Real Estate Fortune Tops €10.4M
