This repository contains the source code of several Android banking malware families, shared strictly for educational and research purposes. The goal is to help malware analysts, cybersecurity researchers, and students understand how modern mobile banking threats work.
A powerful Android malware with VNC-like remote access, keylogging, screen streaming, and real-time control of infected devices. Often used for banking fraud and account takeover via Accessibility Service abuse.
GitHub Link
Successor to Cerberus. Alien can perform overlay attacks, steal credentials, intercept SMS messages (for 2FA), and log keystrokes. It targets hundreds of banking apps globally.
Variants included: v1.03.5 Beta, v2, Electro, v4, v10
Originally sold as MaaS (Malware-as-a-Service), Cerberus became one of the most influential Android banking trojans. It features overlay injection, SMS theft, keylogging, and remote commands.
A modular Android botnet with functions such as application harvesting, SMS interceptor, push notification hijacking, and basic remote access. Used for financial data theft and fraud automation.
Built upon Cerberus codebase. Octo offers advanced screen streaming (like VNC), keylogging, and background interaction — meaning it can control the device without showing any visible UI changes to the victim.
📅 This source was collected on August 4, 2024, for research and archival purposes.
One of the most advanced and recent Android banking trojans. Features include overlay attacks, encrypted C2 communication, app harvesting, injection via Accessibility, and targeting of over 400 banking apps.
This project is for educational use only. Any misuse of the code for malicious purposes is strictly forbidden. The uploader does not promote or support cybercrime in any form.
Credits: telegram, @realgasx