Frogblight malware, a new threat targeting Android users in Turkiye, has been identified by Kaspersky, posing a serious risk to banking security.
Discovery and Evolution
The malware was initially spotted by Kaspersky’s Securelist unit in August 2025. It underwent frequent updates in September 2025, enhancing its ability to evade detection by security systems.
Frogblight primarily spreads through SMS phishing. Victims receive messages falsely claiming involvement in legal matters or eligibility for financial aid, prompting them to download malicious apps like 'Davalarım' (MyCourt Cases).
Technical Details and Risks
Upon installation, the app requests invasive permissions, such as SMS access, to collect sensitive information. It masquerades as a legitimate service by opening actual government sites to deceive users. The Trojan records keystrokes, user inputs, and can potentially record audio and steal contacts.
- Targets primarily Android users in Turkiye.
- Spreads via SMS claiming legal or financial issues.
- Begins distribution: 2025-08.
- Evolves quickly: Frequent updates in 2025-09.
- Capabilities include: keystroke logging, audio recording.
Security Measures and Recommendations
Kaspersky advises against downloading APKs from unverified sources. Users should carefully examine app permission requests; standard file viewers should not require access to SMS or storage. The public and businesses in Turkiye are urged to remain vigilant to protect against this malware.
According to reports, some versions disguise as Google Chrome, exploiting common trust in familiar names to enhance their deception tactics. The control panel, themed after frogs, also suggests a sophisticated operation, possibly a malware-as-a-service setup.
