A new cybersecurity threat, Perseus Android malware, has been found targeting note-taking apps like Google Keep and Samsung Notes. It is an evolved version of earlier threats like Phoenix. Perseus-infected IPTV applications are used to distribute malware.
Cybersecurity researchers have discovered a new Android malware codenamed “Perseus” that can steal sensitive, high-value information from your mobile phones. It also has the potential to “take over” the smartphone ecosystem completely.
According to the ThreatFabric report, the Perseus Android malware represents the advanced stage in the evolution of mobile malware. It builds upon the codebase of earlier malware families like Cerberus and Phoenix.
Perseus can actively target high-value personal and financial information stored in note-taking apps on your Android phone.
The following note-taking apps were found to be vulnerable to Perseus malware:
Google Keep - Notes and Lists
Xiaomi Notes
Samsung Notes
ColorNote Notepad Notes
Evernote - Note Organizer
Microsoft OneNote
Simple Notes Pro
Simple Notes
According to reports, Perseus mobile malware has adapted to the new Android security features with new techniques and the capability to leverage legitimate system features to remain effective.
Through accessibility-based remote sessions, the Perseus malware “enables real-time monitoring and precise interaction with infected devices,” the researchers said in the report. Regions in Turkey and Italy were found to be heavily targeted by Perseus, with Poland, Germany, France, the UAE, and Portugal also affected.
“It navigates the UI by iterating over elements, selecting target nodes, and programmatically triggering click actions. After a short delay, it performs a global “back” action to return to the previous screen and continues the process,” the researchers explained.
IPTV applications that offer television content are often distributed outside of official marketplaces like the Google Play Store. Mobile users download these APK files, unaware that they are infected with Perseus malware.
Android users should not write sensitive personal and financial details on a note-taking app.
You should always update your device to the latest software version.
Download apps only from the Google Play Store. Do not download any APK file from the internet.
Also Read: Best Free Malware Scanners to Protect Your PC in 2026
Perseus is “being increasingly used as a masquerade for mobile threats distribution,” the researchers said.
It comes fortified with built-in measures so that it can work undetected. “Extensive environment checks, including detection of tools like Frida, highlight a clear focus on evading analysis and maintaining operational secrecy,” said the report.
Users are also advised to invest in a paid antivirus solution for phones, tablets, and laptops.