frogblight
Frogblight is an Android banking trojan/campaign targeting users in Turkey. It is distributed via SMS phishing and is delivered disguised as legitimate apps such as Google Chrome or a government/court-case themed application. Reported objectives include theft of banking credentials and collection of device data. Frogblight is described as being developed and offered as a malware-as-a-service (MaaS), using a web-based control panel for remote management; samples are noted as being distributed with matching keys, consistent with panel-based operator access. Public reporting referenced includes analysis by Kaspersky, and broader coverage noting Frogblight among newer, professionally engineered Android malware families.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Frogblight is an Android malware targeting users in Turkey, stealing banking credentials and personal data, and is being developed for distribution as malware-as-a-service (MaaS).
Frogblight is an Android banking trojan targeting Turkish users, designed to steal banking credentials by masquerading as legitimate apps.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.