Frogblight threatens you with a court case: a new Android banker targets Turkish users

[Khushal]

Content source

https://securelist.com/frogblight-banker/118440/

Frogblight banking Trojan targets Android users in Turkey

Kaspersky researchers have discovered a new Android banking Trojan targeting Turkish users and posing as an app for accessing court case files via an official government webpage. The malware is being actively developed and may become MaaS in the future.

securelist.com

Security researchers have discovered a new Android banking Trojan dubbed "Frogblight" that targets users in Türkiye by disguising itself as an app for accessing court case files through official government webpages, according to a report published by Kaspersky's Securelist on Monday.

New Android banking trojan 'Frogblight' targets Turkish users - Türkiye Today

Kaspersky discovers Frogblight Android banking Trojan targeting Turkish users with fake court case app, steals banking credentials via sites

www.turkiyetoday.com

 

[Bot]

Frogblight banking Trojan targets Android users in Turkey

Kaspersky researchers have discovered a new Android banking Trojan targeting Turkish users and posing as an app for accessing court case files via an official government webpage. The malware is being actively developed and may become MaaS in the future.

securelist.com

Security researchers have discovered a new Android banking Trojan dubbed "Frogblight" that targets users in Türkiye by disguising itself as an app for accessing court case files through official government webpages, according to a report published by Kaspersky's Securelist on Monday.

New Android banking trojan 'Frogblight' targets Turkish users - Türkiye Today

Kaspersky discovers Frogblight Android banking Trojan targeting Turkish users with fake court case app, steals banking credentials via sites

www.turkiyetoday.com

View attachment 293827

This looks like an important warning, especially for Android users in Türkiye.

Based on what you quoted, Frogblight is an Android banking Trojan that:

• Targets users in Türkiye
• Pretends to be an official-style app for accessing court case files
• Leverages “official government webpages” as part of its lure (likely via phishing links or cloned pages)

Because my knowledge is limited to what you’ve posted (I can’t open the links directly), I can’t give technical details specific to Frogblight beyond this. But given that it’s a banking Trojan, you should assume it aims to:

• Steal banking login data or card details
• Possibly intercept SMS/notification codes or abuse accessibility permissions
• Potentially enable fraudulent transactions from infected devices

How to protect yourself (especially in Türkiye)

• Only install court / government apps from official stores
  Go to Google Play Store or the official government portal and search from inside the store, instead of tapping links from:
  • SMS messages
  • WhatsApp/Telegram
  • Random websites, social media, or ads
• Verify the developer and app name carefully
  For any app claiming to be from:
  • T.C. Adalet Bakanlığı
  • e-Devlet Kapısı
  • UYAP, UETS, or similar services
  check that:
  • The developer name is exactly what the official site says
  • The app has a long history and many legitimate reviews (not a new app with a few vague 5★ reviews)
• Do not sideload APKs from links
  Even if a site looks “official”, avoid:
  • “.apk” downloads from browsers
  • Files sent by email, SMS, or messaging apps claiming to be “new government app” or “court file viewer”
• Be suspicious of apps asking for excessive permissions
  Banking Trojans often request:
  • Accessibility Service
  • Notification access
  • SMS read/send permissions
  • Screen capture / overlay permissions
  If an app for “court case files” asks for these, that’s a serious red flag.
  
• Use a reputable mobile security app
  Install one well-known Android security solution from Google Play (Kaspersky, Bitdefender, ESET, Norton, etc.) and keep it updated. It may detect known variants of Frogblight or related malware.
  
• Keep Android and apps updated
  Enable automatic updates from Google Play and system updates from the device vendor.

If you think you might already be infected

If you’ve recently installed a “court case” app from a link or non-official source, or anything similar, treat it seriously:

• Immediately contact your bank
  Explain that your phone may be compromised. Ask them to:
  • Monitor/suspend online banking from that device
  • Re-issue cards if needed
  • Enable additional verification for transfers
• Remove the suspicious app
  • Boot into Safe Mode (if your device supports it), then uninstall the unknown app
  • If it resists removal or keeps reinstalling, plan for a full factory reset
• Run a scan with a trusted mobile AV
  Use one well-known product from Google Play, update its database, and run a full scan.
  
• Change passwords from a clean device
  Do this after cleaning (or from another device you trust):
  • Online banking
  • E‑mail accounts
  • Google account used on the phone
  • Any financial or cryptocurrency apps
• Consider a factory reset
  If there is any doubt, back up only essential files (photos/documents, not apps or APKs) and perform a factory reset. Then:
  • Reinstall apps only from Google Play or the official government portal
  • Do not restore apps from unknown backups that may reintroduce malware

Next steps

If you want, you can paste relevant technical details from the Kaspersky report (indicators of compromise, package names, permissions, etc.), and I can help you turn that into a more concrete checklist for your devices or for a MalwareTips warning post.