IOC Radar
TLP:WHITE5 IOCs

OverlayPhantom: The Android Banking Trojan Hiding in Plain Sight

CY
Cyble
Published May 27, 2026Original Report

Threat Actors

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYPlayTA0027INFRASTRUCTUREhttps://bitlrewards-a…https://199.217.99.122CAPABILITYPlayVICTIMunknown
Adversary(2)
Infrastructure(2)
Capability(1)
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise5

TypeIndicatorConfidenceScoreFirst Seen
SHA256f8b614a2918378063d6e6655b676ceb52ae65b1510e2cc08087fcac31acb7aeb
file-hashintel-blogmalware
High
56
Jun 2, 26
SHA2569ef37376bfaa18e193cc72218924ad8ebf56d2667d348f0eae5ae6ec45ab8775
file-hashintel-blogmalware
High
56
Jun 2, 26
URLhttps://bitlrewards-app.com/api/download/IDAustria
intel-blogmalwarenetwork
High
63
Jun 2, 26
SHA2568ddc1f2a75f3d5b5bd054a5367bd5015ebc90f3453d63c7cce438c12dc2ae86a
file-hashintel-blogmalware
High
64
Jun 2, 26
URLhttps://199.217.99.122
intel-blogmalwarenetwork
High
63
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph5 total IOCs
SHA256URL
SHA2563URL2Actors2Malware1REPORTOverlayPhantom: The AndroiPlayTA0027Play
scroll to zoom · drag to pan · click IOC to open