Cybersecurity researchers have identified two new Android malware families: FvncBot and SeedSnatcher, alongside an upgraded version of ClayRat. FvncBot, disguised as a security app from mBank, specifically targets Polish mobile banking users. It operates by leveraging Android’s accessibility services to enable keylogging, web-inject attacks, and screen streaming. Notably, this malware is entirely original, built from scratch, and not based on existing trojans like ERMAC. Once installed, it tricks users into granting accessibility permissions, allowing it to execute various malicious functions, including remote control of the device and data exfiltration. SeedSnatcher, distributed via Telegram under the name Coin, focuses on stealing cryptocurrency wallet seed phrases and intercepting SMS messages for two-factor authentication codes. This malware employs advanced techniques to avoid detection, initially requesting minimal permissions before escalating access to sensitive data. Analysts suspect that the operators are Chinese-speaking, based on the language used in the malware's control panel. An enhanced version of ClayRat has also emerged, which now abuses accessibility services and SMS permissions for broader control over infected devices. This updated ClayRat can record keystrokes, capture screens, and display fake notifications to deceive users. It has been distributed through numerous phishing domains posing as legitimate services, like YouTube, and mimicking popular apps. These developments indicate a significant evolution in mobile malware tactics, emphasizing the need for users to remain vigilant against potential threats.