-
17:00
-
16:50
-
16:30
-
16:20
-
16:00
-
15:50
-
15:30
-
15:20
-
15:00
Follow us on Facebook
Morocco targeted by Android malware PlayPraetor in global cyberattack
A powerful Android Trojan known as PlayPraetor has infected over 11,000 smartphones worldwide, with Morocco emerging as the only African country targeted so far in this growing cyber threat. The malware spreads through fake Google Play pages and deceptive social media ads, primarily affecting users in Spanish- and Arabic-speaking regions.
First detected in March 2025, PlayPraetor is distributed by operators using command-and-control panels in Chinese. According to cybersecurity firm Cleafy, the Trojan hijacks Android’s accessibility services to gain complete control over infected devices.
It can overlay fake login screens on more than 200 banking and crypto apps, record keystrokes, monitor clipboard data, and live-stream the screen to remote servers. The malware communicates with attackers in real-time via WebSocket and exists in five known variants, including “Phantom,” which enables fraud directly from the user’s device without detection.
Morocco has been heavily affected due to its linguistic and digital proximity to the Arab and Hispanic online ecosystem, along with other impacted countries such as Spain, France, Portugal, Peru, and Hong Kong. Cleafy reports an alarming 2,000 new infections weekly, indicating a surge in regions where Arabic and Spanish are widely used.
Other Android malware such as ToxicPanda and DoubleTrouble are also active in Morocco, highlighting a worrying trend in mobile cyber threats. Experts urge Moroccan users to avoid installing apps outside the official Google Play Store, be wary of links received via SMS or social media, and review app permissions, especially those related to accessibility services.