A new Android malware known as MasterFred uses fake login overlays to steal the credit card information of Netflix, Instagram, and Twitter users. First seen in June 2021, the banking trojan has now is active again as the holiday season approaches near. The malware also targets different banks customers in different languages mainly targeting Turkey and Poland at this point. There was atleast one application that was removed from the Google playstore but MasterFred’s operators are also likely using third-party stores as a delivery channel for this new malware. MasterFred abuses the Android Accessibility service to collect sensitive information such as credit card information from over 10 fake bank pages or compromise more than 8 social networking accounts such as Netflix, Twitter, etc. by using false login pages. The HTML overlays for common apps as well as the fake bank login overlays in multiple languages are saved in the assets folder within the application.