APT / THREAT GROUP💰 FINANCIALHIGH

Svpeng

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Svpeng is a malicious banking trojan targeting Android devices, and it poses a significant threat to both mobile users and the developers of mobile banking apps. Svpeng has been active since around 2013. It primarily targets Android users, and its main objective is to steal sensitive financial information, particularly login credentials and personal data related to banking and financial apps. Svpeng typically spreads through malicious apps, phishing campaigns, or drive-by downloads.

Threat Analysis

Svpeng is a high-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like Svpeng prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

With high sophistication, Svpeng is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.

External References

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Sophisticationhigh
Aliases2

Also Known As

Svpengapk.svpeng

External Intelligence

Malpedia: apk.svpeng

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Svpeng — APT / Threat Group | Threat Intelligence | CTIWATCH.COM