The Perseus Android banking trojan targets users of Google Keep, Microsoft OneNote, Evernote, Samsung Notes, Xiaomi Notes, ColorNote, and Simple Notes to extract credentials, cryptocurrency seed phrases, and financial data stored in personal notes — the first documented Android malware to systematically target note-taking applications at scale. No CVE applies; this is a malware campaign distributed via trojanized IPTV apps on third-party app stores targeting Android 13+ devices, with 42 financial institutions and 9 cryptocurrency platforms in scope. Organizations with BYOD or mobile workforce policies should immediately prohibit credential storage in note applications via MDM policy, block sideloading on managed Android devices, and audit for newly installed apps from outside Google Play in the past 90 days.