The Perseus Android banking trojan specifically targets note-taking applications — including Microsoft OneNote, Google Keep, Evernote, Samsung Notes, Xiaomi Notes, ColorNote, and Simple Notes — to extract plaintext passwords and cryptocurrency wallet recovery phrases, a capability not previously observed in the Cerberus malware lineage. No CVE applies; the risk is a policy and configuration failure, as sensitive credentials stored in consumer note apps lack enterprise encryption or access controls. Immediate action: prohibit credential storage in consumer note apps via policy, enforce Play Store-only installation on managed Android devices, and audit MDM telemetry for Accessibility Service grants to unapproved applications.