BianLian is a threat actor known for operating the BianLian ransomware. Initially, it emerged as an Android banking trojan back in 2019. Much like the traditional Chinese art of “face-changing” from which it takes its name, BianLian has displayed impressive adaptability. It has transitioned its activities to primarily focus on ransomware attacks, first appearing as a ransomware strain in July 2022.