A newly identified threat to Android users dubbed “Fantasy Hub” is spreading, according to research from the security firm Zimperium.
Sold on Russian-speaking channels, the toolkit is distributed in a Malware-as-a-Service (MaaS) offering, providing full remote access capabilities and enabling attackers with minimal technical expertise to deploy sophisticated espionage and bank login theft campaigns.
The malware is being marketed with seller documentation, video tutorials, Telegram-bots for subscription management, and instructions to help attackers embed their fake apps in official-looking storefronts, including counterfeit Google Play pages.
Fantasy Hub has already been observed targeting major Russian banks, including Alfa, PSB, Tbank and Sber.
Zimperium’s analysis shows Fantasy Hub offers a broad suite of malicious features including exfiltration of SMS messages, contacts, call logs, and images/videos. It can reply to notifications and delete them, stream audio and video via WebRTC, and drop disguised payloads that masquerade as system updates for installation stealth.
In these campaigns, the malware uses fake application windows or overlays that mimic authentic banking apps to phish for credentials and card data. The seller also provides video instructions showing how to customize fake app windows with PIN/password fields for more convincing credential harvesting.
Because it abuses default SMS handler permissions, it can intercept two-factor authentication messages, ensure persistence, and compromise entire devices. For enterprises and mobile banking consumers, Zimperium says the new malware means that the risk of mobile devices being an attack vector for credential theft has significantly increased.
Follow us on X, Facebook and Telegram
Don’t Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Check Price Action
Surf The Daily Hodl Mix
 
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated Image: Midjourney
