New Android Malware ‘fantasy Hub’ Intercepts Sms Messages, Contacts...

Russian-based threat actors are distributing a sophisticated Android Remote Access Trojan through underground channels, offering it as a subscription service to other criminals.

The malware, identified as Fantasy Hub, enables attackers to conduct widespread surveillance operations on compromised mobile devices, stealing sensitive communications and personal information from unsuspecting users.

The spyware’s capabilities extend far beyond basic data theft, providing attackers with tools to intercept two-factor authentication messages, access banking credentials, and perform real-time device monitoring.

Fantasy Hub operates under a Malware-as-a-Service model, significantly lowering the technical barriers for attackers with minimal expertise.

Threat actors advertise the malware on Russian-language channels and include links to a Telegram bot that manages subscriptions and provides access to the malware builder.

The attackers refer to compromised devices and their owners as “mammoths,” drawing users into a sophisticated social engineering ecosystem that combines phishing techniques with technical sophistication.

Attackers receive complete documentation, including video tutorials, on deploying the malware and bypassing security restrictions.

Zimperium security researchers identified Fantasy Hub’s sophisticated infrastructure, which includes a Russian-language command and control panel and comprehensive operational guides for attackers.

The malware’s targeting strategy specifically focuses on financial institutions such as Alfa, PSB, Tbank, and Sber, where operators deploy fake login windows to capture banking credentials.

This financial focus underscores the serious threat posed to enterprise environments where employees use mobile banking or sensitive applications on personal devices.

Source: Cybersecurity News