"According to its seller, the malware enables device control and espionage, allowing threat actors to collect SMS messages, contacts, call logs, images, and videos, as well as intercept, reply, and delete incoming notifications. "It's a MaaS product with seller documentation, videos, and a bot-driven subscription model that helps novice attackers by providing a low barrier to entry," Zimperium researcher Vishnu Pratapagiri said in a report last week."
""Because it targets financial workflows (fake windows for banks) and abuses the SMS handler role (for intercepting 2-factor SMS), it poses a direct threat to enterprise customers using BYOD and to any organization whose employees rely on mobile banking or sensitive mobile apps," The threat actor, in their advertisement for Fantasy Hub, refers to victims as "mammoths," a term often used by Telegram-based cybercriminals operating out of Russia."
Fantasy Hub is a new Android remote access trojan sold on Russian-speaking Telegram channels under a Malware-as-a-Service model. The malware enables device control and espionage, collecting SMS messages, contacts, call logs, images, and videos, and intercepting, replying to, and deleting incoming notifications. The service provides seller documentation, tutorial videos, a bot-driven subscription model, and a builder that trojanizes uploaded APKs. Distribution guidance includes creating fake Google Play Store landing pages and bypassing restrictions with customized icons and names. Pricing starts at $200 per week, $500 per month, or $4,500 per year for single-user access. The C2 panel displays compromised-device details and subscription status.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]