SpyBanker WhatsApp banking help-app campaign
Campaign
Summary
Hide ▲
Show ▼
The SpyBanker Android campaign is now targeting Indian banking users, increasing the risk of call hijacking and financial-data theft. The malware is likely spread through WhatsApp as a fake customer help service app. Once installed, it can redirect calls to an attacker-controlled number and harvest SIM details, SMS messages, and banking data. That combination creates a direct fraud path for attackers to intercept account activity and authentication signals.
Related Happenings
SORVEPOTEL WhatsApp malware campaign spreads across Brazil
Campaign
First: 12.03.2026 19:31
Last: 12.03.2026 19:31
Sources 1
About this happening:
A **WhatsApp** malware campaign in **Brazil** is spreading **SORVEPOTEL**, a **self-propagating Windows malware** that uses **phishing ZIP attachments** and a desktop-only lure to...
SORVEPOTEL WhatsApp malware campaign spreads across Brazil
CampaignAbout this happening: A **WhatsApp** malware campaign in **Brazil** is spreading **SORVEPOTEL**, a **self-propagating Windows malware** that uses **phishing ZIP attachments** and a desktop-only lure to...
Lotusbail malicious npm package stealing WhatsApp account data and messages
Malware Activity
First: 22.12.2025 18:08
Last: 22.12.2025 18:08
Sources 1
About this happening:
The **lotusbail** package is a malicious **npm** library that steals **WhatsApp** account data and can leave victims with **persistent unauthorized access**. It masquerades as a l...
Lotusbail malicious npm package stealing WhatsApp account data and messages
Malware ActivityAbout this happening: The **lotusbail** package is a malicious **npm** library that steals **WhatsApp** account data and can leave victims with **persistent unauthorized access**. It masquerades as a l...
Wonderland Android SMS stealer activity targeting Uzbekistan
Malware Activity
First: 22.12.2025 08:11
Last: 22.12.2025 08:11
Sources 1
About this happening:
The **Wonderland** Android SMS stealer is being spread through **malicious droppers** in attacks targeting **users in Uzbekistan**, enabling **SMS and OTP theft** and bank-card fr...
Wonderland Android SMS stealer activity targeting Uzbekistan
Malware ActivityAbout this happening: The **Wonderland** Android SMS stealer is being spread through **malicious droppers** in attacks targeting **users in Uzbekistan**, enabling **SMS and OTP theft** and bank-card fr...
GhostPairing WhatsApp pairing-code account-hijacking campaign
Campaign
First: 17.12.2025 21:14
Last: 17.12.2025 21:14
Sources 1
About this happening:
**GhostPairing** is an active **WhatsApp account-hijacking campaign** that abuses the platform’s **device-linking feature** to take over accounts via pairing codes, creating a dir...
GhostPairing WhatsApp pairing-code account-hijacking campaign
CampaignAbout this happening: **GhostPairing** is an active **WhatsApp account-hijacking campaign** that abuses the platform’s **device-linking feature** to take over accounts via pairing codes, creating a dir...
China-based smishing and fake e-commerce phishing campaign
Campaign
First: 05.12.2025 01:02
Last: 05.12.2025 01:02
Sources 1
About this happening:
A **China-based phishing campaign** has escalated into mass-registered scam domains and **SMS lures** for rewards points, tax refunds, and fake retail deals, increasing risk for *...
China-based smishing and fake e-commerce phishing campaign
CampaignAbout this happening: A **China-based phishing campaign** has escalated into mass-registered scam domains and **SMS lures** for rewards points, tax refunds, and fake retail deals, increasing risk for *...
Timeline
-
14.08.2025 14:06 1 articles · 9mo ago
SpyBanker campaign targets Indian banking users via WhatsApp
Initial DisclosureK7 Security disclosed an Android malware campaign dubbed SpyBanker that targets Indian banking users and is likely distributed through WhatsApp under the guise of a customer help service app. The malware can register CallForwardingService to change the call-forward number to an attacker-controlled mobile number, redirect unattended calls, and collect SIM details, sensitive banking information, SMS messages, and notification data.
Show sources
- New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits — thehackernews.com — 14.08.2025 14:06