Find notable cyber news and cases, enriched with sources, timelines, and signals.

SpyBanker WhatsApp banking help-app campaign

Campaign
First reported
Last updated
Happening score
H score 35
1 unique sources, 1 articles

Summary

Hide ▲

The SpyBanker Android campaign is now targeting Indian banking users, increasing the risk of call hijacking and financial-data theft. The malware is likely spread through WhatsApp as a fake customer help service app. Once installed, it can redirect calls to an attacker-controlled number and harvest SIM details, SMS messages, and banking data. That combination creates a direct fraud path for attackers to intercept account activity and authentication signals.

Related Happenings

FBI public warning on Signal and WhatsApp phishing

Public Sector Action
H score30 First: 20.03.2026 22:45 Last: 20.03.2026 22:45 Sources 1

About this happening: The **US Department of State** is offering **up to $10 million** through the **Rewards for Justice** program for information that helps identify or locate **UNC5792** and **UNC422...

Latest development: 29.06.2026 12:29

The US government offered up to $10 million for information leading to the identification of UNC5792 and UNC4221, Russian intelligence-linked threat actors targeting Signal and WhatsApp users by posing as automated support accounts and stealing verification codes or Backup Recovery Keys; CISA and the FBI warned that sharing a Backup Recovery Key can let the actor access historical private and group messages and potentially keep access after a new account is created with the same phone number.

SORVEPOTEL WhatsApp malware campaign spreads across Brazil

Campaign
H score31 First: 12.03.2026 19:31 Last: 12.03.2026 19:31 Sources 1

About this happening: A **WhatsApp** malware campaign in **Brazil** is spreading **SORVEPOTEL**, a **self-propagating Windows malware** that uses **phishing ZIP attachments** and a desktop-only lure to...

Russian state-sponsored hackers' ongoing Signal and WhatsApp phishing campaign

Campaign
H score38 First: 09.03.2026 23:24 Last: 09.03.2026 23:24 Sources 1

About this happening: An **ongoing Russian intelligence-linked** phishing **campaign** is targeting **Signal** and **WhatsApp** users and has evolved from stealing verification codes and account PINs t...

Latest development: 27.06.2026 01:06

FBI and CISA warn that the Russian intelligence services-linked Signal phishing campaign has evolved from stealing verification codes, account PINs, and linked-device access to eliciting victims' Backup Recovery Keys through impersonated Signal support messages. If a target provides the key, attackers can restore Signal's Secure Backups on their own devices and read historical messages, including private and group conversations, while the campaign continues to target high-intelligence-value individuals.

Lotusbail malicious npm package stealing WhatsApp account data and messages

Malware Activity
H score30 First: 22.12.2025 18:08 Last: 22.12.2025 18:08 Sources 1

About this happening: The **lotusbail** package is a malicious **npm** library that steals **WhatsApp** account data and can leave victims with **persistent unauthorized access**. It masquerades as a l...

Wonderland Android SMS stealer activity targeting Uzbekistan

Malware Activity
H score27 First: 22.12.2025 08:11 Last: 22.12.2025 08:11 Sources 1

About this happening: The **Wonderland** Android SMS stealer is being spread through **malicious droppers** in attacks targeting **users in Uzbekistan**, enabling **SMS and OTP theft** and bank-card fr...

Timeline

  1. 14.08.2025 14:06 1 articles · 10mo ago

    SpyBanker campaign targets Indian banking users via WhatsApp

    Initial Disclosure

    K7 Security disclosed an Android malware campaign dubbed SpyBanker that targets Indian banking users and is likely distributed through WhatsApp under the guise of a customer help service app. The malware can register CallForwardingService to change the call-forward number to an attacker-controlled mobile number, redirect unattended calls, and collect SIM details, sensitive banking information, SMS messages, and notification data.

    Show sources