Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Android.Backdoor.916.origin spyware targeting Russian businesses

Malware Activity
First reported
Last updated
Happening score
H score 28
2 unique sources, 2 articles

Summary

Hide ▲

The Android.Backdoor.916.origin Happening covers an Android spyware strain that masquerades as an FSB antivirus app and is aimed at Russian business users. The lure uses Russian-only branding such as SECURITY_FSB, ФСБ, and GuardCB to look legitimate, and it seeks high-risk permissions for SMS, camera, audio, location, and Accessibility Service. Once installed, it can steal messages, contacts, call history, browser and messenger data, and it can enable microphone, camera, screen streaming, shell commands, persistence, and self-protection. Researchers have observed multiple later samples since January 2025, indicating continued development and operational use.

Related Happenings

Mirax Android banking trojan with residential proxy nodes

Malware Activity
First: 13.04.2026 17:30 Last: 13.04.2026 17:30 Sources 1

About this happening: Mirax is spreading across **Europe** with **remote access** and **residential proxy** features, increasing the risk of device compromise, data theft, and traffic abuse. The Androi...

Open Happening

Perseus Android malware family actively distributed in the wild

Malware Activity
First: 19.03.2026 14:43 Last: 19.03.2026 14:43 Sources 1

About this happening: The **Perseus** **Android malware** family is being actively distributed in the wild, putting infected devices at risk of **device takeover** and **financial fraud**. It spreads t...

Open Happening

Perseus Android note-stealing and remote-control malware activity

Malware Activity
First: 19.03.2026 12:13 Last: 19.03.2026 12:13 Sources 1

About this happening: The **Perseus** Android malware is now being used to inspect user notes for secrets, creating theft risk for **passwords**, **recovery phrases**, and **financial data**. It is als...

Open Happening

SORVEPOTEL WhatsApp malware campaign spreads across Brazil

Campaign
First: 12.03.2026 19:31 Last: 12.03.2026 19:31 Sources 1

About this happening: A **WhatsApp** malware campaign in **Brazil** is spreading **SORVEPOTEL**, a **self-propagating Windows malware** that uses **phishing ZIP attachments** and a desktop-only lure to...

Open Happening

BeatBanker Android phishing campaign targeting Brazilian users

Campaign
First: 12.03.2026 09:56 Last: 12.03.2026 09:56 Sources 1

About this happening: A **BeatBanker** Android phishing campaign is targeting **Brazilian users**, creating a risk of device compromise and payment theft. The lure uses **Google Play Store** lookalike...

Open Happening

Timeline

  1. 24.08.2025 17:08 2 articles · 9mo ago

    Dr. Web details Android.Backdoor.916.origin spyware

    Technical Analysis Update

    Dr. Web describes Android.Backdoor.916.origin, a new Android spyware strain posing as antivirus software linked to the FSB and targeting executives of Russian businesses. The malware uses Russian-only branding such as GuardCB, SECURITY_FSB, and ФСБ, requests high-risk permissions, simulates scan results, and can exfiltrate SMS, contacts, call history, geo-location, images, messenger data, and input while enabling microphone, camera, screen streaming, shell commands, persistence, and self-protection.

    Show sources
    Open in new tab