Find notable cyber news and cases, enriched with sources, timelines, and signals.

Herodotus MaaS smishing campaign targeting Italian and Brazilian users

Campaign
First reported
Last updated
Happening score
H score 34
1 unique sources, 1 articles

Summary

Hide ▲

A Herodotus smishing campaign is now deploying the Android malware against Italian and Brazilian users, creating a live mobile credential-theft threat. The messages deliver a custom dropper that pushes victims to enable Accessibility access on Android 13+, giving operators deeper control over the device. The payload can mimic human typing, steal banking and crypto credentials, and intercept 2FA codes.

Related Happenings

Google rolls out Android fake call detection against AI impersonation scam calls

Security Tool/Service
H score20 First: 03.06.2026 12:02 Last: 03.06.2026 12:02 Sources 1

About this happening: **Google** is rolling out **fake call detection** on **Android 12 and later** devices this month, giving users a built-in warning when a caller may be using **AI voice-cloning** o...

Wonderland Android SMS stealer activity targeting Uzbekistan

Malware Activity
H score27 First: 22.12.2025 08:11 Last: 22.12.2025 08:11 Sources 1

About this happening: The **Wonderland** Android SMS stealer is being spread through **malicious droppers** in attacks targeting **users in Uzbekistan**, enabling **SMS and OTP theft** and bank-card fr...

TrickyWonders Wonderland distribution campaign targeting Uzbekistan users

Campaign
H score32 First: 22.12.2025 08:11 Last: 22.12.2025 08:11 Sources 1

About this happening: The **TrickyWonders** campaign is distributing **Wonderland** through fake **Google Play** pages, **Facebook** ads, dating-app lures, and **Telegram**, expanding risk to **users i...

DroidLock Android malware with ransom lock and device-control capabilities

Malware Activity
H score31 First: 10.12.2025 23:53 Last: 10.12.2025 23:53 Sources 1

About this happening: The **DroidLock** Android malware can **lock victim screens for ransom** and steal **messages, call logs, contacts, and audio recordings**, putting infected users at immediate ext...

Albiriox Austrian-targeting distribution campaign

Campaign
H score33 First: 01.12.2025 10:45 Last: 01.12.2025 10:45 Sources 1

About this happening: The **Albiriox** distribution campaign targeted **Austrian victims**, using **German-language SMS lures** and fake **Google Play Store** listings to deliver a dropper APK and enab...

Timeline

  1. 28.10.2025 12:00 1 articles · 8mo ago

    Herodotus MaaS smishing targets Italian and Brazilian users

    Initial Disclosure

    Herodotus, a new Android malware family offered as malware-as-a-service and linked to Brokewell operators, is being deployed against Italian and Brazilian users through SMS phishing that delivers a custom dropper. The malware uses random 0.3 to 3 second delays in text input to mimic human typing, attempts to bypass Accessibility permission restrictions on Android 13 and later, and can interact with the Android UI to steal banking and crypto credentials, intercept 2FA codes, and capture screen content.

    Show sources