Herodotus MaaS smishing campaign targeting Italian and Brazilian users
Campaign
Summary
Hide ▲
Show ▼
A Herodotus smishing campaign is now deploying the Android malware against Italian and Brazilian users, creating a live mobile credential-theft threat. The messages deliver a custom dropper that pushes victims to enable Accessibility access on Android 13+, giving operators deeper control over the device. The payload can mimic human typing, steal banking and crypto credentials, and intercept 2FA codes.
Related Happenings
Google rolls out Android fake call detection against AI impersonation scam calls
Security Tool/Service
H score20
First: 03.06.2026 12:02
Last: 03.06.2026 12:02
Sources 1
About this happening:
**Google** is rolling out **fake call detection** on **Android 12 and later** devices this month, giving users a built-in warning when a caller may be using **AI voice-cloning** o...
Google rolls out Android fake call detection against AI impersonation scam calls
Security Tool/ServiceAbout this happening: **Google** is rolling out **fake call detection** on **Android 12 and later** devices this month, giving users a built-in warning when a caller may be using **AI voice-cloning** o...
Wonderland Android SMS stealer activity targeting Uzbekistan
Malware Activity
H score27
First: 22.12.2025 08:11
Last: 22.12.2025 08:11
Sources 1
About this happening:
The **Wonderland** Android SMS stealer is being spread through **malicious droppers** in attacks targeting **users in Uzbekistan**, enabling **SMS and OTP theft** and bank-card fr...
Wonderland Android SMS stealer activity targeting Uzbekistan
Malware ActivityAbout this happening: The **Wonderland** Android SMS stealer is being spread through **malicious droppers** in attacks targeting **users in Uzbekistan**, enabling **SMS and OTP theft** and bank-card fr...
TrickyWonders Wonderland distribution campaign targeting Uzbekistan users
Campaign
H score32
First: 22.12.2025 08:11
Last: 22.12.2025 08:11
Sources 1
About this happening:
The **TrickyWonders** campaign is distributing **Wonderland** through fake **Google Play** pages, **Facebook** ads, dating-app lures, and **Telegram**, expanding risk to **users i...
TrickyWonders Wonderland distribution campaign targeting Uzbekistan users
CampaignAbout this happening: The **TrickyWonders** campaign is distributing **Wonderland** through fake **Google Play** pages, **Facebook** ads, dating-app lures, and **Telegram**, expanding risk to **users i...
DroidLock Android malware with ransom lock and device-control capabilities
Malware Activity
H score31
First: 10.12.2025 23:53
Last: 10.12.2025 23:53
Sources 1
About this happening:
The **DroidLock** Android malware can **lock victim screens for ransom** and steal **messages, call logs, contacts, and audio recordings**, putting infected users at immediate ext...
DroidLock Android malware with ransom lock and device-control capabilities
Malware ActivityAbout this happening: The **DroidLock** Android malware can **lock victim screens for ransom** and steal **messages, call logs, contacts, and audio recordings**, putting infected users at immediate ext...
Albiriox Austrian-targeting distribution campaign
Campaign
H score33
First: 01.12.2025 10:45
Last: 01.12.2025 10:45
Sources 1
About this happening:
The **Albiriox** distribution campaign targeted **Austrian victims**, using **German-language SMS lures** and fake **Google Play Store** listings to deliver a dropper APK and enab...
Albiriox Austrian-targeting distribution campaign
CampaignAbout this happening: The **Albiriox** distribution campaign targeted **Austrian victims**, using **German-language SMS lures** and fake **Google Play Store** listings to deliver a dropper APK and enab...
Timeline
-
28.10.2025 12:00 1 articles · 8mo ago
Herodotus MaaS smishing targets Italian and Brazilian users
Initial DisclosureHerodotus, a new Android malware family offered as malware-as-a-service and linked to Brokewell operators, is being deployed against Italian and Brazilian users through SMS phishing that delivers a custom dropper. The malware uses random 0.3 to 3 second delays in text input to mimic human typing, attempts to bypass Accessibility permission restrictions on Android 13 and later, and can interact with the Android UI to steal banking and crypto credentials, intercept 2FA codes, and capture screen content.
Show sources
- New Herodotus Android malware fakes human typing to avoid detection — www.bleepingcomputer.com — 28.10.2025 12:00