Find notable cyber news and cases, enriched with sources, timelines, and signals.

Bonvi Team DeliveryRAT Telegram distribution campaign targeting Russian Android users

Campaign
First reported
Last updated
Happening score
H score 23
1 unique sources, 1 articles

Summary

Hide ▲

The Bonvi Team distribution operation is actively pushing DeliveryRAT to Russian Android device owners, increasing the reach of a mobile malware scheme that relies on phishing and malicious app installs. The operation uses a Telegram bot to hand out APK files or phishing-page links that masquerade as normal consumer services. It matters because the delivery chain blends MaaS distribution, fake service lures, and background permissions abuse to maximize infections and keep victims engaged.

Related Happenings

India's Ministry of Electronics and Information Technology acting under Section 69A of the IT Act Restricted access to Telegram nationwide and ordered message-editing disabled

Public Sector Action
H score71 First: 17.06.2026 16:12 Last: 17.06.2026 16:12 Sources 1

About this happening: India's **Ministry of Electronics and Information Technology** ordered a **nationwide Telegram restriction** under **Section 69A** through **June 22**, adding a separate requireme...

Outsider Enterprise-Outsider-Chinese cybercrime alliance reshapes ransomware ecosystem operations

Threat Actor Meta
H score69 First: 12.06.2026 21:59 Last: 12.06.2026 21:59 Sources 1

About this happening: The **Outsider Enterprise** is a **Chinese phishing-as-a-service** operation that used **Telegram**, **AI**, and distributed phishing kits to run large-scale brand-impersonation c...

Outsider Telegram-run smishing campaign targeting Americans

Campaign
H score53 First: 12.06.2026 21:59 Last: 12.06.2026 21:59 Sources 1

About this happening: The **Outsider Enterprise** happening is a **phishing-as-a-service** campaign tied to a **Chinese cybercrime network** that used **AI** and distributed phishing kits to impersonat...

Latest development: 14.06.2026 17:36

The FBI, working with Google and Black Lotus Labs, dismantled Outsider Enterprise, a Chinese phishing-as-a-service operation that used AI and distributed phishing kits to impersonate trusted brands in texts sent through AT&T, T-Mobile and Verizon. The takedown included seizures of administration servers, a Shopify e-commerce storefront, a testing account, around $100,000 USDT and a Telegram bot linked to the service, while Google pursued civil action and coordinated with carriers to block fraudulent messages.

Mirax Android banking trojan with residential proxy nodes

Malware Activity
H score37 First: 13.04.2026 17:30 Last: 13.04.2026 17:30 Sources 1

About this happening: Mirax is spreading across **Europe** with **remote access** and **residential proxy** features, increasing the risk of device compromise, data theft, and traffic abuse. The Androi...

Android RAT campaign using Hugging Face dropper lure

Campaign
H score37 First: 16.02.2026 12:24 Last: 16.02.2026 12:24 Sources 1

About this happening: In recent weeks, a **live Android RAT campaign** has used **Hugging Face** to deliver malicious APKs through a fake-update lure. The operation starts with a dropper app, such as *...

Timeline

  1. 03.11.2025 13:14 2 articles · 8mo ago

    Bonvi Team distributes DeliveryRAT through Telegram bots to Russian Android users

    Initial Disclosure

    Bonvi Team runs a DeliveryRAT malware-as-a-service distribution channel through a Telegram bot that offers APK files or phishing-page links, using fake food delivery, marketplace, banking, and parcel-tracking lures to target Russian Android device owners. The campaign requests notification and battery-optimization access, can hide app icons, and is assessed to have been active since mid-2024.

    Show sources