Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Fantasy Hub Android RAT MaaS service

Malware Activity
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

The Fantasy Hub Android RAT is being sold as Malware-as-a-Service, raising the risk of Android device compromise and banking credential theft. The service is distributed through Russian-speaking Telegram channels and is built to help attackers collect SMS, contacts, call logs, media, and notification content. It also uses fake Google Play pages, trojanized APKs, and default SMS handler abuse to steal credentials and 2FA data.

Related Happenings

BTMOB Android MaaS platform expands low-code phishing payload production

Threat Actor Meta
First: 29.05.2026 00:10 Last: 29.05.2026 00:10 Sources 1

About this happening: **BTMOB** has been exposed as a **malware-as-a-service** Android trojan with a **builder interface**, making it easier for cybercriminals to mass-produce tailored phishing payload...

Open Happening

Grandoreiro and BTMOB banking trojan activity targeting Windows and Android

Malware Activity
First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: **BTMOB** is an **Android remote access trojan** sold as **malware-as-a-service** on the **clearweb** and in private **Telegram** channels, with a builder that generates customize...

Open Happening

Premium Deception Android malware campaign

Campaign
First: 20.05.2026 18:30 Last: 20.05.2026 18:30 Sources 1

About this happening: The **Premium Deception** campaign used **nearly 250 fake Android apps** to enroll victims in premium mobile billing subscriptions, creating direct fraud risk across multiple coun...

Open Happening

TrickMo Android banking malware adds TON-based covert command-and-control

Malware Activity
First: 11.05.2026 12:03 Last: 11.05.2026 12:03 Sources 1

About this happening: The **TrickMo Android banking malware** has added **TON-based covert command-and-control**, making its operator infrastructure harder to identify, block, or take down for victims...

Open Happening

ScarCruft sqgame[.]net supply-chain espionage campaign

Campaign
First: 05.05.2026 12:07 Last: 05.05.2026 12:07 Sources 1

About this happening: **ScarCruft**'s **late-2024** supply-chain campaign against **sqgame[.]net** expanded a niche gaming platform compromise into a **multi-platform espionage channel**. The operation...

Open Happening

Timeline

  1. 11.11.2025 13:44 2 articles · 6mo ago

    Fantasy Hub Android RAT disclosed as Telegram MaaS

    Initial Disclosure

    Cybersecurity researchers identify Fantasy Hub as a new Android remote access trojan sold on Russian-speaking Telegram channels under a Malware-as-a-Service model. The service includes seller documentation, videos, bot-driven subscriptions, builder access, fake Google Play Store landing pages, trojanized APK delivery, and a C2 panel, while enabling device control, SMS and contact theft, call-log collection, media theft, notification interception, and banking-credential capture through overlays, default SMS handler abuse, and WebRTC-based live streaming.

    Show sources
    Open in new tab