Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Fantasy Hub Android RAT MaaS service

Malware Activity
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

The Fantasy Hub Android RAT is being sold as Malware-as-a-Service, raising the risk of Android device compromise and banking credential theft. The service is distributed through Russian-speaking Telegram channels and is built to help attackers collect SMS, contacts, call logs, media, and notification content. It also uses fake Google Play pages, trojanized APKs, and default SMS handler abuse to steal credentials and 2FA data.

Related Happenings

Premium Deception Android malware campaign

Campaign
First: 20.05.2026 18:30 Last: 20.05.2026 18:30 Sources 1

About this happening: The **Premium Deception** campaign used **nearly 250 fake Android apps** to enroll victims in premium mobile billing subscriptions, creating direct fraud risk across multiple coun...

Open Happening

TrickMo Android banking malware adds TON-based covert command-and-control

Malware Activity
First: 11.05.2026 12:03 Last: 11.05.2026 12:03 Sources 1

About this happening: The **TrickMo Android banking malware** has added **TON-based covert command-and-control**, making its operator infrastructure harder to identify, block, or take down for victims...

Open Happening

ScarCruft sqgame[.]net supply-chain espionage campaign

Campaign
First: 05.05.2026 12:07 Last: 05.05.2026 12:07 Sources 1

About this happening: **ScarCruft**'s **late-2024** supply-chain campaign against **sqgame[.]net** expanded a niche gaming platform compromise into a **multi-platform espionage channel**. The operation...

Open Happening

BirdCall Android spyware variant

Malware Activity
First: 05.05.2026 12:04 Last: 05.05.2026 12:04 Sources 1

About this happening: The **BirdCall** Android spyware variant expanded a known **Windows** backdoor into a mobile surveillance tool with **file exfiltration** and device reconnaissance capabilities. I...

Open Happening

APT37 BirdCall Android supply-chain campaign

Campaign
First: 05.05.2026 12:04 Last: 05.05.2026 12:04 Sources 1

About this happening: The **APT37** campaign now delivers a new **Android** variant of **BirdCall** through **trojanized APKs** on **sqgame[.]net**, expanding the operation beyond its known **Windows**...

Open Happening

Timeline

  1. 11.11.2025 13:44 2 articles · 6mo ago

    Fantasy Hub Android RAT disclosed as Telegram MaaS

    Initial Disclosure

    Cybersecurity researchers identify Fantasy Hub as a new Android remote access trojan sold on Russian-speaking Telegram channels under a Malware-as-a-Service model. The service includes seller documentation, videos, bot-driven subscriptions, builder access, fake Google Play Store landing pages, trojanized APK delivery, and a C2 panel, while enabling device control, SMS and contact theft, call-log collection, media theft, notification interception, and banking-credential capture through overlays, default SMS handler abuse, and WebRTC-based live streaming.

    Show sources
    Open in new tab