Find notable cyber news and cases, enriched with sources, timelines, and signals.

Fantasy Hub Android RAT MaaS service

Malware Activity
First reported
Last updated
Happening score
H score 27
1 unique sources, 1 articles

Summary

Hide ▲

The Fantasy Hub Android RAT is being sold as Malware-as-a-Service, raising the risk of Android device compromise and banking credential theft. The service is distributed through Russian-speaking Telegram channels and is built to help attackers collect SMS, contacts, call logs, media, and notification content. It also uses fake Google Play pages, trojanized APKs, and default SMS handler abuse to steal credentials and 2FA data.

Related Happenings

RedWing Android spyware rented through Telegram

Malware Activity
H score21 First: 08.07.2026 18:30 Last: 08.07.2026 18:30 Sources 1

About this happening: The **RedWing** Android spyware operation is being rented through **Telegram**, lowering the barrier for criminals to hijack phones and steal **banking credentials**. The malware...

RedWing Android bank-fraud malware rental service

Malware Activity
H score21 First: 07.07.2026 20:10 Last: 07.07.2026 20:10 Sources 1

About this happening: The **RedWing** Android malware service is being rented on **Telegram** to steal **banking logins**, **OTPs**, and device control, raising fraud risk for **banking and cryptocurre...

NFCShare Android malware spreads via fake banking-app updates

Malware Activity
H score21 First: 09.06.2026 01:11 Last: 09.06.2026 01:11 Sources 1

About this happening: The **NFCShare Android malware** is being spread as **fake banking-app updates on GitHub**, broadening attacks against **customers of multiple banks and financial institutions acr...

Google rolls out Android fake call detection against AI impersonation scam calls

Security Tool/Service
H score20 First: 03.06.2026 12:02 Last: 03.06.2026 12:02 Sources 1

About this happening: **Google** is rolling out **fake call detection** on **Android 12 and later** devices this month, giving users a built-in warning when a caller may be using **AI voice-cloning** o...

BTMOB Android MaaS platform expands low-code phishing payload production

Threat Actor Meta
H score21 First: 29.05.2026 00:10 Last: 29.05.2026 00:10 Sources 1

About this happening: **BTMOB** has been exposed as a **malware-as-a-service** Android trojan with a **builder interface**, making it easier for cybercriminals to mass-produce tailored phishing payload...

Timeline

  1. 11.11.2025 13:44 2 articles · 8mo ago

    Fantasy Hub Android RAT disclosed as Telegram MaaS

    Initial Disclosure

    Cybersecurity researchers identify Fantasy Hub as a new Android remote access trojan sold on Russian-speaking Telegram channels under a Malware-as-a-Service model. The service includes seller documentation, videos, bot-driven subscriptions, builder access, fake Google Play Store landing pages, trojanized APK delivery, and a C2 panel, while enabling device control, SMS and contact theft, call-log collection, media theft, notification interception, and banking-credential capture through overlays, default SMS handler abuse, and WebRTC-based live streaming.

    Show sources