Find notable cyber news and cases, enriched with sources, timelines, and signals.

DroidLock Android malware with ransom lock and device-control capabilities

Malware Activity
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

The DroidLock Android malware can lock victim screens for ransom and steal messages, call logs, contacts, and audio recordings, putting infected users at immediate extortion and privacy risk. It also supports complete device control through VNC sharing, overlay-based lock-pattern theft, and actions such as changing PINs or wiping data. The malware is distributed through malicious websites and fake applications that impersonate legitimate packages, with a dropper delivering the secondary payload. It targets Spanish-speaking users, while Play Protect blocks the threat on up-to-date devices.

Related Happenings

RedWing Android spyware rented through Telegram

Malware Activity
H score21 First: 08.07.2026 18:30 Last: 08.07.2026 18:30 Sources 1

About this happening: The **RedWing** Android spyware operation is being rented through **Telegram**, lowering the barrier for criminals to hijack phones and steal **banking credentials**. The malware...

RedWing Android bank-fraud malware rental service

Malware Activity
H score21 First: 07.07.2026 20:10 Last: 07.07.2026 20:10 Sources 1

About this happening: The **RedWing** Android malware service is being rented on **Telegram** to steal **banking logins**, **OTPs**, and device control, raising fraud risk for **banking and cryptocurre...

Grandoreiro and BTMOB banking trojan activity targeting Windows and Android

Malware Activity
H score25 First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: **BTMOB** is an **Android remote access trojan** sold as **malware-as-a-service** on the **clearweb** and in private **Telegram** channels, with a builder that generates customize...

BTMOB Android RAT no-code builder malware activity

Malware Activity
H score28 First: 26.05.2026 17:00 Last: 26.05.2026 17:00 Sources 1

About this happening: **BTMOB** is an **Android RAT** sold as **malware-as-a-service** on the **clearweb** and in private **Telegram** channels, with a **no-code APK builder** that generates customized...

Latest development: 29.05.2026 00:10

BTMOB is openly advertised on the clearweb and in private Telegram channels as a malware-as-a-service (MaaS) platform with an APK builder that customizes phishing payloads without coding. The Android RAT targets users mainly in Brazil and Latin America, uses phishing sites masquerading as streaming services, cryptocurrency mining platforms, and Google Play portals, and custom lures have included an Argentinian government agency theme.

Android 17 expands platform security and privacy protections

Security Tool/Service
H score15 First: 12.05.2026 20:00 Last: 12.05.2026 20:00 Sources 1

About this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...

Timeline

  1. 10.12.2025 23:53 2 articles · 7mo ago

    Zimperium discloses DroidLock Android malware

    Initial Disclosure

    Zimperium identifies DroidLock as a newly discovered Android malware that targets Spanish-speaking users through malicious websites and fake apps, uses a dropper to install a secondary payload, requests Device Admin and Accessibility Services permissions, and can lock screens for ransom, steal text messages, call logs, contacts, and audio recordings, change PIN/password/biometric data, erase files, and control devices through VNC and overlay-based lock-pattern theft; up-to-date devices are blocked by Play Protect.

    Show sources