Find notable cyber news and cases, enriched with sources, timelines, and signals.

Cellik Android malware-as-a-service trojanized-app builder

Malware Activity
First reported
Last updated
Happening score
H score 30
1 unique sources, 1 articles

Summary

Hide ▲

The Cellik Android malware-as-a-service has appeared on underground forums with a builder that can create trojanized versions of Google Play Store apps, increasing the risk of stealthy infections. The malware is advertised to capture and stream screens, intercept notifications, browse files, exfiltrate data, and wipe devices. It also includes fake login overlays and a hidden browser mode that can reuse stored cookies, which raises the likelihood of credential theft. The seller claims the packaging may help evade Play Protect, but that evasion claim is unconfirmed.

Related Happenings

RedWing Android bank-fraud malware rental service

Malware Activity
H score21 First: 07.07.2026 20:10 Last: 07.07.2026 20:10 Sources 1

About this happening: The **RedWing** Android malware service is being rented on **Telegram** to steal **banking logins**, **OTPs**, and device control, raising fraud risk for **banking and cryptocurre...

Google Play Protect adds warnings and app disabling for compromised SDK abuse

Security Tool/Service
H score11 First: 03.07.2026 12:35 Last: 03.07.2026 12:35 Sources 1

About this happening: **Google Play Protect** was updated in **July 2026** to **warn Android users automatically** and **disable apps** tied to **compromised SDKs**, limiting abuse of consumer devices...

Google Chrome DBSC rolls out session-cookie theft protection for all users

Security Tool/Service
H score10 First: 29.05.2026 15:08 Last: 29.05.2026 15:08 Sources 1

About this happening: Google's **Chrome Device Bound Session Credentials (DBSC)** is now **generally available** and rolling out to **all users**, reducing the risk of **account takeovers** from stolen...

Premium Deception Android malware campaign

Campaign
H score38 First: 20.05.2026 18:30 Last: 20.05.2026 18:30 Sources 1

About this happening: The **Premium Deception** campaign used **nearly 250 fake Android apps** to enroll victims in premium mobile billing subscriptions, creating direct fraud risk across multiple coun...

Trapdoor Android malvertising and ad-fraud campaign

Campaign
H score39 First: 19.05.2026 19:38 Last: 19.05.2026 19:38 Sources 1

About this happening: The **Trapdoor** campaign is a **self-sustaining malvertising and ad-fraud operation** targeting **Android users** and turning app installs into revenue through threat-actor-contr...

Timeline

  1. 17.12.2025 00:59 2 articles · 6mo ago

    Cellik Android malware-as-a-service appears on underground forums

    Initial Disclosure

    Cellik, a new Android malware-as-a-service, is being advertised on underground cybercrime forums with an APK builder that can wrap payloads inside apps from the Google Play Store to create trojanized variants that keep the original interface and functionality. The service is described as able to capture and stream screens, intercept notifications, browse the filesystem, exfiltrate files, wipe data, use a hidden browser mode with stored cookies, and inject fake login screens for credential theft, while also communicating with command-and-control servers over an encrypted channel and claiming, unconfirmed, that trusted-app packaging may help bypass Play Protect.

    Show sources