Find notable cyber news and cases, enriched with sources, timelines, and signals.

TrickyWonders Wonderland distribution campaign targeting Uzbekistan users

Campaign
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

The TrickyWonders campaign is distributing Wonderland through fake Google Play pages, Facebook ads, dating-app lures, and Telegram, expanding risk to users in Uzbekistan and their contacts. The operation matters because the Android stealer captures SMS messages, intercepts OTPs, and can hijack Telegram accounts to keep the infection chain going. It also relies on stolen Telegram sessions and repeated delivery channels, making the distribution pattern resilient and hard to interrupt.

Related Happenings

Trojanized Pyrogram forks with hidden Telegram backdoor

Malware Activity
H score14 First: 01.07.2026 00:02 Last: 01.07.2026 00:02 Sources 1

About this happening: Trojanized **Pyrogram** forks on **PyPI** now ship a hidden backdoor that gives attackers remote command execution and file access on compromised **Telegram bot servers**. The mal...

India's Ministry of Electronics and Information Technology NEET-UG 2026 Delhi High Court Warned Telegram and imposed a nationwide block for June 18 affidavit block ahead of the

Public Sector Action
H score27 First: 18.06.2026 15:18 Last: 18.06.2026 15:18 Sources 1

About this happening: **India's government** warned **Telegram** and imposed a **nationwide block** tied to alleged **NEET-UG 2026** exam-paper leaks, restricting access to the platform and leak-relate...

Telegram access disruption from AS18101 route spillover

Service Disruption
H score62 First: 17.06.2026 16:12 Last: 17.06.2026 16:12 Sources 1

About this happening: **Telegram** access was disrupted outside **India** after **AS18101 / Reliance Communications** announced Telegram prefixes, spilling a domestic block into the **UAE** and other r...

India's Ministry of Electronics and Information Technology acting under Section 69A of the IT Act Restricted access to Telegram nationwide and ordered message-editing disabled

Public Sector Action
H score71 First: 17.06.2026 16:12 Last: 17.06.2026 16:12 Sources 1

About this happening: India's **Ministry of Electronics and Information Technology** ordered a **nationwide Telegram restriction** under **Section 69A** through **June 22**, adding a separate requireme...

Outsider Telegram-run smishing campaign targeting Americans

Campaign
H score53 First: 12.06.2026 21:59 Last: 12.06.2026 21:59 Sources 1

About this happening: The **Outsider Enterprise** happening is a **phishing-as-a-service** campaign tied to a **Chinese cybercrime network** that used **AI** and distributed phishing kits to impersonat...

Latest development: 14.06.2026 17:36

The FBI, working with Google and Black Lotus Labs, dismantled Outsider Enterprise, a Chinese phishing-as-a-service operation that used AI and distributed phishing kits to impersonate trusted brands in texts sent through AT&T, T-Mobile and Verizon. The takedown included seizures of administration servers, a Shopify e-commerce storefront, a testing account, around $100,000 USDT and a Telegram bot linked to the service, while Google pursued civil action and coordinated with carriers to block fraudulent messages.

Timeline

  1. 22.12.2025 08:11 2 articles · 6mo ago

    TrickyWonders Wonderland distribution campaign disclosed

    Initial Disclosure

    TrickyWonders distributes Wonderland to users in Uzbekistan through fake Google Play Store web pages, Facebook ad campaigns, bogus dating-app accounts, Telegram, and stolen Telegram sessions sold on dark web markets, while the malware steals SMS messages and one-time passwords, hijacks Telegram accounts, and can issue arbitrary USSD requests through bidirectional C2.

    Show sources