Telegram-linked Digital Lutera Android payment-fraud campaign
Campaign
Summary
Hide ▲
Show ▼
A Telegram-linked Android payment-fraud campaign is actively coordinating access attempts and sharing intercepted login data, increasing the risk of account takeover and fraudulent transfers. The operation uses Digital Lutera with LSPosed and Android APIs to intercept SMS/2FA data, spoof device identities, and undermine SIM-binding. One observed channel contained more than 500 login-related messages, showing the technique is already in active use.
Related Happenings
India's Ministry of Electronics and Information Technology NEET-UG 2026 Delhi High Court Warned Telegram and imposed a nationwide block for June 18 affidavit block ahead of the
Public Sector Action
H score27
First: 18.06.2026 15:18
Last: 18.06.2026 15:18
Sources 1
About this happening:
**India's government** warned **Telegram** and imposed a **nationwide block** tied to alleged **NEET-UG 2026** exam-paper leaks, restricting access to the platform and leak-relate...
India's Ministry of Electronics and Information Technology NEET-UG 2026 Delhi High Court Warned Telegram and imposed a nationwide block for June 18 affidavit block ahead of the
Public Sector ActionAbout this happening: **India's government** warned **Telegram** and imposed a **nationwide block** tied to alleged **NEET-UG 2026** exam-paper leaks, restricting access to the platform and leak-relate...
NFCShare Android malware spreads via fake banking-app updates
Malware Activity
H score21
First: 09.06.2026 01:11
Last: 09.06.2026 01:11
Sources 1
About this happening:
The **NFCShare Android malware** is being spread as **fake banking-app updates on GitHub**, broadening attacks against **customers of multiple banks and financial institutions acr...
NFCShare Android malware spreads via fake banking-app updates
Malware ActivityAbout this happening: The **NFCShare Android malware** is being spread as **fake banking-app updates on GitHub**, broadening attacks against **customers of multiple banks and financial institutions acr...
NFCShare fake banking-app update phishing campaign
Campaign
H score40
First: 09.06.2026 01:11
Last: 09.06.2026 01:11
Sources 1
About this happening:
The **NFCShare** phishing campaign is using **fake banking-app updates** on **GitHub** to steal **payment card data** from customers of multiple banks across **Europe**, expanding...
NFCShare fake banking-app update phishing campaign
CampaignAbout this happening: The **NFCShare** phishing campaign is using **fake banking-app updates** on **GitHub** to steal **payment card data** from customers of multiple banks across **Europe**, expanding...
Google rolls out Android fake call detection against AI impersonation scam calls
Security Tool/Service
H score20
First: 03.06.2026 12:02
Last: 03.06.2026 12:02
Sources 1
About this happening:
**Google** is rolling out **fake call detection** on **Android 12 and later** devices this month, giving users a built-in warning when a caller may be using **AI voice-cloning** o...
Google rolls out Android fake call detection against AI impersonation scam calls
Security Tool/ServiceAbout this happening: **Google** is rolling out **fake call detection** on **Android 12 and later** devices this month, giving users a built-in warning when a caller may be using **AI voice-cloning** o...
Android Intrusion Logging forensic logging rollout for spyware investigations
Security Tool/Service
H score11
First: 13.05.2026 09:55
Last: 13.05.2026 09:55
Sources 1
About this happening:
**Android** is adding **Intrusion Logging**, an opt-in forensic feature in **Advanced Protection Mode** that preserves device and network activity for suspected spyware compromise...
Android Intrusion Logging forensic logging rollout for spyware investigations
Security Tool/ServiceAbout this happening: **Android** is adding **Intrusion Logging**, an opt-in forensic feature in **Advanced Protection Mode** that preserves device and network activity for suspected spyware compromise...
Timeline
-
17.03.2026 18:30 2 articles · 3mo ago
Telegram-linked Android payment-fraud campaign
Campaign Scope UpdateCloudSEK researchers identified an Android OS-level campaign that uses the LSPosed framework to manipulate the runtime environment, hijack legitimate mobile payment apps without modifying APKs, and bypass Google Play Protect. Linked to the Digital Lutera module, the technique abuses Android APIs to intercept SMS messages, spoof device identities, extract 2FA data, and undermine SIM-binding, while Telegram activity shows attackers coordinating access attempts and sharing intercepted login data.
Show sources
- Android OS-Level Attack Bypasses Mobile Payment Security — www.infosecurity-magazine.com — 17.03.2026 18:30
- Android OS-Level Attack Bypasses Mobile Payment Security — www.infosecurity-magazine.com — 17.03.2026 18:30