Find notable cyber news and cases, enriched with sources, timelines, and signals.

BirdCall Android spyware variant

Malware Activity
First reported
Last updated
Happening score
H score 4
2 unique sources, 2 articles

Summary

Hide ▲

The BirdCall Android spyware variant expanded a known Windows backdoor into a mobile surveillance tool with file exfiltration and device reconnaissance capabilities. It was created around October 2024 and observed in at least seven versions, making the malware family more versatile across platforms. The malware was delivered through trojanized APKs on sqgame[.]net, a game platform, which increased exposure for Android users. Its Android build can collect contacts, call logs, SMS, screenshots, audio, and files, raising the risk of theft and covert monitoring.

Related Happenings

QuimaRAT cross-platform Java MaaS remote access trojan

Malware Activity
H score29 First: 06.07.2026 11:13 Last: 06.07.2026 11:13 Sources 1

About this happening: A new **QuimaRAT** **MaaS** offering expands cross-platform malware risk by packaging a modular **Java-based RAT** for **Windows, Linux, and macOS**. The activity matters because...

Asin Android spyware distribution through fake utility, PDF, and war-map apps

Malware Activity
H score22 First: 05.06.2026 17:53 Last: 05.06.2026 17:53 Sources 1

About this happening: The **Asin** Android spyware activity is being distributed through fake utility, PDF, and war-map apps, putting **Arabic-speaking users** at risk of covert surveillance on **Andro...

BTMOB Android RAT no-code builder malware activity

Malware Activity
H score28 First: 26.05.2026 17:00 Last: 26.05.2026 17:00 Sources 1

About this happening: **BTMOB** is an **Android RAT** sold as **malware-as-a-service** on the **clearweb** and in private **Telegram** channels, with a **no-code APK builder** that generates customized...

Latest development: 29.05.2026 00:10

BTMOB is openly advertised on the clearweb and in private Telegram channels as a malware-as-a-service (MaaS) platform with an APK builder that customizes phishing payloads without coding. The Android RAT targets users mainly in Brazil and Latin America, uses phishing sites masquerading as streaming services, cryptocurrency mining platforms, and Google Play portals, and custom lures have included an Argentinian government agency theme.

Android Intrusion Logging forensic logging rollout for spyware investigations

Security Tool/Service
H score11 First: 13.05.2026 09:55 Last: 13.05.2026 09:55 Sources 1

About this happening: **Android** is adding **Intrusion Logging**, an opt-in forensic feature in **Advanced Protection Mode** that preserves device and network activity for suspected spyware compromise...

Android 17 expands platform security and privacy protections

Security Tool/Service
H score15 First: 12.05.2026 20:00 Last: 12.05.2026 20:00 Sources 1

About this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...

Timeline

  1. 05.05.2026 12:04 2 articles · 2mo ago

    BirdCall Android spyware delivery through sqgame[.]net

    Initial Disclosure

    APT37, also known as ScarCruft and Ricochet Chollima, delivered a previously undocumented Android variant of BirdCall as trojanized APKs on sqgame[.]net; ESET says the malware was created around October 2024 and has had at least seven versions, while the Android build can collect contacts, call logs, SMS, device identifiers, screenshots, microphone audio, and files, and still lacks several Windows commands including shell execution, traffic proxying, browser and messenger targeting, file deletion and dropping, and process killing.

    Show sources