BirdCall Android spyware variant
Malware Activity
Summary
Hide ▲
Show ▼
The BirdCall Android spyware variant expanded a known Windows backdoor into a mobile surveillance tool with file exfiltration and device reconnaissance capabilities. It was created around October 2024 and observed in at least seven versions, making the malware family more versatile across platforms. The malware was delivered through trojanized APKs on sqgame[.]net, a game platform, which increased exposure for Android users. Its Android build can collect contacts, call logs, SMS, screenshots, audio, and files, raising the risk of theft and covert monitoring.
Related Happenings
QuimaRAT cross-platform Java MaaS remote access trojan
Malware Activity
H score29
First: 06.07.2026 11:13
Last: 06.07.2026 11:13
Sources 1
About this happening:
A new **QuimaRAT** **MaaS** offering expands cross-platform malware risk by packaging a modular **Java-based RAT** for **Windows, Linux, and macOS**. The activity matters because...
QuimaRAT cross-platform Java MaaS remote access trojan
Malware ActivityAbout this happening: A new **QuimaRAT** **MaaS** offering expands cross-platform malware risk by packaging a modular **Java-based RAT** for **Windows, Linux, and macOS**. The activity matters because...
Asin Android spyware distribution through fake utility, PDF, and war-map apps
Malware Activity
H score22
First: 05.06.2026 17:53
Last: 05.06.2026 17:53
Sources 1
About this happening:
The **Asin** Android spyware activity is being distributed through fake utility, PDF, and war-map apps, putting **Arabic-speaking users** at risk of covert surveillance on **Andro...
Asin Android spyware distribution through fake utility, PDF, and war-map apps
Malware ActivityAbout this happening: The **Asin** Android spyware activity is being distributed through fake utility, PDF, and war-map apps, putting **Arabic-speaking users** at risk of covert surveillance on **Andro...
BTMOB Android RAT no-code builder malware activity
Malware Activity
H score28
First: 26.05.2026 17:00
Last: 26.05.2026 17:00
Sources 1
About this happening:
**BTMOB** is an **Android RAT** sold as **malware-as-a-service** on the **clearweb** and in private **Telegram** channels, with a **no-code APK builder** that generates customized...
BTMOB Android RAT no-code builder malware activity
Malware ActivityAbout this happening: **BTMOB** is an **Android RAT** sold as **malware-as-a-service** on the **clearweb** and in private **Telegram** channels, with a **no-code APK builder** that generates customized...
Latest development: 29.05.2026 00:10
BTMOB is openly advertised on the clearweb and in private Telegram channels as a malware-as-a-service (MaaS) platform with an APK builder that customizes phishing payloads without coding. The Android RAT targets users mainly in Brazil and Latin America, uses phishing sites masquerading as streaming services, cryptocurrency mining platforms, and Google Play portals, and custom lures have included an Argentinian government agency theme.
Android Intrusion Logging forensic logging rollout for spyware investigations
Security Tool/Service
H score11
First: 13.05.2026 09:55
Last: 13.05.2026 09:55
Sources 1
About this happening:
**Android** is adding **Intrusion Logging**, an opt-in forensic feature in **Advanced Protection Mode** that preserves device and network activity for suspected spyware compromise...
Android Intrusion Logging forensic logging rollout for spyware investigations
Security Tool/ServiceAbout this happening: **Android** is adding **Intrusion Logging**, an opt-in forensic feature in **Advanced Protection Mode** that preserves device and network activity for suspected spyware compromise...
Android 17 expands platform security and privacy protections
Security Tool/Service
H score15
First: 12.05.2026 20:00
Last: 12.05.2026 20:00
Sources 1
About this happening:
**Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...
Android 17 expands platform security and privacy protections
Security Tool/ServiceAbout this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...
Timeline
-
05.05.2026 12:04 2 articles · 2mo ago
BirdCall Android spyware delivery through sqgame[.]net
Initial DisclosureAPT37, also known as ScarCruft and Ricochet Chollima, delivered a previously undocumented Android variant of BirdCall as trojanized APKs on sqgame[.]net; ESET says the malware was created around October 2024 and has had at least seven versions, while the Android build can collect contacts, call logs, SMS, device identifiers, screenshots, microphone audio, and files, and still lacks several Windows commands including shell execution, traffic proxying, browser and messenger targeting, file deletion and dropping, and process killing.
Show sources
- ScarCruft hackers push BirdCall Android malware via game platform — www.bleepingcomputer.com — 05.05.2026 12:04
- North Korean APT Targets Yanbian Gamers via Trojanized Platform — www.infosecurity-magazine.com — 05.05.2026 18:00