Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Asin Android spyware distribution through fake utility, PDF, and war-map apps

Malware Activity
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

The Asin Android spyware activity is being distributed through fake utility, PDF, and war-map apps, putting Arabic-speaking users at risk of covert surveillance on Android devices. ESET found the malware spreading across multiple waves starting in early 2025, with some lures marketed through Facebook and Telegram accounts. Artifacts seen through mid-January 2026 suggest the distribution remains active and may be aimed at Arabic-speaking journalists and OSINT practitioners.

Related Happenings

GreyVibe custom malware activity with LegionRelay, PhantomRelay, and FallSpy

Malware Activity
First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: **GREYVIBE** is a **Russian-speaking** malware activity targeting **Ukraine and Ukraine-related entities** since at least **August 2025**. The group uses **spear-phishing e-mails*...

Open Happening

BTMOB Android MaaS platform expands low-code phishing payload production

Threat Actor Meta
First: 29.05.2026 00:10 Last: 29.05.2026 00:10 Sources 1

About this happening: **BTMOB** has been exposed as a **malware-as-a-service** Android trojan with a **builder interface**, making it easier for cybercriminals to mass-produce tailored phishing payload...

Open Happening

Grandoreiro and BTMOB banking trojan activity targeting Windows and Android

Malware Activity
First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: **BTMOB** is an **Android remote access trojan** sold as **malware-as-a-service** on the **clearweb** and in private **Telegram** channels, with a builder that generates customize...

Open Happening

BTMOB Android RAT no-code builder malware activity

Malware Activity
First: 26.05.2026 17:00 Last: 26.05.2026 17:00 Sources 1

About this happening: **BTMOB** is an **Android RAT** sold as **malware-as-a-service** on the **clearweb** and in private **Telegram** channels, with a **no-code APK builder** that generates customized...

Latest development: 29.05.2026 00:10

BTMOB is openly advertised on the clearweb and in private Telegram channels as a malware-as-a-service (MaaS) platform with an APK builder that customizes phishing payloads without coding. The Android RAT targets users mainly in Brazil and Latin America, uses phishing sites masquerading as streaming services, cryptocurrency mining platforms, and Google Play portals, and custom lures have included an Argentinian government agency theme.

Open Happening

BirdCall Android spyware variant

Malware Activity
First: 05.05.2026 12:04 Last: 05.05.2026 12:04 Sources 1

About this happening: The **BirdCall** Android spyware variant expanded a known **Windows** backdoor into a mobile surveillance tool with **file exfiltration** and device reconnaissance capabilities. I...

Open Happening

Timeline

  1. 05.06.2026 17:53 1 articles · 8h ago

    live-war-map[.]com is registered as a military-incident updates site

    Campaign Scope Update

    The domain live-war-map[.]com is registered on January 20, 2025 and claims to offer updates on military incidents, forming one of the lookalike sites used to distribute a malicious Android app with stealthy spyware capabilities.

    Show sources
    Open in new tab
  4. 05.06.2026 17:53 2 articles · 8h ago

    ESET identifies Asin Android spyware targeting Arabic-speaking users

    Initial Disclosure

    ESET identifies Asin as a new Android spyware cluster targeting Arabic-speaking users, says the malware spread through multiple campaigns beginning in early 2025, and assesses that the activity remains unattributed while possibly targeting Arabic-speaking journalists and OSINT practitioners.

    Show sources
    Open in new tab