A new Android malware strain has surfaced, disguised as an antivirus tool linked to Russia’s Federal Security Service (FSB). The spyware focuses on Russian executives, giving attackers full access to phones, including the camera, microphone, and private communications.
Disguised as Trusted Security
Researchers from Dr. Web identified the malware as Android.Backdoor.916.origin. The application presents itself with names like “SECURITY_FSB,” “GuardCB,” or simply “ФСБ,” to trick users into believing it is legitimate software. Its interface is fully in Russian, which shows it is tailored for a local audience.
Espionage Features
Once installed, the new Android malware requests broad permissions. It can:
- Steal SMS messages, call logs, contacts, and photos.
- Track geolocation in real time.
- Stream live feeds from the microphone, camera, and screen.
- Capture keystrokes and read app messages, including Telegram, WhatsApp, Gmail, Chrome, and Yandex.
- Execute shell commands, maintain persistence, and block removal attempts.
The application even simulates antivirus scans. Around 30% of the time, it fabricates “threats” to alarm victims and discourage them from uninstalling it.
Infrastructure and Persistence
The malware connects to a command-and-control server that can switch between up to 15 different hosting providers. This setup gives the attackers resilience, ensuring their spyware remains active even if domains are blocked.
Why It Matters
The attack highlights how new Android malware can exploit user trust in government and banking institutions. By posing as official security tools, attackers increase the likelihood of victims installing the spyware without suspicion. The campaign’s espionage capabilities make it especially dangerous for executives and organizations handling sensitive information.
Defense Measures
- Only download apps from trusted sources such as the Google Play Store.
- Check app permissions carefully before granting access.
- Avoid installing tools claiming to be from government or banking institutions unless verified.
- Watch for unusual activity, such as excessive battery drain or suspicious background processes.
Conclusion
The new Android malware campaign demonstrates how cybercriminals exploit trust to gain complete control of targeted devices. By pretending to be an FSB antivirus, it tricks victims into granting dangerous permissions. Vigilant downloading habits and stronger mobile defenses are essential to reduce the risk of infection.
0 responses to “New Android Malware Masquerades as FSB Antivirus”