Android users in Russia alerted over virus bearing the emblem of the Central Bank
A targeted Android cyberattack has been uncovered, with the malware Android.Backdoor.916.origin specifically aimed at Russian business representatives. This malware, disguised as a fake antivirus app called GuardCB, has been active since January 2025 and is capable of extensive spying activities.
The attack is not a broad campaign against generic Android users but a focused operation. The malware, which mimics the Russian Central Bank emblem, is distributed through messaging apps, posing as a security tool linked to Russian law enforcement organizations like the FSB.
Key Details of the Malware
- The malware's interface is only in Russian, reflecting a narrow and deliberate target group.
- Doctor Web researchers have highlighted that this is the second malware campaign targeting Russian infrastructure since 2022, with the earlier one involving a fake mapping app spying on the Russian military.
- Users are advised to only install apps from trusted sources to mitigate risk since the malware exploits Android’s openness.
Latest Updates
- No evidence from the current search results suggests a widespread outbreak beyond these targeted attacks. However, the level of data exfiltration capabilities (audio, video streaming, keystrokes) shows a high level of sophistication and targeted espionage.
- The malware's creation and distribution is considered a cyberattack.
- The malware's functionality includes intercepting conversations, real-time camera streaming, stealing data from messengers and browsers, and recording all keyboard presses to obtain passwords and other confidential information.
- The distribution of the malware is carried out by unknown entities.
The malware, Android.Backdoor.916.origin, is designed for Android devices and is disguised as the antivirus GuardCB, with a logo visually similar to the CB RF emblem. After installation and launch, the malware requests a wide range of permissions, including access to geolocation, camera, microphone, messages, call list, files, and the ability to work in the background.
It's important to note that this attack is a targeted operation, not intended for mass distribution among Android device owners. Users are urged to exercise caution when downloading and installing apps, especially those from unverified sources.
As the investigation into this cyberattack continues, it underscores the importance of cybersecurity vigilance, particularly in the business sector. Stay informed and stay safe.
Read also:
- VinFast's debut EV plant in India, Tata Harrier EV distribution starts, next-gen Mahindra Bolero sightings caught on camera
- Tesla-powered residences in Houston create a buyers' frenzy
- Ford accelerates electric vehicle production with a $2 billion restructuring of its Kentucky factory.
- Saudi Secures $83 Million Expansion Funding for its Multi-Platform Car Rental and Mobility Service
