Zimperium researchers have identified Fantasy Hub, a Russian Android RAT offered as Malware-as-a-Service, capable of device control, spying, and data theft through Telegram. This sophisticated MaaS platform targets banks and enterprise users, leveraging native droppers, WebRTC streaming, and SMS abuse to evade detection. #FantasyHub #RussianThreatActors #BankingTrojan
Keypoints
- Fantasy Hub is a MaaS Android RAT that offers device spying and control features.
- It allows attackers to intercept SMS, access contacts, call logs, and stream live video feeds.
- The malware uses a native dropper disguised as a Google Play update to hide from analysis.
- Sellers provide guides and a bot-driven subscription model for novice attackers.
- The tool targets financial institutions by creating fake login windows and intercepting two-factor authentication messages.