A new and highly sophisticated Android spyware, dubbed “Android.Backdoor.916.origin,” has been identified targeting Russian business executives. Security researchers at the Russian cybersecurity firm Dr. Web revealed the malware is being distributed through a deceptive campaign, masquerading as legitimate antivirus software from Russia’s Federal Security Services (FSB) or the Central Bank of the Russian Federation.
The malware, first detected in January, has been undergoing continuous development, with multiple versions now in the wild. Its targeted nature is highlighted by the fact that the application’s interface is exclusively in Russian, and the fraudulent branding is designed to appeal to high-value targets within the country.
Once installed, “Android.Backdoor.916.origin” requests a broad range of dangerous permissions, including access to geolocation data, SMS messages, contacts, and media files. The malware exploits Android’s Accessibility Service to log keystrokes, effectively stealing sensitive data from popular messaging apps like Telegram and WhatsApp, as well as browser information from Chrome and Yandex.
The spyware’s capabilities are extensive and designed for deep surveillance. It can activate the device’s microphone and camera to eavesdrop on conversations and stream live video. It also has the ability to exfiltrate call history, and stored images. Researchers noted the malware can also switch between up to 15 different hosting providers, a function that, while not currently active, demonstrates a design for resilience and evasion.
The discovery of “Android.Backdoor.916.origin” underscores a growing trend of highly targeted cyber-espionage campaigns against Russian individuals and businesses. The sophisticated nature of the malware and its specific targeting of executives suggest the attackers are likely seeking sensitive corporate and personal information for financial gain or intelligence purposes.
To mitigate the risk, security experts recommend that users avoid downloading applications from unofficial sources, especially those distributed through private messages or unofficial app catalogs. Users should also be vigilant about the permissions they grant to new applications and only download software from trusted and official app stores.
