Ethical Hacking News
Android.Backdoor.916.origin is a highly sophisticated and multifunctional Android malware that targets Russian business executives, posing significant threats to their privacy and security. The malware disguises itself as an antivirus program and has the ability to steal sensitive information from popular messaging apps and work with multiple C2 servers. Security researchers have identified the threat and notified domain registrars in an effort to disrupt its spread. Stay informed about emerging threats like this one and take steps to protect yourself against the latest cyber threats.
Android.Backdoor.916.origin is a highly sophisticated Android malware that poses a significant threat to business executives' privacy and security. The malware disguises itself as an antivirus program, requesting extensive permissions for sensitive information. The malware connects to a remote command-and-control server, allowing attackers to issue commands and receive stolen data. The malware can target specific apps, including messaging apps like Telegram and WhatsApp, and is difficult to detect and remove. Security researchers believe the malware was designed for targeted attacks against Russian business executives.
Android.Backdoor.916.origin is a highly sophisticated and multifunctional Android malware that has been identified by security researchers as posing a significant threat to the privacy and security of business executives in Russia. The malware, which was first observed in January 2025, is designed to be a backdoor, allowing attackers to remotely access and control the infected device.
The malware is particularly noteworthy for its sophisticated tactics and techniques. It is disguised as an antivirus program, with a logo and interface that mimic those of legitimate security software. The malware's installer requests extensive permissions, including access to sensitive information such as location data, SMS messages, media files, camera and audio recordings, background activity, and more.
Once installed on the device, the malware connects to a remote command-and-control (C2) server, allowing attackers to issue commands and receive stolen data. The malware also has the ability to work with multiple C2 servers, using separate ports for each type of data it is able to steal. This allows attackers to switch between different types of information being stolen, such as SMS messages, contacts, call logs, geolocation data, images, audio and video recordings, and more.
One of the most concerning features of Android.Backdoor.916.origin is its ability to target specific apps on the infected device. The malware has been observed to be able to keylog and steal data from popular messaging apps such as Telegram, WhatsApp, Gmail, Chrome, and Yandex browsers. It also has the ability to self-protect against removal by the user, making it a difficult piece of malware to detect and remove.
Security researchers have speculated that Android.Backdoor.916.origin was designed specifically for targeted attacks against Russian business executives. The malware's interface is only available in Russian, suggesting that it is intended for use in Russia or with Russian-speaking targets. Additionally, the malware has been detected with file names such as "SECURITY_FSB" and "FSB", which appear to be references to Russia's intelligence agency.
The malware's creators have also attempted to avoid detection by mimicking legitimate security software. The malware's installer runs simulated scans with random fake detections, making it difficult for users to distinguish between legitimate and malicious activity on their device.
Fortunately, security researchers from Doctor Web have identified the malware and published a report detailing its tactics and techniques. They have also notified domain registrars of the corresponding violations, in an effort to disrupt the malware's ability to spread.
In addition to the threat posed by Android.Backdoor.916.origin, it is worth noting that the malware has been linked to other malicious campaigns in recent months. For example, a campaign using Linux .desktop files to drop custom malware has been observed, highlighting the evolving nature of cyber threats and the need for vigilance from security professionals.
The discovery of Android.Backdoor.916.origin highlights the importance of being aware of sophisticated and targeted attacks against business executives. It also underscores the need for robust security measures to protect devices and data from such threats. By staying informed about emerging threats like this one, individuals and organizations can take steps to mitigate risk and protect themselves against the latest cyber threats.
Related Information:
https://www.ethicalhackingnews.com/articles/AndroidBackdoor916origin-The-Highly-Sophisticated-Malware-Targeting-Russian-Business-Executives-ehn.shtml
https://securityaffairs.com/181503/malware/android-backdoor-916-origin-malware-targets-russian-business-executives.html
Published: Mon Aug 25 09:30:05 2025 by llama3.2 3B Q4_K_M
