Android malware disguised as an antivirus targets Russia

Published: 25 August 2025
android malware spy
Image by Cybernews

Android malware disguised as security software is listening to calls, stealing messages, and watching through the cameras of Russian citizens.

A new strain of Android malware is spreading around Russian businesses. Cybersecurity firm Doctor Web has identified a multifunctional backdoor called Android.Backdoor.916.origin.

The malicious app GuardCB was first spotted in January 2025, pretending to be an antivirus platform. According to researchers, the program’s interface is only available in Russian, showing that it is targeting representatives of Russian businesses.

ADVERTISEMENT
Android malware
Source: Dr. Web

The app's logo resembles the Central Bank of Russia’s emblem. Other malware versions circulate under names like “SECURITY_FSB” and “FSB,” playing with the app's associations with law enforcement entities.

Once installed, Android.Backdoor.916.origin asks for invasive permissions, such as location, microphone, camera, SMS, calls, contacts, and administrator rights. It also has access to WhatsApp, Telegram, Google Chrome, Gmail, and Yandex.

The app fakes virus scans. It randomly decides whether it’s “found threats” on the victim's device, showing between one and three bogus results. However, behind the scenes, the app swipes data from the device and sends it to threat actors. The malware enables them to:

  • Broadcast video from the camera
  • Stream live audio from the microphone
  • Track calls, texts, and location data
  • Take photos and files from storage
  • Capture every keystroke, including passwords
android malware russia

Active cyber warfare

The researchers do not specify the source of the malware and whether it could be part of espionage attempts.

ADVERTISEMENT

Russian hackers have been notorious for state-backed cyberattacks, mainly targeting Western countries. Reportedly, Russia has recently shifted the focus of its cyberattacks to the UK, with Russian President Vladimir Putin allegedly seeking to avoid offending his US counterpart, Donald Trump.

Since Russia started the war in Ukraine, the Ukrainian hackers have targeted Russian infrastructure. One such attack paralyzed one of the biggest drone suppliers in Russia. As reported, over 47 terabytes of technical information were accessed and exfiltrated, including sensitive drone production documentation.

The Russian aviation sector has also been impacted. Aeroflot was forced to cancel dozens of flights in July, disrupting travel across the world's biggest country. Two pro-Ukrainian hacking groups claimed to have inflicted the crippling cyberattack.

Ukrainian hackers also claim to have successfully carried out a cyberattack on Tupolev, a leading Russian company developing strategic bombers for the military.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked