Researchers at Zimperium are tracking a new malware-as-a-service platform designed to target Android phones with banking Trojans. The platform, dubbed “Fantasy Hub,” allows unskilled threat actors to launch sophisticated malware campaigns that trick victims into granting access to their bank accounts.
Zimperium explains, “Fantasy Hub is not a one-off commodity kit: it’s a MaaS product with seller documentation, videos, and a bot-driven subscription model that helps novice attackers by providing a low barrier to entry. Because it targets financial workflows (fake windows for banks) and abuses the SMS handler role (for intercepting two-factor SMS), it poses a direct threat to enterprise customers using BYOD and to any organization whose employees rely on mobile banking or sensitive mobile apps.”
The malware platform has built-in phishing templates that impersonate several major banks and also allows attackers to build their own templates.
“A notable feature of the malware is its ability to deploy pre-built or custom phishing windows designed to target various banks,” the researchers write. “Primarily, it focuses on institutions such as Alfa, PSB, Tbank, and Sber. Furthermore, the malware's vendors have indicated that attackers possess the capability to create additional custom windows, allowing them to target a broader range of financial institutions. The malware leverages activity-alias entries to generate numerous launcher icons and labels, all directed to a single component. This allows one APK to masquerade as various banking applications.”
The researchers note that Fantasy Hub is a step above most malware kits, allowing the malware to adapt to different social engineering situations.
“Unlike older banking trojans that rely solely on overlays, Fantasy Hub integrates native droppers, WebRTC-based live streaming, and abuse of the SMS handler role to exfiltrate data and impersonate legitimate apps in real time,” Zimperium says. “This blend of social engineering and deep-system control makes it especially dangerous in BYOD and consumer-facing environments where app-store trust is assumed.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Zimperium has the story.
With KnowBe4 Defend you can:
