A dangerous new Android malware is spreading by disguising itself as an antivirus app linked to Russia’s Federal Security Service (FSB).
Security researchers at Doctor Web identified the threat, named Android.Backdoor.916.origin, which has been under active development since January 2025.
The fake antivirus, appearing under names like SECURITY_FSB or ФСБ, tricks users into granting extensive permissions, including access to calls, messages, geolocation, and even device administrator rights. Once installed, it can record conversations, capture keystrokes, stream from the camera, and steal data from popular apps like WhatsApp, Gmail, and Telegram.
Researchers say the spyware mainly targets Russian business executives, with the app’s interface built entirely in Russian and distribution happening through direct links instead of official app stores.
The malware also uses multiple command-and-control servers and can switch hosting providers to avoid takedowns, making it highly resilient.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
