π¨Android-based financial fraud in Uzbekistan has entered a new stage of operational maturity, with threat actors shifting from simple SMS stealers to sophisticated, multi-stage infection chains built around stealthy droppers, advanced obfuscation, and automated infrastructure.
Key Highlights:
πΉOver $2M stolen by a single tracked group since January 2025
πΉTwo primary dropper families, MidnightDat and RoundRift, were identified using native decryption and encrypted asset storage.
πΉWonderland, a new SMS stealer with bidirectional WebSocket Cβ, enables real-time command execution, SMS sending, and USSD control.
πΉTelegram remains the central distribution channel, fueled by stolen sessions sold on dark web markets.
πΉThousands of unique samples generated through automated build pipelines to evade signature-based detection
π Read the full analysis here.
#ThreatIntelligence #AndroidMalware
Key Highlights:
πΉOver $2M stolen by a single tracked group since January 2025
πΉTwo primary dropper families, MidnightDat and RoundRift, were identified using native decryption and encrypted asset storage.
πΉWonderland, a new SMS stealer with bidirectional WebSocket Cβ, enables real-time command execution, SMS sending, and USSD control.
πΉTelegram remains the central distribution channel, fueled by stolen sessions sold on dark web markets.
πΉThousands of unique samples generated through automated build pipelines to evade signature-based detection
π Read the full analysis here.
#ThreatIntelligence #AndroidMalware
π10π₯3
πΈ βEasy money. Simple tasks. Work from your phone.β
Our latest analysis exposes a coordinated wave of fake online job ads sweeping across the Middle-East and Africa region. These aren't isolated scams, they are a large-scale, organized operation exploiting the demand for remote work to steal personal data and funds.
Key insights from our investigation:
πΉ Over 1,500 fraudulent job ads identified in 2025, impersonating trusted e-commerce platforms, banks, and even government ministries.
πΉ Ads are highly localized, using Arabic dialects and regional currencies to appear authentic.
πΉ Victims are funneled from social media into private Telegram and WhatsApp groups, where sensitive information and upfront βdepositsβ are collected.
πΉThe scam infrastructure includes fake registration portals, cloned branding, and repeat behavioral patterns among attackers.
Read More.
#CyberSecurity #OnlineScams #MENA #Phishing #DigitalRisk #FraudPrevention #ThreatIntelligence
Our latest analysis exposes a coordinated wave of fake online job ads sweeping across the Middle-East and Africa region. These aren't isolated scams, they are a large-scale, organized operation exploiting the demand for remote work to steal personal data and funds.
Key insights from our investigation:
πΉ Over 1,500 fraudulent job ads identified in 2025, impersonating trusted e-commerce platforms, banks, and even government ministries.
πΉ Ads are highly localized, using Arabic dialects and regional currencies to appear authentic.
πΉ Victims are funneled from social media into private Telegram and WhatsApp groups, where sensitive information and upfront βdepositsβ are collected.
πΉThe scam infrastructure includes fake registration portals, cloned branding, and repeat behavioral patterns among attackers.
Read More.
#CyberSecurity #OnlineScams #MENA #Phishing #DigitalRisk #FraudPrevention #ThreatIntelligence
π₯11β€2π2