Our latest investigation reveals a sophisticated Android malware campaign, codenamed Ajina, targeting Central Asia. Named after a mythical spirit from Uzbek folklore, this malware deceives users by posing as legitimate apps, compromising personal and financial data across the region. Our investigation revealed over 1,400 unique samples, highlighting the attackers' regional knowledge and growing reach.
Discover how these malicious actors are spreading malware through Telegram, the techniques they're using, and the broader implications for users and businesses alike.
๐ก๏ธ Stay informed and stay secure.
Read the full analysis by our experts now
#CyberSecurity #ThreatIntelligence #infosec #FightAgainstCybercrime #AndroidMalware #Telegram
Discover how these malicious actors are spreading malware through Telegram, the techniques they're using, and the broader implications for users and businesses alike.
๐ก๏ธ Stay informed and stay secure.
Read the full analysis by our experts now
#CyberSecurity #ThreatIntelligence #infosec #FightAgainstCybercrime #AndroidMalware #Telegram
๐7๐ฅ5
๐จ Qwizzserial: The New Face of Android SMS Stealers primarily in Uzbekistan!
A previously unknown malware family is making waves across Uzbekistan, blending social engineering with technical stealth to bypass defenses and hijack finances.
Key Highlights:
๐น Over 100,000 Android infections in just 3 months
๐น Telegram bots used to auto-generate malware disguised as government aid apps
๐น $62,000+ stolen by a single group using fake โfinancial supportโ schemes
๐น Advanced evasion techniques: USSD SIM hijacking, infinite preloaders, obfuscation with NP Manager and Allatori
This is not just another stealer โ itโs the evolution of the Classiscam model.
Read the full breakdown, infrastructure, attribution, and mitigation tips in our technical blog.
#AndroidMalware #ThreatIntel #Classiscam #Qwizzserial #SMSStealer #FightAgainstCybercrime
A previously unknown malware family is making waves across Uzbekistan, blending social engineering with technical stealth to bypass defenses and hijack finances.
Key Highlights:
๐น Over 100,000 Android infections in just 3 months
๐น Telegram bots used to auto-generate malware disguised as government aid apps
๐น $62,000+ stolen by a single group using fake โfinancial supportโ schemes
๐น Advanced evasion techniques: USSD SIM hijacking, infinite preloaders, obfuscation with NP Manager and Allatori
This is not just another stealer โ itโs the evolution of the Classiscam model.
Read the full breakdown, infrastructure, attribution, and mitigation tips in our technical blog.
#AndroidMalware #ThreatIntel #Classiscam #Qwizzserial #SMSStealer #FightAgainstCybercrime
โค8๐2
๐จAndroid-based financial fraud in Uzbekistan has entered a new stage of operational maturity, with threat actors shifting from simple SMS stealers to sophisticated, multi-stage infection chains built around stealthy droppers, advanced obfuscation, and automated infrastructure.
Key Highlights:
๐นOver $2M stolen by a single tracked group since January 2025
๐นTwo primary dropper families, MidnightDat and RoundRift, were identified using native decryption and encrypted asset storage.
๐นWonderland, a new SMS stealer with bidirectional WebSocket Cโ, enables real-time command execution, SMS sending, and USSD control.
๐นTelegram remains the central distribution channel, fueled by stolen sessions sold on dark web markets.
๐นThousands of unique samples generated through automated build pipelines to evade signature-based detection
๐ Read the full analysis here.
#ThreatIntelligence #AndroidMalware
Key Highlights:
๐นOver $2M stolen by a single tracked group since January 2025
๐นTwo primary dropper families, MidnightDat and RoundRift, were identified using native decryption and encrypted asset storage.
๐นWonderland, a new SMS stealer with bidirectional WebSocket Cโ, enables real-time command execution, SMS sending, and USSD control.
๐นTelegram remains the central distribution channel, fueled by stolen sessions sold on dark web markets.
๐นThousands of unique samples generated through automated build pipelines to evade signature-based detection
๐ Read the full analysis here.
#ThreatIntelligence #AndroidMalware
๐10๐ฅ3