New Android Malware ‘Fantasy Hub’ Spies on Users’ Calls, Contacts, and Messages

Russian-based threat actors are actively distributing a sophisticated Android Remote Access Trojan called “Fantasy Hub” via Telegram-based Malware-as-a-Service channels, marking a significant escalation in mobile-focused cybercrime.

Fantasy Hub represents a dangerous convergence of advanced evasion techniques, social engineering tactics, and deep system-level access.

Security researchers from Zimperium’s zLabs have documented extensive capabilities of this spyware, which operates under a paid subscription model designed to lower barriers to entry for novice attackers seeking to compromise Android devices at scale.

The malware can exfiltrate SMS messages, contacts, call logs, images, and videos while maintaining the ability to intercept, modify, and delete incoming notifications.

Threat actors leveraging this toolkit have specifically targeted financial institutions including Alfa-Bank, PSB, Tbank, and Sber by deploying custom phishing windows that masquerade as legitimate banking applications to harvest credentials.

The operational structure of Fantasy Hub demonstrates how Malware-as-a-Service platforms democratize sophisticated cybercrimes.

Buyers can ...