Q4 2025 Malware Trends: Telegram Backdoor, Banking Trojans Surge, Joker Returns to Google Play

Telegram mods spread a powerful Android backdoor as banking trojans surge and Joker malware resurfaces on Google Play in Q4 2025, says Doctor Web.

A modified version of Telegram X has been used to infect tens of thousands of Android devices with a sophisticated backdoor, according to the latest Q4 2025 mobile malware report by Doctor Web.

The malware, labeled Android.Backdoor.Baohuo.1.origin, was hidden inside unofficial builds of the popular messaging app and distributed through third-party app catalogs and suspicious websites.

Once installed, the malware grants attackers the ability to control the victim’s Telegram account, effectively allowing them to act as if they were the user themselves. That includes joining or leaving channels, hiding new logins from account history, and even hiding specific messages. The goal appears to be long-term control without alerting the user.

Doctor Web reported that around 58,000 devices had been infected ...