Cyber security
Summary is AI-generated, newsdesk-reviewed
  • zLabs reveals Fantasy Hub, an Android RAT sold as Malware-as-a-Service, targeting finance.
  • Fantasy Hub includes tools for device control, data theft, and fake banking credentials.
  • Fantasy Hub MaaS makes spyware deployment accessible, impacting financial and enterprise security.
Related Links

Researchers at zLabs have identified a new Android threat known as Fantasy Hub, a Remote Access Trojan (RAT) sold as a Malware-as-a-Service (MaaS) package in Russian-speaking marketplaces.

This spyware provides a broad spectrum of surveillance and control functionalities, such as stealing SMS messages, contacts, and call logs, live streaming audio and video, and presenting fake banking interfaces to capture user credentials.

Full-Service Spyware Offering

Fantasy Hub differs from standalone malware kits by offering a comprehensive service package, which includes seller documentation, instructional videos, and a subscription bot hosted on Telegram. This MaaS is designed to simplify deployment for users.

Integrated Instruction and Automation

Purchasers of Fantasy Hub are given extensive guidelines to create fraudulent Google Play pages, along with app icons and naming conventions that mimic legitimate applications.

These instructions include replicating pages from well-known services, such as Telegram, to deceive users into downloading the malicious software.

Subscription Model Ease of Access

The ease of entry into this malicious ecosystem is facilitated by a subscription-based model, which includes documentation, bot management, and options for automated builds. This makes the complex spyware accessible even to novices.

Financially Motivated Impersonation

Fantasy Hub targets financial institutions, including Alfa, PSB, Tbank, and Sber, to phish for mobile banking credentials. Additionally, it misuses Android's default SMS handler capabilities to intercept two-factor authentication messages, forwarding them secretly to attackers.

Evasion and Detection Avoidance

To evade security analysis and detection, the malware masquerades as a Google Play update and assesses the device's environment before activation.

The emergence of Fantasy Hub's MaaS platform illustrates the ongoing trend of sophisticated mobile malware becoming increasingly commoditized. With easy-to-follow instructions and automated features, even attackers with limited technical skills can execute complex targeting campaigns focusing on financial data and enterprise BYOD systems.

"Fantasy Hub shows how professionalized seller support is turning complex spyware into accessible services," commented Vishnu Pratapagiri, a researcher at zLabs. "Organisations must assume even legitimate-looking apps could hide malicious droppers capable of intercepting authentication and sensitive data."

Stay ahead of the trends on securing physical access control systems through layered cybersecurity practices.

Show full press release
Related white papers
Aligning physical and cyber defence for total protection

Aligning physical and cyber defence for total protection

Download
Combining security and networking technologies for a unified solution

Combining security and networking technologies for a unified solution

Download
System design considerations to optimize physical access control

System design considerations to optimize physical access control

Download
Related articles
How physical security consultants ensure cybersecurity for end users

How physical security consultants ensure cybersecurity for end users
How managed detection and response enhances cybersecurity management in organisations

How managed detection and response enhances cybersecurity management in organisations
Drawbacks of PenTests and ethical hacking for the security industry

Drawbacks of PenTests and ethical hacking for the security industry