zLabs uncovers‘ Fantasy Hub’ Russian Android RAT sold as Malware-as-a-Service logs, live audio and video streaming, and fake banking login screens to steal credentials.
Al Baraka Islamic Bank adopts eKey 2.0 for Business to enhance digital onboarding
CISO news
zLabs uncovers‘ Fantasy Hub’ Russian Android RAT sold as Malware-as-a-Service logs, live audio and video streaming, and fake banking login screens to steal credentials.
Unlike standalone malware kits, Fantasy Hub operates as a turnkey service complete with seller documentation, how-to videos and a Telegram-based subscription bot. Subscribers receive detailed instructions for creating counterfeit Google Play pages, app icons and cloned versions of trusted apps, including Telegram, to deceive users into installing the malicious dropper. to steal mobile banking credentials.
• Abuse of SMS privileges: Exploits Android’ s SMS handler role to intercept two-factor authentication messages without the user’ s knowledge.
• Evasion tactics: Disguised as a Google Play update, it checks device environments to avoid analysis and detection.
Fantasy Hub’ s MaaS model demonstrates how advanced mobile spyware is being commoditised. With integrated automation and support, even low-skilled attackers can deploy sophisticated campaigns targeting financial systems and enterprise BYOD devices.
Labs researchers have uncovered Fantasy Hub, an Android Remote z
Access Trojan( RAT) being sold on Russian-language channels as a Malware-asa-Service( MaaS) subscription. The spyware enables full device compromise, including theft of SMS messages, contacts and call
Key findings include:
• Subscription-based model: Lowers the barrier to entry with automation, botbased management and builder tools.
• Financial targeting: Used to impersonate banks such as Alfa, PSB, Tbank and Sber
“ Fantasy Hub shows how professionalised seller support is turning complex spyware into accessible services” said Vishnu Pratapagiri, zLabs researcher:“ Organisations must assume even legitimate-looking apps could hide malicious droppers capable of intercepting authentication and sensitive data.”
Al Baraka Islamic Bank adopts eKey 2.0 for Business to enhance digital onboarding
l Baraka Islamic Bank has signed an agreement with Beyon
A
Connect, part of the Beyon Group, to adopt eKey 2.0 for Business( EKEY-B), Bahrain’ s national digital identity authentication and consent-based eKYC platform for the private sector.
Through this agreement, Al Baraka Islamic Bank is among the first financial institutions in Bahrain to begin onboarding to the EKEY-B platform. Once integrated, the bank will leverage advanced biometric authentication and secure digital onboarding to offer customers a seamless, passwordless banking experience.
Protection Law( PDPL) and the highest standards of data security, regulatory compliance and privacy.
“ Adopting EKEY for Business represents a key step in our ongoing Digital Transformation journey,” said Dr. Adel Abdulla Salem, CEO, Al Baraka Islamic Bank.“ This collaboration with Beyon
Connect allows us to offer customers faster, safer and more convenient access to our banking services, while remaining fully aligned with our regulatory and compliance framework.”
The initiative supports Bahrain’ s vision of advancing a secure, inclusive and digitally driven economy.
The collaboration reflects Al Baraka’ s strategic focus on enhancing digital service delivery in line with its Shari’ a- compliant values, while maintaining full adherence to Bahrain’ s Personal Data
12 WWW. INTELLIGENTCISO. COM