Emerging Threat: Android Malware Posing as Security Tool
A new strain of Android malware, cleverly disguised as a security application, is making waves in the Russian business landscape. Cybersecurity experts from Doctor Web have identified this backdoor, named Android.Backdoor.916.origin, which has been disseminated through an app called GuardCB, first surfacing in early 2025.
This app, masquerading as an antivirus solution, is equipped with an array of surveillance capabilities. Its interface is exclusively in Russian, and its logo closely resembles that of the Central Bank of Russia, a tactic designed to instill trust among users. Variants of the malware have also emerged under names like SECURITY_FSB and FSB, further enhancing its deceptive alignment with state or law enforcement entities.
According to Doctor Web, the app requests an extensive range of permissions, including:
- Device location
- Microphone and camera access
- Messages and call logs
- Contacts and administrator rights
Additionally, it seeks access to popular applications such as WhatsApp, Telegram, Chrome, Gmail, and Yandex, indicating a comprehensive strategy to harvest sensitive communication data. This level of access enables hackers to stream live video and audio, capture images, access stored files, monitor keystrokes, and track communications and geolocation in real time.
To bolster its façade of legitimacy, the app conducts simulated antivirus scans and produces fabricated threat results, often claiming to eliminate between one and three detected threats. This tactic serves to reassure users while covertly compromising their security.
While researchers have yet to link this malware to a specific actor or confirm any ties to espionage activities, the extensive permissions it demands and its targeted nature raise alarms about possible state or state-aligned involvement. This discovery emerges in the context of escalating cyber conflicts in the region, where pro-Ukrainian groups are actively targeting Russian networks.
The emergence of this malware highlights the increasing sophistication of mobile surveillance tools and the significant risks they pose to both organizational integrity and national security.
