A newly uncovered Android malware operation known as Fantasy Hub is raising serious concerns. Sold openly on Russian-speaking Telegram channels, this remote access trojan (RAT) is part of a growing trend of Malware-as-a-Service (MaaS) offerings that lower the barrier to entry for cybercriminals.
📱 What Is Fantasy Hub?
Fantasy Hub is a fully packaged Android RAT that enables attackers to:
- Remotely control infected devices
- Steal SMS messages, contacts, call logs, photos, and videos
- Intercept, reply to, and delete incoming notifications
- Masquerade as legitimate apps, including banking interfaces
🧠 How It Works
The malware is distributed through fake Google Play Store landing pages, which are customized by the attacker. Once a victim installs the trojanized APK, the malware:
- Requests to become the default SMS handler (granting broad permissions)
- Uses overlays to mimic banking apps and steal credentials
- Streams live audio and video via WebRTC
- Abuses Android’s accessibility features to escalate control
The malware’s command-and-control (C2) panel gives attackers real-time access to infected devices and subscription status. It even allows them to issue commands and receive alerts via Telegram bots.
