Fantasy Hub: Another Russian Based RAT as Malware-as-a-Service
Essential information
- Published
- 10/11/2025 11:34
- Modified
- 10/11/2025 12:12
- Tags
- 2025-11-10 android banking fantasy hub financial maas rat russian sms spyware
- Related entities
- 169 observables, 1 malware, 2 others
Description
A new Android Remote Access Trojan called Fantasy Hub has been identified, sold on Russian-language channels as a Malware-as-a-Service (MaaS) subscription. The malware offers extensive device control and espionage capabilities, including SMS exfiltration, contact theft, call log access, and bulk image and video theft. It can intercept, reply to, and delete incoming notifications. The spyware is promoted online with detailed capabilities and instructions for creating fake Google Play pages to evade detection. Fantasy Hub targets financial institutions, deploying fake windows to obtain banking credentials. The MaaS model includes seller documentation, videos, and a bot-driven subscription system, making it accessible to novice attackers.