A new Android malware posing as an antivirus tool software created by Russia’s Federal Security Services agency (FSB) is being used to target executives of Russian businesses.
In a new report from Russian mobile security firm Dr. Web, researchers track the new spyware as ‘Android.Backdoor.916.origin,’ finding no links to known malware families.
Among its various capabilities, the malware can snoop on conversations, stream from the phone’s camera, log user input with a keylogger, or exfiltrate communication data from messenger apps.
Dr. Web reports that, since the initial discovery of this malware in January 2025, it has sampled multiple subsequent versions, indicating continuous development.
Based on the distribution lures, infection methods, and the fact that its interface only offers the Russian language option, the researchers believe it was designed for targeted attacks against Russian businesses.
Dr. Web has seen two main branding attempts, one named “GuardCB,” impersonating the Central Bank of the Russian Federation, and two variants named “SECURITY_FSB” and “ФСБ” (FSB), supposedly attempting to impersonate software from the Russian intelligence agency.
“At the same time, its interface provides only one language – Russian. That is, the malicious program is entirely focused on Russian users,” reports Dr. Web.
“This is confirmed by other detected modifications with file names such as “SECURITY_FSB”, “FSB” and others, which cybercriminals are trying to pass off as security programs allegedly related to Russian law enforcement agencies.”
Although the antivirus tool lacks security-related features, it attempts to mimic a genuine security tool to prevent the victim from removing it from their device.