The malware operates by masquerading as legitimate applications, using deceptive names such as “Presidential Support,” “Financial Assistance,” and even mimicking established banking applications to lure unsuspecting victims into installation. The scale and sophistication of the operation suggests a well-organized criminal enterprise with defined roles including administrators, workers, malware developers, and specialized “vbivers” who verify stolen card details for fraudulent withdrawals. The malware, dubbed Qwizzserial, represents a dangerous evolution in mobile banking fraud, exploiting the region’s heavy reliance on SMS-based authentication systems for financial transactions. A sophisticated Android malware campaign targeting banking credentials and two-factor authentication codes has emerged as a significant threat to users across Central Asia, particularly in Uzbekistan. The malware now utilizes HTTP POST requests to gate servers rather than direct Telegram API communication, demonstrating continuous development and refinement of its operational security measures. Group-IB analysts identified the malware during their investigation into related Android threats, noting its sophisticated distribution network that mirrors the well-documented Classiscam fraud infrastructure. The malware’s primary distribution vector is Telegram, where threat actors create convincing channels posing as government entities offering financial assistance programs. Once permissions are secured, victims are presented with a convincing interface requesting two phone numbers and complete banking card details including expiration dates. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 02 Jul 2025 19:30:16 +0000