OREANDA-NEWS  Hackers began distributing malware for Android mobile devices under the guise of an antivirus named "GuardCB" and an icon resembling the emblem of the Central Bank of the Russian Federation; the attack is aimed at representatives of Russian business, according to a release from Doctor Web.

"Doctor Web Company announces the spread of a multifunctional Android backdoor.Backdoor.916.origin for Android mobile devices, which attacks representatives of Russian businesses. The malware is capable of executing multiple commands from intruders and has extensive capabilities for surveillance and data theft," the report said.

"Attackers distribute a backdoor APK file through private messages in messengers under the guise of an antivirus named "GuardCB". The application has an icon resembling the emblem of the Central Bank of the Russian Federation on the background of a shield. However, its interface provides only one language — Russian. That is, the malware is entirely targeted at Russian users," the company adds.

The malware is able to listen to conversations, broadcast from the camera, and steal the contents of messengers and browsers. It can also record all keystrokes on the keyboard to intercept text input, including passwords. Upon first launch, the file requests a variety of permissions, including access to geolocation, audio recording, SMS, contacts, call list, camera, photos, and permission to work in the background.
According to the company, the first versions of this backdoor appeared in January 2025. Experts suggest that the virus is most likely intended for use in targeted attacks, rather than for mass distribution among owners of Android devices.