Android backdoor spies on employees of Russian businesses

Doctor Web reports Android.Backdoor.916.origin, a targeted Android backdoor active since January 2025 that masquerades as a Russian-themed antivirus app to trick Russian business users into installing an APK; it requests extensive permissions and leverages Accessibility and device-admin capabilities to persist, record audio/video/screen, keylog, and exfiltrate SMS, contacts, call history, geolocation and media to multiple C2 servers, with published IoCs and detection/removal guidance.