Baohuo, the gray eminence. Android backdoor hijacks Telegram accounts, gaining complete control over them
ID: cfd53ae3-822a-5323-acd0-479410507103
STIX ID: report--cfd53ae3-822a-5323-acd0-479410507103
Feed Name: Dr.Web News
Threat Score
**Doctor Web identified Android.Backdoor.Baohuo.1.origin — a trojanized Telegram X messenger distributed via malicious ad redirects and third‑party APK stores — which gives attackers full remote control over victims' Telegram accounts, exfiltrates credentials, chat history, clipboard data and device information, and uniquely supports command-and-control via Redis; over 58,000 devices across many countries are reported infected.**
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.