- Asin, a new Android spyware, specifically targets Arabic-speaking users by mimicking legitimate apps and news sources.
- The malware spreads through fraudulent websites and social media channels impersonating government news, PDF utilities, and war maps.
- Security researchers from ESET suspect the campaigns aim to compromise journalists and open-source intelligence (OSINT) practitioners.
- The operation remains unattributed, with its primary objectives still unknown to cybersecurity analysts.
Arabic-speaking Android users are being actively targeted by a sophisticated new spyware campaign, according to findings from Slovakian cybersecurity firm ESET. Dubbed Asin, the malware was first detected in early 2025 through multiple deceptive campaigns.
These attacks used distinct fraudulent websites like govlens[.]net and live-war-map[.]com to distribute malicious applications. Consequently, two of these sites were promoted via dedicated accounts on platforms including Facebook and Telegram.
The campaign cleverly impersonates a legitimate platform, likely inspired by the well-known Live Universal Awareness Map. Meanwhile, victims are required to manually install the apps and grant extensive permissions.
Multiple Asin artifacts have been identified, including an APK downloaded from “c-pdf[.]net” in December 2025. Another sample masqueraded as “Syria Defense Map” and was detected on a Xiaomi device in mid-January 2026.
However, the activity cluster remains unattributed, and its primary objectives are unclear. “It thus seems possible that this set of activities may have been, at least partially, meant to target Arabic-speaking journalists or OSINT practitioners,” ESET said.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
