Android Backdoor Baohuo: 58,000 Devices Infected

Cyber Security News by CyberSum.net

Published on October 24, 2025 at 06:00 PM

5 sources

Security researchers at Doctor Web have uncovered a sophisticated Android backdoor disguised as Telegram X, granting cybercriminals complete control over victims’ accounts and devices. The malware, identified as Android.Backdoor.Baohuo.1.origin, has infected over 58,000 devices worldwide, with around 20,000 active infections. It spreads through malicious websites and third-party app stores, targeting various Android devices including smartphones, tablets, and even cars. The backdoor uses unprecedented control mechanisms through Redis database integration, allowing attackers to manipulate accounts and steal sensitive data.

Also Read

Qilin Ransomware Continues to Impact Manufacturing

In the second half of 2025, the Qilin ransomware group has continued to publish victim information on its leak site at a pace of more than 40 cases per month, making it one of the most impactful ransomware groups worldwide. The manufacturing sector has been the most affected, followed by professional and scientific services, and wholesale trade. Although this could be a false flag, some of the scripts used by the attacker contained character encodings that point to Eastern Europe or a Russian-speaking region. Talos identified an open-source tool named Cyberduck, which enables file transfers to cloud servers, among the tools used for data exfiltration.

By Cyber Security News by CyberSum.netOctober 27, 2025 at 04:45 PM