Android Backdoor Baohuo: 58K Devices Infected via Fake Telegram X

Security researchers at Doctor Web have uncovered a sophisticated Android backdoor, Android.Backdoor.Baohuo.1.origin, disguised as Telegram X. This malware grants cybercriminals complete control over victims’ accounts and devices, affecting over 58,000 devices globally. The backdoor spreads through malicious websites and third-party app stores, using unprecedented control mechanisms via Redis database integration. It can steal credentials, chat histories, and personal data, while concealing evidence of compromise. The malware operates through three distinct modification variants, ensuring full functionality to prevent user suspicion. Doctor Web’s analysis reveals that the attack is tailored for specific markets, with the potential to expand to additional regions.

Latest mentioned: 10-24

Earliest mentioned: 10-23

Sources

hackread.com drweb.com drweb.com gbhackers.com

Also Read

Qilin Ransomware Continues to Impact Manufacturing Sector

In the second half of 2025, the Qilin ransomware group has continued to publish victim information on its leak site, impacting over 40 cases per month. The manufacturing sector has been the most affected, followed by professional and scientific services, and wholesale trade. The attackers have used tools like Cyberduck for data exfiltration and legitimate Windows applications like mspaint.exe and notepad.exe to inspect sensitive information. The group employs a double-extortion strategy, combining file encryption with the threat of public data exposure.

10-27Read more →