FireScam Android Malware Threats Sensitive Data and Evasion Techniques

A new Android malware threat, dubbed FireScam, has been revealed by security researchers. The malware is described as a sophisticated Android threat masquerading as a Telegram Premium app, but its true intentions are far more sinister.

FireScam exfiltrates sensitive data, including notifications and messages, to a Firebase real-time database endpoint. It also monitors device activities, such as screen state changes, e-commerce transactions, clipboard activity, and user engagement. Notably, the malware captures notifications across various apps, including system apps.

The threat is distributed through a phishing site masquerading as the RuStore App Store, popular in Russia. However, the attackers are not limited to this region and may target users worldwide.

Cybersecurity experts warn that FireScam poses a significant threat to individuals and organizations due to its multi-stage technique, which starts with a dropper mechanism and ends with data exfiltration and on-device surveillance. Experts recommend users exercise caution when opening files from untrusted sources or clicking on unfamiliar links, use reputable antivirus software, keep all software up to date, and stay vigilant against social engineering attacks.

To mitigate the risk of FireScam, Android users should be cautious when installing apps from unknown sources and regularly update their devices with the latest security patches.

Source: https://www.forbes.com/sites/daveywinder/2025/01/05/android-under-attack-users-warned-as-firescam-threat-evades-detection