[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSK8c2UX3Tvsf6NJl43CU366ih36VWAj9SVZINuOZsjY":3},{"article":4,"iocs":45},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":29,"category":30,"article_tags":34},"d84f46b7-50fe-4500-965d-d21e5f9ac6d9","Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps","android-spyware-asin-targets-arabic-users-via-fake-news-pdf-and-war-map-apps-1b9893","Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making use of distinct websites mimicking utilities, war-related updates, and a government news source: govlens[.]net, which","ESET discovered a new Android spyware called Asin targeting Arabic-speaking users since early 2025 through multiple deceptive campaigns. The malware spreads via fake websites impersonating government news sources, PDF editors, and military conflict trackers, with social media promotion on Facebook and Telegram. Suspected targets include journalists and OSINT researchers in Arabic-speaking regions.","Android spyware Asin targets Arabic speakers via fake news, PDF, and war map apps.","Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps Ravie LakshmananJun 05, 2026Spyware \u002F Mobile Security Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making use of distinct websites mimicking utilities, war-related updates, and a government news source: govlens[.]net, which impersonates a government news source (registered on May 27, 2025) pdf-reader[.]help, which impersonates a secure PDF editor (registered on May 29, 2025) live-war-map[.]com, which claims to offer updates on military incidents (registered on January 20, 2025) Two of these websites - govlens[.]net and live-war-map[.]com - were also marketed via dedicated accounts on social media platforms like Facebook and Telegram - www.facebook[.]com\u002FGovLens t[.]me\u002Fliveuamap_ar \"Each of these websites distributes a malicious app that combines legitimate functionality with stealthy spyware capabilities,\" ESET said. The cybersecurity company noted that the Telegram channel's name is likely inspired by Live Universal Awareness Map (Liveuamap), a legitimate, well-known platform dedicated to mapping ongoing conflicts, human rights issues, natural disasters, and geopolitical events across the world. Multiple artifacts associated with Asin have since been identified, including one uploaded to VirusTotal from Türkiye in October 2025, an APK downloaded from the domain \"c-pdf[.]net\" in December 2025 by a user on a Xiaomi Redmi Note 13 Pro device running Android 15, and a third sample masquerading as \"Syria Defense Map\" detected on a Xiaomi Redmi Note 13 Pro+ 5G devices running Android 15 in around mid-January 2026. In the last case, the APK is said to have been downloaded from a website named \"syriadefensemap[.]com.\" It's worth noting that the user is required to manually install the app and grant it the necessary permissions for the spyware to realize its goals. The activity cluster, per ESET, remains unattributed. It's also not known what the primary objectives of these campaigns are. However, based on the lures used, it's suspected that journalists and OSINT researchers in Arabic-speaking regions may have been the target. \"Three out of the five fraudulent apps we unearthed - GovLens, WarMap, and Syria Defense Map - seem primarily intended for people interested in open-source investigation,\" the company said. \"It thus seems possible that this set of activities may have been, at least partially, meant to target Arabic-speaking journalists or OSINT practitioners.\" Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  Android, cybersecurity, ESET, Facebook, Journalism, Malware, mobile security, OSINT, Spyware, Telegram ⚡ Top Stories This Week Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm ⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More Malicious npm Package Stole Files From Claude AI User Directory via GitHub GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions ⭐ Featured Resources Your Employees Are Using AI in Ways You Can’t See – 2026 State of AI Report Learn How to Stop Attacks Before They Reach Your EDR – With PHASR Watch AI Turn Vulnerabilities Into Working Exploits in Minutes (See the Demo) [Guide] The Real Security Risks of Shadow AI (And Where You’re Exposed)","https:\u002F\u002Fthehackernews.com\u002F2026\u002F06\u002Fandroid-spyware-asin-targets-arabic.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEimTj2SdhVr1jj9e2RqrAOW9dIsBmuMZJsqWGt6weL0DOfhwYQF_6Hp5B-sYt6ZZEGQB_YPTOW6Xb2x5JygleEwCp8FQFmKDBIfQlCP1QVLGuVGPboCcbXy8LB0oUDSwA-3w6Vqc9QQFiRAaQKqQ2m2EdPopVIWcp7RHtdXbrd9ucWSfEG4D3h2bu1d9dN3\u002Fs1600\u002Fandroid-war.png","2026-06-05T14:53:40+00:00","2026-06-05T18:00:17.851477+00:00",8,[18,21,24,26],{"name":19,"type":20},"ESET","vendor",{"name":22,"type":23},"Android","product",{"name":25,"type":23},"Xiaomi Redmi Note 13 Pro",{"name":27,"type":28},"OSINT","technology","89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5",{"id":29,"icon":31,"name":32,"slug":33},null,"Malware","malware",[35,40],{"category":36},{"id":37,"icon":31,"name":38,"slug":39},"614132b8-5837-4952-b8b5-c6c9a32a1d85","Privacy","privacy",{"category":41},{"id":42,"icon":31,"name":43,"slug":44},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[46,50,53,56,59,62],{"type":47,"value":48,"context":49},"domain","govlens[.]net","Fake government news source distributing Asin malware, registered May 27, 2025",{"type":47,"value":51,"context":52},"pdf-reader[.]help","Fake PDF editor domain distributing Asin spyware, registered May 29, 2025",{"type":47,"value":54,"context":55},"live-war-map[.]com","Fake military conflict tracker distributing Asin, registered January 20, 2025",{"type":47,"value":57,"context":58},"c-pdf[.]net","Domain from which Asin APK was downloaded in December 2025",{"type":47,"value":60,"context":61},"syriadefensemap[.]com","Domain hosting Syria Defense Map malicious APK detected January 2026",{"type":33,"value":63,"context":64},"Asin","Android spyware targeting Arabic speakers via fake utility and news apps"]