Contact us
Contact us

News

About

Home Crypto News Android spyware Asin targets Arabic journalists, OSINT

Android spyware Asin targets Arabic journalists, OSINT

Author Whitewallet Research
Posted: 5 June 2026, 17:03 CET 2 min read

ESET reported Asin spread via fake Arabic-language government news, PDF and live-war-map apps; users had to sideload APKs and grant permissions for spying to work.

Slovak cybersecurity firm ESET identified an Android spyware campaign it calls Asin that targeted Arabic-speaking journalists and open-source investigators. The malware was delivered through fake apps that posed as a government news service, a PDF editor and a live war-map service. ESET first detected multiple waves of the campaign in early 2025.

ESET identified the domains used to host the malware and recorded their registration dates. The spoofed government news site used govlens[.]net (registered May 27, 2025), the fake PDF utility used pdf-reader[.]help (registered May 29, 2025) and the war-map lure used live-war-map[.]com (registered January 20, 2025). Two of the sites were promoted through dedicated Facebook and Telegram accounts identified by ESET.

The malicious packages were distributed as Android APKs that required users to install them manually and grant the requested permissions. ESET said each app combined legitimate features with hidden surveillance functions. “Each of these websites distributes a malicious app that combines legitimate functionality with stealthy spyware capabilities,” the firm reported.

Researchers found multiple artifacts tied to Asin. One sample was uploaded to VirusTotal from Türkiye in October 2025. Another APK was downloaded in December 2025 from c-pdf[.]net onto a Xiaomi Redmi Note 13 Pro running Android 15. A third sample presented as “Syria Defense Map” was detected around mid-January 2026 after being downloaded from syriadefensemap[.]com onto a Xiaomi Redmi Note 13 Pro+ 5G device running Android 15.

ESET noted that three of the five fraudulent apps it uncovered-GovLens, WarMap and Syria Defense Map-appear aimed at people conducting open-source investigations. The company reported the campaign relies on social engineering and manual installation rather than exploiting zero-day vulnerabilities. ESET has not published a full technical breakdown, and it said the activity cluster remains unattributed and its primary objectives are not yet established.

Whitewallet Research
Author

Articles by this author

Malware in Pirated PC Games Steals Passwords and Crypto
Malware in Pirated PC Games Steals Passwords and Crypto
jun 8
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
jun 8
Custodial vs non-custodial wallet
Custodial vs non-custodial wallet
may 30
What is a crypto seed phrase
What is a crypto seed phrase
may 25
Seed phrase vs private key
Seed phrase vs private key
may 21

Latest News

MORE
Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

jun 12 2 min read
Coinbase Lets AI Agents Trade Inside User-Controlled Limits

Coinbase Lets AI Agents Trade Inside User-Controlled Limits

jun 12 2 min read
Hackers Impersonate ChatGPT, Claude and DeepSeek

Hackers Impersonate ChatGPT, Claude and DeepSeek

jun 11 2 min read
Delaware advances bill to ban crypto ATMs after scam surge

Delaware advances bill to ban crypto ATMs after scam surge

jun 11 2 min read
MORE