iverify.io - Android malware-as-a-service platforms like PhantomOS and Nebula offer powerful malware kits and scalable distribution tools, no technical skills required.

With new malware-as-a-service (MaaS) platforms like PhantomOS and Nebula, cybercriminals can now attack Android devices more easily than ever. You don't have to write any code. Attackers can buy ready-to-use malware kits for as little as $300 a month. Some of these kits come with features 2FA interception, the ability to bypass antivirus software, silent app installs, GPS tracking, and even phishing overlays that are specific to a brand. The platforms come with everything they need, like support through Telegram, backend infrastructure, and built-in ways to get around Google Play Protect. This change is like what happened when ransomware-as-a-service (RaaS) first came out. These threats are no longer just for skilled cybercriminals. Anyone with a Telegram account and a few hundred dollars can get them now.

Malware Campaigns, No Skills Required
In the past, running an Android banking trojan or spyware campaign required expertise – one had to set up command-and-control servers, manage cryptographic signing of malicious apps, test against antivirus, and so on. Now, much of that heavy lifting is handled by the MaaS operators. Criminal customers simply pay a fee and receive a ready-to-deploy malicious APK, often customized to their needs.

Consider PhantomOS, a recent MaaS offering geared toward fraudsters. PhantomOS is marketed as “the world’s most powerful Android APK malware-as-a-service”. Its feature set reads like a penetration tester’s wish list: remote silent installation of apps onto the victim’s device, interception of SMS messages and one-time passcodes (OTP) for 2FA, the ability to remotely hide the malicious app to prevent the victim from removing it, and even an overlay system that loads phishing pages inside the app’s interface.