Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps

Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making use of distinct websites mimicking utilities, war-related updates, and a government news source: govlens[.]net, which

The article describes Asin, a new Android spyware family targeting Arabic-speaking users via fake government news, PDF editor, and war-map mobile apps distributed from domains such as govlens[.]net, pdf-reader[.]help, and live-war-map[.]com.[1] ESET reports that these malicious apps blend real functionality with stealthy surveillance features, are promoted through social media (Facebook and Telegram), and appear to be aimed at journalists and OSINT researchers in conflict-focused regions.[1] From a CyberSE.AI perspective, such campaigns increase the risk that mobile devices used to access or interact with AI systems (e.g., for collection, analysis, or field reporting) are already compromised, enabling covert exfiltration of prompts, analysis outputs, and sensitive sources. Organizations relying on mobile tooling for intelligence or reporting should pair AI CISO Advisory for governance and device-hardening policies with Continuous AI Red Teaming to test how well their AI workflows and agents withstand operation on potentially compromised endpoints.