"Arsink Spyware Posing as WhatsApp, YouTube, Instagram, TikTok Hits 143 Countries" 30 January 2026

Researchers at Zimperium zLabs have identified Arsink, a dangerous Android Trojan that impersonates 50+ popular brands, including WhatsApp and TikTok. With over 45,000 victims across 143 countries, this malware grants hackers complete remote control to record audio, read text messages, and wipe devices.

A massive new spying operation has been caught targeting Android users across 143 countries. The malware, known as Arsink, is what experts call a Remote Access Trojan (RAT). The team at zLabs (part of the security firm Zimperium) discovered the threat after finding 1,216 unique versions of the malicious software...

...As zLabs researchers explained in their detailed blog post, shared with Hackread.com, this is a rather simple trick where hackers impersonate more than 50 world-famous brands like WhatsApp, Instagram, YouTube, and TikTok...

...Once Arsink is inside, it starts a “continuous background service” to ensure it never turns off. Researchers noted that the malware has a terrifying list of abilities. This includes the ability to listen to your conversations through the microphone and steal your photos, read every text message you send or receive, and see your contacts, call history, and even your Google account email...

...This isn’t just happening in one place. The infection has a massive footprint, with about 45,000 devices hit so far, with the biggest clusters identified in Egypt (around 13,000 phones), Indonesia (7,000), and Iraq (3,000)...

...While Zimperium worked with Google to shut down the malicious accounts and databases linked to the attack, the threat isn’t gone...