Olivia
Online
F3D ツ
@f3d__
i used to break things.
Italy
Joined May 2013
488 Following
684 Followers
1.1K Posts
[1/4] 🚨 We tracked Mirax, a new Android RAT and banking malware operating as a private MaaS. First promoted on underground forums in December 2025, it's been actively targeting Spanish-speaking countries through Meta ad campaigns, reaching over 200,000 accounts.
![cleafylabs's tweet photo. [1/4] 🚨 We tracked Mirax, a new Android RAT and banking malware operating as a private MaaS. First promoted on underground forums in December 2025, it's been actively targeting Spanish-speaking countries through Meta ad campaigns, reaching over 200,000 accounts. https://t.co/sIK9QI4lNt](https://pbs.twimg.com/media/HFjWA0lXsAADtsF.jpg)
@0xabc0 still too many gaps to be filled, tbh
🥶
(1/6) 🚨 Our team tracked a large-scale MaaS operation that deployed PlayPraetor to infect over 11,000 Android devices globally. PlayPraetor is an Android RAT that facilitates On-Device Fraud (ODF) by giving operators complete real-time control over compromised devices.
@Rolf_Govers Nice, I'll be there as a speaker. Let's meet up!
@0xabc0 premium service starting soon? 👀
@LukasStefanko Another medal 🥇😂
@fs0c131y "it's OSINT time"? 👀
(1/5)‼️ Our team has dissected "SuperCard X," a novel Android malware leveraging NFC relay for fraudulent cash-out. This MaaS campaign, attributed to Chinese-speaking threat actors, presents an intriguing case study in evolving mobile fraud techniques.
#Zanubis guys back at it again, with another debug build
https://t.co/40wmZS8Utb
147.78.103.19
https://t.co/LVaer0XGlY
seems like they gave up on encryption and just base64 everything
@9823f_ Interesting. Could you share samples of the 2023 campaigns?
[Update] All the messages from their official TG channel have been removed 🧐
![f3d__'s tweet photo. [Update] All the messages from their official TG channel have been removed 🧐 https://t.co/h8VUBEduls](https://pbs.twimg.com/media/Gd9oYjnWIAAvk98.jpg)
[1/7] 🚨 We tracked a new Android banking trojan fraud operation dubbed DroidBot. We were able to observe active campaigns against UK, Italy, France, Turkey, Spain and Portugal targeting 77 distinct entities, including banking institutions and crypto-exchanges.
![cleafylabs's tweet photo. [1/7] 🚨 We tracked a new Android banking trojan fraud operation dubbed DroidBot. We were able to observe active campaigns against UK, Italy, France, Turkey, Spain and Portugal targeting 77 distinct entities, including banking institutions and crypto-exchanges. https://t.co/ox6sQtGST1](https://pbs.twimg.com/media/Gd9lhOuXEAE8LDt.jpg)
Our latest investigation 🇨🇳
[1/6] 🚨We tracked a new Android banking trojan fraud operation dubbed ToxicPanda, which has intriguing connections with tgToxic. According to our investigation, TAs are currently targeting European and LATAM countries.
![cleafylabs's tweet photo. [1/6] 🚨We tracked a new Android banking trojan fraud operation dubbed ToxicPanda, which has intriguing connections with tgToxic. According to our investigation, TAs are currently targeting European and LATAM countries. https://t.co/Mn7kSZf8Ny](https://pbs.twimg.com/media/GbjL4isWIAAuJgT.jpg)
@500mk500 Turkish skids.
Related: b2542ff1f2e3d4a145f4ef9f9eca6781
@fs0c131y @TheJusticeDept The #OSINT time format has been one of the best to follow on X lately. Great job, Robert! 🫡
icon-sha1: 18a1e1aaf557cef773b7987e7653c43f309e9432 👀
‼️ (1/5) On October 7th, 2024, we identified a new dropper associated with the TeaBot banking trojan within the Google Play Store. The initial stage of infection originates from the following application (com.mastercreativestudio.documanagerandpdf):
(1/5) 🚨The Cleafy TIR team identified some campaigns involving a new variant of the Android malware TrickMo, incorporating new anti-analysis mechanisms. The variant uses malformed ZIP files and JSONPacker, and is distributed via a dropper disguised as the Google Chrome browser.
Last Seen Users on Sotwe
نورهه
Seen from Italy
PEMERSATU LENDIR
Seen from Indonesia
Sinyo
Seen from Singapore
Bree wales covington 
Seen from Indonesia
🥰GüZeLLeRiN PaYLaŞıM PoDYuMu🥰 (EsMeRBeY)
Seen from Turkey
BIGG TIMMY
Seen from Netherlands
Dragun316🔞 🏖️
しぃ
Seen from Japan
moon
Seen from Malaysia
STEP MOM
Seen from United Arab Emirates
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers