Baohuo
Baohuo is an Android backdoor. According to the provided content, it has been distributed via a trojanized Telegram X application and delivered through in-app advertisements and third-party Android app catalogs including APKPure, ApkSum, and AndroidP. Doctor Web reported that the malware uses a Redis database for command-and-control. Its capabilities include stealing logins, passwords, and chat histories, hijacking Telegram accounts, gaining complete control over those accounts, and concealing third-party device sessions as well as channel and chat actions to hide the compromise. The content states that more than 58,000 Android devices have been infected since mid-2024. High-confidence indicators and traits mentioned in the content include the use of a trojanized Telegram X Android app as the infection vector, Redis-based C2, and targeting of Telegram account data and sessions.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Android backdoor malware that hijacks Telegram accounts and gains complete control over the infected device.
Android backdoor delivered via trojanized Telegram X; uses Redis for C2; supports data theft (logins/passwords, chat history) and stealth features to hide session activity and manipulate channel/chat membership.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.