MALWARE FAMILY
SpyFRPTunnel
Internal ID: apk.spyfrptunnel
1
aliases
Last seen:Mar 17, 2026
Intelligence Profile
A sophisticated mobile surveillance implant operating as a Remote Control System (RCS). This malware family is characterized by a unique, multi-sided communication architecture that abandons traditional HTTP polling. Instead, it hybridizes Firebase Cloud Messaging (FCM) for asynchronous command signaling with Fast Reverse Proxy (FRP) to establish persistent, NAT-bypassing network tunnels, effectively turning the infected mobile device into a server accessible by the attacker.
Threat Analysis
SpyFRPTunnel is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.
External References
Quick Facts
TypeMalware Family
Aliases1
Also Known As
apk.spyfrptunnel
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.