HOMETHREATSSpyFRPTunnel
MALWARE FAMILY

SpyFRPTunnel

Internal ID: apk.spyfrptunnel
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

A sophisticated mobile surveillance implant operating as a Remote Control System (RCS). This malware family is characterized by a unique, multi-sided communication architecture that abandons traditional HTTP polling. Instead, it hybridizes Firebase Cloud Messaging (FCM) for asynchronous command signaling with Fast Reverse Proxy (FRP) to establish persistent, NAT-bypassing network tunnels, effectively turning the infected mobile device into a server accessible by the attacker.

Threat Analysis

SpyFRPTunnel is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.

External References

Quick Facts

TypeMalware Family
Aliases1

Also Known As

apk.spyfrptunnel

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.