Qwizzserial and Telegram
The malicious software (malware) known as Qwizzserial has infected 100,000 Android smartphone users, most of them in Uzbekistan, according to cybersecurity firm Group-IB.
Qwizzserial was first detected in late March 2024. The malware spreads via Telegram as an apk file under names like “Financial Aid” or “President’s Gift”. Scammers also disguise the app as legitimate banking or government service applications.
To spread Qwizzserial, scammers create fake Telegram channels impersonating government agencies, public figures, or publishing fabricated presidential decrees.
Qwizzserial
Once installed, the app requests permission to access SMS messages and then asks for bank card details. The latest versions of Qwizzserial are capable of stealing data directly from banking apps by using phone numbers and one-time passwords (OTPs). From March to June 2025, this malware was used to steal $62,000.
«SMS-stealing malware remains a serious threat to Uzbek users. Its ongoing success is primarily due to the local banking sector’s reliance on SMS-based authentication,» Group-IB noted.
The company also stated that fraudsters are moving away from phishing websites and are instead distributing malicious apk files via Telegram, making it harder to track down the perpetrators.
To protect against Qwizzserial, Group-IB recommends that businesses launch cybersecurity awareness campaigns and monitor user activity.
Telegram users are advised not to install apps via the messenger, especially those that request administrator rights or SMS access.
Kursiv Uzbekistan also reports that AirPlay could allow hackers to break into devices via Wi-Fi.
