May 20, 2024 at 09:29AM Cyble research identifies new Android banking Trojan “Antidot,” using overlay attacks and keylogging to harvest sensitive information. It employs WebSocket for real-time C2 communication, gaining significant control over infected devices, enabling remote control and data theft. The emerging threat emphasizes the need for improved mobile security measures and user awareness. … Read more
May 10, 2024 at 07:00AM Malicious Android apps posing as popular services like Google, Instagram, and WhatsApp are stealing user credentials. These apps gain control over devices, allowing for unauthorized actions like data theft and malware deployment. Social engineering campaigns and phishing URLs are also being used to propagate Android malware, leading to increased attacks … Read more
May 5, 2024 at 12:10PM Traficom warns of an ongoing Android malware campaign targeting bank accounts in Finland. Scammers send SMS messages impersonating banks, instructing victims to install a fake McAfee app, which is actually malware. The Vultur trojan is suspected, with a new version using smishing and phone call attacks. Victims who have installed … Read more
May 1, 2024 at 10:00AM Researchers have uncovered a new Android malware, Wpeeper, using compromised WordPress sites as relays for its command-and-control servers, evading detection. Disguised as the UPtodown App Store app, it includes a backdoor Trojan for Android, capable of collecting device info and executing commands. The campaign’s scale and goals remain unclear, emphasizing … Read more
April 30, 2024 at 12:49PM A new Android malware named ‘Wpeeper’ was discovered in unofficial app stores, utilizing compromised WordPress sites as relay points for its command and control servers. The malware, discovered by QAX’s XLab team, had zero detections on Virus Total and infected thousands of devices. It features sophisticated C2 communication and 13 … Read more
April 17, 2024 at 05:45PM The newly discovered Android banking malware ‘SoumniBot’ employs unusual obfuscation techniques to evade standard security measures found in Android phones. It exploits weaknesses in the Android manifest extraction and parsing procedure, allowing it to perform info-stealing operations. Once launched, SoumniBot exfiltrates a variety of data and is controlled by commands … Read more
March 30, 2024 at 12:02PM Security researchers discovered an advanced version of the Vultur banking trojan for Android, distributed through Google Play. The trojan, targeted at banking apps in 15 countries, utilizes a hybrid attack involving smishing and phone calls. It includes new malware dropper ‘Brunhilda’ and features for remote control and evasion, indicating ongoing … Read more
March 13, 2024 at 02:19PM The latest PixPirate banking trojan for Android conceals itself on phones even after its dropper app is removed. It avoids using a launcher icon and is designed to remain hidden on recent Android versions. Employing two apps, it steals information and targets the Brazilian instant payment platform Pix to initiate … Read more
March 13, 2024 at 10:09AM PixPirate Android banking trojan utilizes new method to elude detection and steal sensitive data in Brazil. The malware hides its icon from the victim’s device, making the operations inconspicuous. Employing SMS and WhatsApp, it uses a downloader app to install and execute its main fraudulent activities, posing a significant threat … Read more
March 13, 2024 at 06:04AM PixPirate is a sophisticated Brazilian banking Trojan targeting Android devices. It exploits the Pix app for bank transfers in Brazil and employs a deceptive method to conceal its presence, allowing it to steal login credentials and execute unauthorized transfers. The malware’s advanced capabilities and hiding technique present potential concerns for … Read more