September 4, 2024 at 05:36AM Google has released a new set of Android security updates addressing 35 vulnerabilities, including a high-severity local privilege escalation bug. The bug, tracked as CVE-2024-32896, was exploited in attacks and is addressed in the September 2024 Android security bulletin. The updates also resolve other high-severity flaws and issues in Framework … Read more
August 21, 2024 at 04:59PM Threat actors are utilizing progressive web applications to impersonate banking apps and steal credentials from Android and iOS users. This technique was observed in phishing campaigns in Poland and the Czech Republic. Two distinct campaigns targeted Hungarian financial institution OTP Bank and TBC Bank in Georgia. These apps bypass installation … Read more
August 21, 2024 at 11:00AM Google is discontinuing its Google Play Security Reward Program (GPSRP) after achieving its goal of increasing Android OS security. Bug submissions will be accepted until August 31, 2024, with final rewards decided by September 30. The program has incentivized developers to improve their app security, paying out a total of … Read more
August 20, 2024 at 04:21PM A novel phishing campaign in the Czech Republic targets mobile users through Progressive Web Applications to steal banking account credentials from banks such as CSOB, OTP, and TBC. The phishing websites are distributed through voice calls, SMS, and social media. The attack is notable for deceiving users into installing PWAs … Read more
August 19, 2024 at 01:39PM A defunct application, “Showcase.apk,” has been discovered in the firmware of Google Pixel phones since September 2017. Despite being obsolete, it possesses significant privileges and potential for malicious activities. The app, pre-installed with Verizon, remains unremovable unless by Google. Although default-off, it poses a threat, especially for high-risk users and … Read more
August 14, 2024 at 11:28AM Google is implementing privacy-focused AI features on Android devices, using end-to-end protection to secure data in transit and keeping sensitive data locally on the device. Gemini, a new AI assistant, helps with various tasks and operates on-device or in the cloud based on complexity and privacy requirements. These measures aim … Read more
August 7, 2024 at 03:30AM Cybersecurity researchers uncovered a new tactic used by threat actors behind the Chameleon Android banking trojan. Masquerading as a Customer Relationship Management (CRM) app, the campaign targeted a Canadian restaurant chain and expanded to Europe. The malicious app deceives users with fake login pages to deploy the Chameleon payload, enabling … Read more
August 7, 2024 at 02:02AM A threat intelligence firm discovered a malicious Android program, BlankBot, targeting Turkish-language speakers. It can capture screen grabs, keystrokes, and create custom overlays to gather sensitive information. The program is under active development and mostly undetected by anti-malware scanners. Its motive for targeting Turkey is unclear, but it appears to … Read more
August 6, 2024 at 02:32PM Google released 46 fixes for Android in its August security patch batch, addressing a high-severity Linux kernel flaw (CVE-2024-36971) with potential for remote code execution. The bug may already be exploited by spyware, highlighting the urgency of updating Android devices. Other high-severity vulnerabilities include a Qualcomm component flaw and 11 … Read more
August 6, 2024 at 04:00AM Google announced its August 2024 Android security patches, including a high-severity zero-day vulnerability, CVE-2024-36971, in the kernel that could be exploited for remote code execution. Other updates address over 40 vulnerabilities, many with ‘high severity’ ratings, in components like framework, system, Arm, Imagination Technologies, MediaTek, and Qualcomm. Wear OS patches … Read more