April 1, 2024 at 12:30PM The Android banking malware Vultur has been updated, providing operators with greater control over infected devices. New capabilities include remote interaction, file modification, and the ability to bypass lock-screen protections. The malware continues to rely on AlphaVNC and ngrok for remote access, while employing anti-analysis techniques and evading detection. (Words: … Read more
March 27, 2024 at 06:14PM Summary: ‘Darcula’ is a sophisticated phishing-as-a-service (PhaaS) using 20,000 domains to target Android and iPhone users in over 100 countries. It employs modern techniques like RCS and iMessage to send phishing messages and offers over 200 templates. Cybercriminals are adapting to legislation by embracing alternative protocols but face challenges. Users … Read more
March 27, 2024 at 10:54AM Numerous VPN apps turned Android devices into residential proxies and made their way into the Google Play store, containing a malicious library responsible for enrolling devices as proxy nodes and linked to Asocks, a residential proxy seller. The malicious functionality could be added to any APK through the LumiApps SDK. … Read more
March 26, 2024 at 12:40PM Multiple free VPN apps on Google Play were found incorporating a malicious software development kit, transforming Android devices into residential proxies for potential cybercrime and shopping bots. These apps, originally promoting as VPN software, utilized the Proxylib SDK to convert devices into proxies without users’ knowledge. Google has taken action … Read more
March 12, 2024 at 12:52PM Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and reporting security flaws in its products, a decrease from 2022’s $12 million. The highest reward for a vulnerability report was $113,337, totaling $59 million since 2010. Increased rewards were given for Android and Chrome vulnerabilities. … Read more
March 6, 2024 at 01:42PM A threat actor is leveraging fake Skype, Google Meet, and Zoom meetings to distribute malware targeting Android and Windows users. This campaign, discovered in December, poses a significant cybersecurity threat. By mimicking legitimate URLs and hosting on a single IP address, the attackers are successfully distributing malicious payloads, emphasizing the … Read more
March 6, 2024 at 08:31AM Google released security updates for Android, addressing 38 vulnerabilities including 2 critical flaws in the System component impacting Android 12, 12L, 13, and 14. The flaws could result in remote code execution and elevation of privilege. Devices can be protected by installing the March 2024 security update. Other components like … Read more
March 4, 2024 at 09:36AM Cybercriminals in India use the XHelper app to manage money mules for a large money laundering operation. The scheme exploits loopholes in Indian payment system regulations and involves Chinese payment gateways and a network of compromised mule accounts. XHelper facilitates mule management, recruitment, training, and communication, contributing to a thriving … Read more
February 21, 2024 at 09:45AM Promon recently discovered the Android banking malware “FjordPhantom” and published an analysis and report assessing vulnerable online banking applications. The malware spreads through email, SMS, and messaging apps, prompting users to download a fake app, running in a virtual environment, and employing social engineering attacks to steal user credentials and … Read more
February 19, 2024 at 08:38AM The Anatsa banking trojan has targeted Android users in Europe by using Google Play-hosted malware droppers. Security firm ThreatFabric detected five campaigns in the UK, Germany, Spain, Slovakia, Slovenia, and the Czech Republic, leading to 150,000 infections. The trojan uses dropper apps to infect devices and has evolved to bypass … Read more