April 17, 2024 at 05:45PM The newly discovered Android banking malware ‘SoumniBot’ employs unusual obfuscation techniques to evade standard security measures found in Android phones. It exploits weaknesses in the Android manifest extraction and parsing procedure, allowing it to perform info-stealing operations. Once launched, SoumniBot exfiltrates a variety of data and is controlled by commands … Read more
April 1, 2024 at 06:21AM Malicious Android apps on Google Play turned devices into proxies for threat actors. HUMAN’s Satori team identified 29 of these VPN apps, named PROXYLIB. Google removed them. These residential proxies help hide IP addresses but are misused by threat actors for attacks. LumiApps’ SDK is used to create and monetize … Read more
March 27, 2024 at 10:54AM Numerous VPN apps turned Android devices into residential proxies and made their way into the Google Play store, containing a malicious library responsible for enrolling devices as proxy nodes and linked to Asocks, a residential proxy seller. The malicious functionality could be added to any APK through the LumiApps SDK. … Read more
March 26, 2024 at 12:40PM Multiple free VPN apps on Google Play were found incorporating a malicious software development kit, transforming Android devices into residential proxies for potential cybercrime and shopping bots. These apps, originally promoting as VPN software, utilized the Proxylib SDK to convert devices into proxies without users’ knowledge. Google has taken action … Read more
March 13, 2024 at 06:04AM PixPirate is a sophisticated Brazilian banking Trojan targeting Android devices. It exploits the Pix app for bank transfers in Brazil and employs a deceptive method to conceal its presence, allowing it to steal login credentials and execute unauthorized transfers. The malware’s advanced capabilities and hiding technique present potential concerns for … Read more
March 4, 2024 at 09:36AM Cybercriminals in India use the XHelper app to manage money mules for a large money laundering operation. The scheme exploits loopholes in Indian payment system regulations and involves Chinese payment gateways and a network of compromised mule accounts. XHelper facilitates mule management, recruitment, training, and communication, contributing to a thriving … Read more
February 15, 2024 at 04:34AM ‘Gold Pickaxe’ is a new iOS and Android trojan employing social engineering to trick victims into providing their faces and ID documents. Developed by the ‘GoldFactory’ Chinese threat group, it’s part of a suite of malware and targets Asia-Pacific. It uses fraudulent apps and webpages to capture sensitive information and … Read more
February 1, 2024 at 02:11PM VajraSpy, an Android remote access trojan, was discovered in 12 apps, 6 of which were on Google Play. The malware stole personal data and targeted users primarily in Pakistan. ESET researchers linked it to the Patchwork APT group and advised against downloading obscure chat apps. The threat actors’ tactics continue … Read more
January 18, 2024 at 05:21AM Security researchers have traced a DDoS botnet infecting millions of smart TVs and set-top boxes to the Bigpanzi cybercrime syndicate. At its peak, 170,000 bots were running daily and were used for cybercrimes such as DDoS attacks and hijacking broadcasts. The researchers aim to combat Bigpanzi and seek collaboration from … Read more
December 27, 2023 at 11:00AM Summary: An Android backdoor, ‘Xamalicious,’ infected over 338,300 devices through malicious apps on Google Play. Though removed, infected users need manual scans. The backdoor was embedded in popular apps, and additional malware-infected devices via unofficial app stores. The backdoor accessed sensitive data, may have ad fraud capabilities, and highlights the … Read more