Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware

June 13, 2024 at 10:25AM The threat actor Arid Viper is behind a mobile espionage campaign using trojanized Android apps to distribute spyware called AridSpy. The campaign targets users in Palestine and Egypt through fake messaging and job opportunity apps. AridSpy is capable of downloading additional payloads and harvesting data from infected devices. From the … Read more

Pakistani Hacking Team ‘Celestial Force’ Spies on Indian Gov’t, Defense

June 13, 2024 at 06:08AM A new report from Cisco Talos details a group called “Cosmic Leopard,” operating as “Operation Celestial Force,” which has been conducting cyber espionage against Indian government and defense entities for at least six years. The group’s tactics include using malware like GravityRAT and HeavyLift to target individuals and organizations. Preventative … Read more

Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day

June 13, 2024 at 04:00AM Google has warned of a zero-day security flaw, CVE-2024-32896, in Pixel Firmware, being exploited in targeted attacks. The June 2024 security update addresses a total of 50 vulnerabilities, including denial-of-service issues and information disclosure flaws in Qualcomm chipsets. Updates are available for supported Pixel devices. Previous security flaws have also … Read more

Two Arrested in UK for Smishing Campaign Powered by Homemade SMS BlasterĀ 

June 11, 2024 at 11:18AM UK authorities have arrested two suspects in Manchester and London for their involvement in a smishing campaign, using a homemade mobile antenna to send phishing SMS messages. The messages were designed to mimic those from official organizations and bypass network protections. The investigation involved collaboration with telecoms operators and authorities … Read more

Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers

June 11, 2024 at 03:21AM Arm has warned of a security vulnerability in Mali GPU Kernel Driver, CVE-2024-4610, actively exploited in the wild. The issue affects certain products, allowing improper GPU memory processing operations for unauthorized access. The vulnerability has been addressed in Bifrost and Valhall GPU Kernel Driver r41p0, with reports of exploitation in … Read more

Over 90 malicious Android apps with 5.5M installs found on Google Play

May 28, 2024 at 05:51PM Summary: Over 90 malicious Android apps, including Anatsa banking trojan, were found on Google Play, amassing over 5.5 million installations. Anatsa targets financial institutions, using deceptive decoy apps and multi-stage payload loading to evade detection. Though only 3% of total malicious downloads, Anatsa and Coper pose high-risk on-device fraud. Review … Read more

90+ Malicious Apps Totaling 5.5M Downloads Lurk on Google Play

May 28, 2024 at 11:02AM Over 90 malicious mobile apps, including the Anatsa banking Trojan, have been downloaded over 5.5M times from the Google Play store. These apps act as decoys and spread various malware. The Anatsa Trojan uses evasive tactics to steal sensitive banking credentials, primarily targeting Android users in Europe but expanding globally. … Read more

Malicious Android Apps Pose as Google, Instagram, WhatsApp, Spread via Smishing

May 10, 2024 at 07:00AM Malicious Android apps posing as popular services like Google, Instagram, and WhatsApp are stealing user credentials. These apps gain control over devices, allowing for unauthorized actions like data theft and malware deployment. Social engineering campaigns and phishing URLs are also being used to propagate Android malware, leading to increased attacks … Read more

Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components

May 6, 2024 at 06:33AM Multiple security vulnerabilities have been reported in various applications and system components within Xiaomi devices running Android. The flaws include access to system privileges, theft of files, and disclosure of sensitive data. Notable issues impact apps like Gallery, Settings, and Mi Video. Xiaomi has been notified, and users are urged … Read more

Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push

May 1, 2024 at 11:21AM Google has raised the bug bounty rewards for its Mobile VRP, offering up to $450,000 for a single vulnerability report meeting certain criteria. Researchers can earn up to $150,000 for code execution flaws in Tier 2 apps and $45,000 for issues in Tier 3 apps. Reports without proposed patches may … Read more