April 26, 2024 at 07:00AM Fake browser updates are being used to distribute an undisclosed Android malware dubbed Brokewell, described as a modern banking trojan with data-theft and remote-control capabilities. The malware disguises itself as popular apps like Google Chrome, ID Austria, and Klarna and shows resilience in evading Google’s security restrictions. The threat is … Read more
April 24, 2024 at 05:45AM Security vulnerabilities in cloud-based pinyin keyboard apps, discovered by Citizen Lab, could expose users’ keystrokes to exploitation. Weaknesses found in apps from major vendors affect close to one billion users. Critical flaws in encryption protocols allow adversaries to decrypt keystrokes passively. Most vendors have addressed the issues, but users are … Read more
April 18, 2024 at 07:36AM A new Android trojan named SoumniBot is targeting users in South Korea by exploiting vulnerabilities in manifest extraction. It evades analysis through unconventional approaches, including obfuscating the Android manifest. The malware collects sensitive data, manipulates device settings, and searches for digital signature certificates. Its developers successfully complicate detection through insufficiently … Read more
April 15, 2024 at 05:15AM Cybersecurity researchers discovered a new cyber espionage campaign named “F_Warehouse” targeting South Asian users with an Apple iOS spyware implant, LightSpy. The malware-steals sensitive data and communicates with a server pointing to Chinese involvement, possibly state-sponsored. Apple issued threat notifications to users in 92 countries, including India. BlackBerry warns of … Read more
April 10, 2024 at 10:34AM An Android malware campaign named eXotic Visit is targeting users in South Asia, particularly in India and Pakistan, through fake apps distributed on dedicated websites and Google Play Store. The campaign uses the XploitSPY RAT to gather sensitive data, and its purpose is espionage targeting victims in the region. The … Read more
April 8, 2024 at 01:57AM Google has filed a lawsuit against app developers Yunfeng Sun and Hongnam Cheung for an “international online consumer investment fraud scheme.” The scheme involved uploading about 87 crypto apps to the Play Store, tricking users into downloading them, and stealing their funds. The company accused them of violating multiple policies … Read more
April 3, 2024 at 12:57PM Google disclosed two Android security flaws, CVE-2024-29745 and CVE-2024-29748, exploited by forensic companies on Pixel smartphones. These vulnerabilities include information disclosure in the bootloader and privilege escalation in firmware. GrapheneOS confirmed the active exploitation of these flaws and urged Google to introduce measures against firmware vulnerabilities. (Words: 50) Key takeaways … Read more
April 1, 2024 at 12:30PM The Android banking malware Vultur has been updated, providing operators with greater control over infected devices. New capabilities include remote interaction, file modification, and the ability to bypass lock-screen protections. The malware continues to rely on AlphaVNC and ngrok for remote access, while employing anti-analysis techniques and evading detection. (Words: … Read more
April 1, 2024 at 06:21AM Malicious Android apps on Google Play turned devices into proxies for threat actors. HUMAN’s Satori team identified 29 of these VPN apps, named PROXYLIB. Google removed them. These residential proxies help hide IP addresses but are misused by threat actors for attacks. LumiApps’ SDK is used to create and monetize … Read more
April 1, 2024 at 02:15AM The Android banking trojan Vultur has reappeared with enhanced features and sophisticated tactics to avoid detection, allowing remote manipulation and data harvesting. Distribution involves trojanized apps and a dropper-as-a-service operation. A similar transition was observed with the Octo trojan, offering advanced features and infecting thousands of devices, primarily in specific … Read more