Security News > 2022 > September > Check out this Android spyware, says Microsoft, the home of a gazillion Windows flaws
Data-stealing spyware disguised as a banking rewards app is targeting Android users, Microsoft's security team has warned.
The Microsoft threat hunters' investigation began after receiving a text message claiming to be from India's ICICI bank's rewards program.
Using open-source intelligence, the security researchers determined that the phony app's command and control server is used by or linked to 75 other malicious Android applications, distributed as APK files.
In addition to pointing out malware in Android - an OS made by arch-rival Google - Microsoft also this week issued an out-of-band security update for a spoofing vulnerability in Microsoft Endpoint Configuration Manager.
Upon further analysis, Microsoft discovered the Android malware uses MainActivity, AutoStartService, and RestartBroadCastReceiverAndroid functions to conduct a raft of nefarious activities including intercepting calls, accessing and uploading call logs, messages, contacts, and network information, and modifying the Android device's settings.
As we've said before, it's nice that Microsoft is pointing out cybersecurity issues in other people's code - raising awareness is good for users - but it's strange to see Redmond making a song and dance about this sort of thing when it routinely downplays the scores of vulnerabilities it fixes in its own products every month.
- Microsoft Defender now better at blocking ransomware on Windows 11 (source)
- Microsoft rolling out fix for Windows 10 language bar issues (source)
- Microsoft patches Windows DogWalk zero-day exploited in attacks (source)
- Microsoft fixes exploited zero-day in Windows Support Diagnostic Tool (CVE-2022-34713) (source)
- Microsoft blocks UEFI bootloaders enabling Windows Secure Boot bypass (source)
- Microsoft finds critical hole in operating system that for once isn't Windows (source)
- Microsoft: Russian malware hijacks ADFS to log in as anyone in Windows (source)
- Microsoft found TikTok Android flaw that let hackers hijack accounts (source)
- Microsoft Discover Severe ‘One-Click’ Exploit for TikTok Android App (source)
- Researchers Find New Android Spyware Campaign Targeting Uyghur Community (source)