Security News

Anatsa Android Trojan Bypasses Google Play Security, Expands Reach to New Countries
2024-02-19 10:29

The Android banking trojan known as Anatsa has expanded its focus to include Slovakia, Slovenia, and Czechia as part of a new campaign observed in November 2023. "Some of the droppers in the...

New ‘Gold Pickaxe’ Android, iOS malware steals your face for fraud
2024-02-15 08:00

A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access. The new malware, spotted by Group-IB, is part of a malware suite developed by the Chinese threat group known as 'GoldFactory,' which is responsible for other malware strains such as 'GoldDigger', 'GoldDiggerPlus,' and 'GoldKefu.

MoqHao Android Malware Evolves with Auto-Execution Capability
2024-02-09 13:34

Threat hunters have identified a new variant of Android malware called MoqHao that automatically executes on infected devices without requiring any user interaction. "Typical MoqHao requires users...

Android XLoader malware can now auto-execute after installation
2024-02-08 18:34

A new version of the XLoader Android malware was discovered that automatically executes on devices it infects, requiring no user interaction to launch. XLoader, aka MoqHao, is an Android malware operated and likely created by a financially motivated threat actor named 'Roaming Mantis,' previously seen targeting users in the U.S., U.K., Germany, France, Japan, South Korea, and Taiwan.

Google Starts Blocking Sideloading of Potentially Dangerous Android Apps in Singapore
2024-02-08 10:17

Google has unveiled a new pilot program in Singapore that aims to prevent users from sideloading certain apps that abuse Android app permissions to read one-time passwords and gather sensitive...

Google tests blocking side-loaded Android apps with risky permissions
2024-02-07 18:57

Google has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions. These files are commonly distributed through third-party sites, allowing you to install apps outside of Google Play.

Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware
2024-02-05 13:18

The threat actor known as Patchwork likely used romance scam lures to trap victims in Pakistan and India, and infect their Android devices with a remote access trojan called VajraSpy. Slovak...

More Android apps riddled with malware spotted on Google Play
2024-02-01 18:19

An Android remote access trojan known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023. The malicious apps, which have now been removed from Google Play but remain available on third-party app stores, are disguised as messaging or news apps.

Exploit released for Android local elevation flaw impacting 7 OEMs
2024-01-31 19:15

A proof-of-concept exploit for a local privilege elevation flaw impacting at least seven Android original equipment manufacturers is now publicly available on GitHub. Tracked as CVE-2023-45779, the flaw was discovered by Meta's Red Team X in early September 2023 and was addressed in Android's December 2023 security update without disclosing details an attacker could use to discern and exploit it.

MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries
2024-01-22 16:35

Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack method called MavenGate. "Access to...