Security News

Hook: New Android Banking Trojan That Expands on ERMAC's Legacy
2023-09-18 12:11

A new analysis of the Android banking trojan known as Hook has revealed that it's based on its predecessor called ERMAC. "The ERMAC source code was used as a base for Hook," NCC Group security researchers Joshua Kamp and Alberto Segura said in a technical analysis published last week. Regardless of these differences, both Hook and ERMAC can log keystrokes and abuse Android's accessibility services to conduct overlay attacks in order to display content on top of other apps and steal credentials from over 700 apps.

Google pays $93M to settle Android tracking lawsuit in California
2023-09-15 13:57

California's Attorney General announced today that Google will pay $93 million to settle a privacy lawsuit alleging it violated the U.S. state's consumer protection laws. An investigation by the California Department of Justice found that Google had engaged in deceptive practices related to collecting, retaining, and utilizing Android users' location data for purposes such as consumer profiling and advertising, all without obtaining their proper informed consent.

Mobile Verification Toolkit: Forensic analysis of Android and iOS devices to identify compromise
2023-09-14 03:30

Mobile Verification Toolkit is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices. MVT supports using public indicators of compromise to scan mobile devices for potential traces of targeting or infection by known spyware campaigns.

'Evil Telegram' Android apps on Google Play infected 60K with spyware
2023-09-10 14:39

At the time the researchers published their report, several malicious apps were still available for download through Google Play. The Telegram apps presented in Kaspersky's report are promoted as "Faster" alternatives to the regular app.

Mirai Botnet Variant 'Pandora' Hijacks Android TVs for Cyberattacks
2023-09-07 09:47

A Mirai botnet variant called Pandora has been observed infiltrating inexpensive Android-based TV sets and TV boxes and using them as part of a botnet to perform distributed denial-of-service attacks. Doctor Web said the compromises are likely to occur either during malicious firmware updates or when applications for viewing pirated video content are installed.

Mirai variant infects low-cost Android TV boxes for DDoS attacks
2023-09-06 16:56

A new Mirai malware botnet variant has been spotted infecting inexpensive Android TV set-top boxes used by millions for media streaming. The primary targets of this campaign are low-cost Android TV boxes like Tanix TX6 TV Box, MX10 Pro 6K, and H96 MAX X3, which feature quad-core processors capable of launching powerful DDoS attacks even in small swarm sizes.

September Android updates fix zero-day exploited in attacks
2023-09-06 16:20

The September 2023 Android security updates tackle 33 vulnerabilities, including a zero-day bug currently targeted in the wild. "Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible."

Zero-Day Alert: Latest Android Patch Update Includes Fix for Newly Actively Exploited Flaw
2023-09-06 14:02

Google has rolled out monthly security patches for Android to address a number of flaws, including a zero-day bug that it said may have been exploited in the wild. Tracked as CVE-2023-35674, the high-severity vulnerability is described as a case of privilege escalation impacting the Android Framework.

Russian State-Backed 'Infamous Chisel' Android Malware Targets Ukrainian Military
2023-09-01 10:05

Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a mobile malware strain targeting Android devices used by the Ukrainian military. The malicious software, dubbed Infamous Chisel and attributed to a Russian state-sponsored actor called Sandworm, has capabilities to "Enable unauthorized access to compromised devices, scan files, monitor traffic, and periodically steal sensitive information."

Kremlin-backed Sandworm strikes Android devices with data-stealing Infamous Chisel
2023-08-31 19:13

Russia's Sandworm crew is using an Android malware strain dubbed Infamous Chisel to remotely access Ukrainian soldiers' devices, monitor network traffic, access files, and steal sensitive information, according to a Five Eyes report published Thursday. Ukraine's security agency spotted and blocked Sandworm's latest campaign earlier this month when the Kremlin-backed cyber goons were attempting to use Infamous Chisel to break into the army's combat data exchange system.