Security News
A new analysis of the Android banking trojan known as Hook has revealed that it's based on its predecessor called ERMAC. "The ERMAC source code was used as a base for Hook," NCC Group security researchers Joshua Kamp and Alberto Segura said in a technical analysis published last week. Regardless of these differences, both Hook and ERMAC can log keystrokes and abuse Android's accessibility services to conduct overlay attacks in order to display content on top of other apps and steal credentials from over 700 apps.
California's Attorney General announced today that Google will pay $93 million to settle a privacy lawsuit alleging it violated the U.S. state's consumer protection laws. An investigation by the California Department of Justice found that Google had engaged in deceptive practices related to collecting, retaining, and utilizing Android users' location data for purposes such as consumer profiling and advertising, all without obtaining their proper informed consent.
Mobile Verification Toolkit is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices. MVT supports using public indicators of compromise to scan mobile devices for potential traces of targeting or infection by known spyware campaigns.
At the time the researchers published their report, several malicious apps were still available for download through Google Play. The Telegram apps presented in Kaspersky's report are promoted as "Faster" alternatives to the regular app.
A Mirai botnet variant called Pandora has been observed infiltrating inexpensive Android-based TV sets and TV boxes and using them as part of a botnet to perform distributed denial-of-service attacks. Doctor Web said the compromises are likely to occur either during malicious firmware updates or when applications for viewing pirated video content are installed.
A new Mirai malware botnet variant has been spotted infecting inexpensive Android TV set-top boxes used by millions for media streaming. The primary targets of this campaign are low-cost Android TV boxes like Tanix TX6 TV Box, MX10 Pro 6K, and H96 MAX X3, which feature quad-core processors capable of launching powerful DDoS attacks even in small swarm sizes.
The September 2023 Android security updates tackle 33 vulnerabilities, including a zero-day bug currently targeted in the wild. "Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible."
Google has rolled out monthly security patches for Android to address a number of flaws, including a zero-day bug that it said may have been exploited in the wild. Tracked as CVE-2023-35674, the high-severity vulnerability is described as a case of privilege escalation impacting the Android Framework.
Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a mobile malware strain targeting Android devices used by the Ukrainian military. The malicious software, dubbed Infamous Chisel and attributed to a Russian state-sponsored actor called Sandworm, has capabilities to "Enable unauthorized access to compromised devices, scan files, monitor traffic, and periodically steal sensitive information."
Russia's Sandworm crew is using an Android malware strain dubbed Infamous Chisel to remotely access Ukrainian soldiers' devices, monitor network traffic, access files, and steal sensitive information, according to a Five Eyes report published Thursday. Ukraine's security agency spotted and blocked Sandworm's latest campaign earlier this month when the Kremlin-backed cyber goons were attempting to use Infamous Chisel to break into the army's combat data exchange system.