Security News
Thousands of adware apps for Android have been found to masquerade as cracks or modded versions of popular apps to redirect users to serve unwanted ads to users as part of a campaign ongoing since October 2022. The Romanian cybersecurity company said it has discovered 60,000 unique apps carrying the adware, with a majority of the detections located in the U.S., South Korea, Brazil, Germany, the U.K., France, Kazakhstan, Romania, and Italy.
The SpinOk malware was found in a new batch of Android apps on Google Play, reportedly installed an additional 30 million times. SpinOk was first discovered by Dr. Web late last month in a set of a hundred apps that had been collectively downloaded over 421 million times.
A new Android malware distributed as an advertisement SDK has been discovered in multiple apps, many previously on Google Play and collectively downloaded over 400 million times. In the background the trojan SDK checks the Android device's sensor data to confirm that it's not running in a sandboxed environment, commonly used by researchers when analyzing potentially malicious Android apps.
A new open source remote access trojan called DogeRAT targets Android users primarily located in India as part of a sophisticated malware campaign. The malware is distributed via social media and messaging platforms under the guise of legitimate applications like Opera Mini, OpenAI ChatGOT, and Premium versions of YouTube, Netflix, and Instagram.
The Android Predator spyware has more surveillance capabilities than previously suspected, according to analysis by Cisco Talos, with an assist from non-profit Citizen Lab in Canada. The software, which is designed to spy on and extract data from the devices it's slipped into, is available for Google Android and Apple iOS. In its deep dive published on Thursday, which examines the Android version of the code, Talos suggests Alien is more than just a loader for a Predator, and that the two work in combination to enable all kinds of espionage and intelligence-gathering activities on compromised devices.
Security researchers have shared a deep dive into the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa. "A deep dive into both spyware components indicates that Alien is more than just a loader for Predator and actively sets up the low-level capabilities needed for Predator to spy on its victims," Cisco Talos said in a technical report.
Security researchers at Cisco Talos and the Citizen Lab have presented a new technical analysis of the commercial Android spyware 'Predator' and its loader 'Alien,' sharing its data-theft capabilities and other operational details. Predator is a commercial spyware for mobile platforms developed and sold by Israeli company Intellexa.
Google Play has been caught with its cybersecurity pants down yet again after a once-legit Android screen-and-audio recorder app was updated to include malicious code. Potentially tens of thousands of people downloaded the software before ESET researchers found the hidden malware and alerted Google, which pulled the app from its online store.
Google has removed a screen recording app named "iRecorder - Screen Recorder" from the Play Store after it was found to sneak in information stealing capabilities nearly a year after the app was published as an innocuous app. The app, which accrued over 50,000 installations, was first uploaded on September 19, 2021.
This is not the first time that AhMyth-based Android malware has been available on the official store; ESET previously published research on such a trojanized app in 2019. The iRecorder app can also be found on alternative and unofficial Android markets, and the developer also provides other applications on Google Play, but they don't contain malicious code.