Security News

Various European customers of different banks are being targeted by an Android banking trojan called SpyNote as part of an aggressive campaign detected in June and July 2023. What makes the malware strain notable is its dual functions as spyware and perform bank fraud.

In the Android ecosystem, n-day vulnerabilities are almost as dangerous as zero-days, according to Google's review of zero-days exploited in the wild in 2022. The problem is considerable in the Android ecosystem, since Google's Android security team often quickly pushes out patches for zero-days but downstream original equipment manufacturers may take a while to release a fix for users to apply.

Hackers are using a fake Android app named 'SafeChat' to infect devices with spyware malware that steals call logs, texts, and GPS locations from phones. The Android spyware is suspected to be a variant of "Coverlm," which steals data from communication apps such as Telegram, Signal, WhatsApp, Viber, and Facebook Messenger.

Google has published its annual 0-day vulnerability report, presenting in-the-wild exploitation stats from 2022 and highlighting a long-standing problem in the Android platform that elevates the value and use of disclosed flaws for extended periods. Once Google learns about it, it becomes an n-day, with the n reflecting the number of days since it became publicly known.

A new Android malware strain called CherryBlos has been observed making use of optical character recognition techniques to gather sensitive data stored in pictures. Besides displaying fake overlays on top of legitimate crypto wallet apps to steal credentials and make fraudulent fund transfers to an attacker-controlled address, CherryBlos utilizes OCR to recognize potential mnemonic phrases from images and photos stored on the device, the results of which are periodically uploaded to a remote server.

Two new Android malware families named 'CherryBlos' and 'FakeTrade' were discovered on Google Play, aiming to steal cryptocurrency credentials and funds or conduct scams. The malicious apps use various distribution channels, including social media, phishing sites, and deceitful shopping apps on Google Play, Android's official app store.

The Flipper Zero team has launched its very own 'Flipper Apps' mobile app store, allowing mobile users to install 3rd-party apps and extend the functionality of the popular wireless pen-testing tool. With the launch of the Flipper Apps app store, the Flipper Zero community will be able to comfortably install apps specifically created for and confirmed to work on the device.

The Chinese state-backed APT41 hacking group is targeting Android devices with two newly discovered spyware strains dubbed WyrmSpy and DragonEgg by Lookout security researchers. While APT41 hackers usually breach their targets' networks via vulnerable web apps and Internet-exposed endpoints, Lookout says the group also targets Android devices with WyrmSpy and DragonEgg spyware strains.

Threat actors are taking advantage of Android's WebAPK technology to trick unsuspecting users into installing malicious web apps on Android phones that are designed to capture sensitive personal information. "The link contained in the message led to a site that used WebAPK technology to install a malicious application on the victim's device."

Windows 11, with its Windows Subsystem for Android, allows users to access almost all popular Android apps directly from the Microsoft Store. The WSA on Windows 11 mirrors the functionality of the Linux Subsystem for Linux, enabling a seamless transition for Android apps onto the desktop operating system.