Security News

"The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners, and even dating apps," Kaspersky said in a new report based on messages posted on online forums between 2019 and 2023. Dropper apps are the primary means for threat actors looking to sneak malware via the Google Play Store.

If you want to sneak malware onto people's Android devices via the official Google Play store, it may cost you about $20,000 to do so, Kaspersky suggests. Before cybercriminals can share their malicious apps from Google's official store, they'll need a Play developer account, and Kaspersky says those sell for between $60 and $200 each.

Google is enacting a new data deletion policy for Android apps that allow account creation to also offer users with a setting to delete their accounts in an attempt to provide more transparency and control over their data. "For apps that enable app account creation, developers will soon need to provide an option to initiate account and data deletion from within the app and online," Bethel Otuteye, senior director of product management for Android App Safety, said.

Google has announced a new Google Play Store data deletion policy that will require Android developers to provide users with an online option to delete their accounts and in-app data. According to the new policy, starting in early 2024, Google Play users will have better control over their data since every store listing will display links in the "Data deletion" area, allowing them to ask for their accounts and/or data to be deleted.

A group of academics from Northeastern University and KU Leuven has disclosed a fundamental design flaw in the IEEE 802.11 Wi-Fi protocol standard, impacting a wide range of devices running Linux, FreeBSD, Android, and iOS. Successful exploitation of the shortcoming could be abused to hijack TCP connections or intercept client and web traffic, researchers Domien Schepers, Aanjhan Ranganathan, and Mathy Vanhoef said in a paper published this week. Besides manipulating the security context to leak frames from the queue, an attacker can override the client's security context used by an access point to receive packets intended for the victim.

Nexus malware is an Android banking trojan promoted via a malware-as-a-service model. In an underground cybercrime forum ad, the malware project is described as "Very new" and "Under continuous development." More messages from the Nexus author in one forum thread indicate the malware code has been created from scratch.

A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group has revealed. Upon clicking, the URLs redirected the recipients to web pages hosting exploits for Android or iOS, before they were redirected again to legitimate news or shipment-tracking websites.

Google's Threat Analysis Group discovered several exploit chains using Android, iOS, and Chrome zero-day and n-day vulnerabilities to install commercial spyware and malicious apps on targets' devices. The attackers targeted iOS and Android users with separate exploit chains as part of a first campaign spotted in November 2022.

Google Chat histories handed over by the web giant in ongoing Android antitrust litigation reveal the biz has been systematically destroying evidence, according to those suing the big G. "Google employees regularly and intentionally diverted to 'history off' Chats [sic] conversations about Google's anticompetitive Revenue Share Agreements, Mobile Application Distribution Agreements, Google Play Billing payment policies and pricing, and a variety of other critical issues - specifically to ensure that those Chats would be destroyed," the plaintiffs - a mix of state government, corporate, and individuals - claim in a legal brief [PDF] filed on Monday. The brief touches on many more of the conversations captured in the exhibits, and notes that most interactions of this sort leave no record at all because Google has coached employees to "'communicat[e] with care' because Google 'often ha[s] to produce employee communications as evidence.

An emerging Android banking trojan dubbed Nexus has already been adopted by several threat actors to target 450 financial applications and conduct fraud. "Nexus provides all the main features to perform ATO attacks against banking portals and cryptocurrency services, such as credentials stealing and SMS interception."