Security News

The Roaming Mantis malware distribution campaign has updated its Android malware to include a DNS changer that modifies DNS settings on vulnerable WiFi routers to spread the infection to other devices. O/XLoader Android malware that detects vulnerable WiFi routers based on their model and changes their DNS. The malware then creates an HTTP request to hijack a vulnerable WiFi router's DNS settings, causing connected devices to be rerouted to malicious web pages hosting phishing forms or dropping Android malware.

The threat actor behind the BlackRock and ERMAC Android banking trojans has unleashed yet another malware for rent called Hook that introduces new capabilities to access files stored in the devices and create a remote interactive session. ThreatFabric, in a report shared with The Hacker News, characterized Hook as a novel ERMAC fork that's advertised for sale for $7,000 per month while featuring "All the capabilities of its predecessor."

A Canadian system administrator discovered that an Android TV box purchased from Amazon was pre-loaded with persistent, sophisticated malware baked into its firmware. The device in question is the T95 Android TV box with an AllWinner T616 processor, widely available through Amazon, AliExpress, and other big e-commerce platforms.

The advanced persistent threat group known as StrongPity has targeted Android users with a trojanized version of the Telegram app through a fake website that impersonates a video chat service called Shagle. "A copycat website, mimicking the Shagle service, is used to distribute StrongPity's mobile backdoor app," ESET malware researcher Lukáš Štefanko said in a technical report.

The StrongPity APT hacking group is distributing a fake Shagle chat app that is a trojanized version of the Telegram for Android app with an added backdoor. Once installed, this app enables the hackers to conduct espionage on the targeted victims, including monitoring phone calls, collecting SMS texts, and grabbing contact lists.

The StrongPity APT hacking group is distributing a fake Shagle chat app that is a trojanized version of the Telegram for Android app with an added backdoor. Once installed, this app enables the hackers to conduct espionage on the targeted victims, including monitoring phone calls, collecting SMS texts, and grabbing contact lists.

Online markets selling drugs and other illegal substances on the dark web have started to use custom Android apps for increased privacy and to evade law enforcement. These apps allow shop clients to communicate with drug vendors and provide specific courier instructions for delivery.

The Android malware family tracked as SpyNote has had a sudden increase in detections in the final quarter of 2022, which is attributed to a source code leak of one of its latest, known as 'CypherRat. Threat actors quickly snatched the malware's source code and launched their own campaigns.

Financial institutions are being targeted by a new version of Android malware called SpyNote at least since October 2022. "This has helped other actors [in] developing and distributing the spyware, often also targeting banking institutions."

Microsoft has confirmed today that Samsung and Google have fixed an Intune enrollment issue affecting Galaxy S22 smartphones running Android 13. On affected S22 devices, Android users cannot complete enrollment if they create a Work Profile for Bring Your Own Device provisioning.