Security News
Security researchers have shared a deep dive into the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa. "A deep dive into both spyware components indicates that Alien is more than just a loader for Predator and actively sets up the low-level capabilities needed for Predator to spy on its victims," Cisco Talos said in a technical report.
Security researchers at Cisco Talos and the Citizen Lab have presented a new technical analysis of the commercial Android spyware 'Predator' and its loader 'Alien,' sharing its data-theft capabilities and other operational details. Predator is a commercial spyware for mobile platforms developed and sold by Israeli company Intellexa.
Google Play has been caught with its cybersecurity pants down yet again after a once-legit Android screen-and-audio recorder app was updated to include malicious code. Potentially tens of thousands of people downloaded the software before ESET researchers found the hidden malware and alerted Google, which pulled the app from its online store.
Google has removed a screen recording app named "iRecorder - Screen Recorder" from the Play Store after it was found to sneak in information stealing capabilities nearly a year after the app was published as an innocuous app. The app, which accrued over 50,000 installations, was first uploaded on September 19, 2021.
This is not the first time that AhMyth-based Android malware has been available on the official store; ESET previously published research on such a trojanized app in 2019. The iRecorder app can also be found on alternative and unofficial Android markets, and the developer also provides other applications on Google Play, but they don't contain malicious code.
ESET malware researchers found a new remote access trojan on the Google Play Store, hidden in an Android screen recording app with tens of thousands of installs. While first added to the store in September 2021, the 'iRecorder - Screen Recorder' app was likely trojanized via a malicious update released almost a year later, in August 2022.
Google has launched the Mobile Vulnerability Rewards Program, a new bug bounty program that will pay security researchers for flaws found in the company's Android applications. As the company said, the main goal behind the Mobile VRP is to speed up the process of finding and fixing weaknesses in first-party Android apps, developed or maintained by Google.
The authors of the technical paper published on Arxiv.org also found that biometric data on the fingerprint sensors' Serial Peripheral Interface were inadequately protected, allowing for a man-in-the-middle attack to hijack fingerprint images. The idea of BrutePrint is to perform an unlimited number of fingerprint image submissions to the target device until the user-defined fingerprint is matched.
Trend Micro has not elaborated on how Lemon Group infects devices with the malicious firmware containing Guerilla but clarified that the devices its analysts examined had been re-flashed with new ROMs. The analysts identified over 50 different ROMs infected with initial malware loaders, targeting various Android device vendors. "The criminal group has infected millions of android devices, mainly mobile phones, but also smart watches, smart TVs and more," reads the description of Trend Micro's Black Hat talk.
A cybercrime enterprise known as Lemon Group is leveraging millions of pre-infected Android smartphones worldwide to carry out their malicious operations, posing significant supply chain risks. The activity encompasses no fewer than 8.9 million compromised Android devices, particularly budget phones, with a majority of the infections discovered in the U.S., Mexico, Indonesia, Thailand, Russia, South Africa, India, Angola, the Philippines, and Argentina.