Security News

A hacking group dubbed OilAlpha with suspected ties to Yemen's Houthi movement has been linked to a cyber espionage campaign targeting development, humanitarian, media, and non-governmental organizations in the Arabian peninsula. OilAlpha is the new cryptonym given by Recorded Future to two overlapping clusters previously tracked by the company under the names TAG-41 and TAG-62 since April 2022.

A new Android malware called 'FluHorse' has been discovered, targeting users in Eastern Asia with malicious apps that imitate legitimate versions. The apps mimicked by the FluHorse carrier apps are 'ETC,' a toll-collection app used in Taiwan, and 'VPBank Neo,' a banking app in Vietnam.

Roid security updates released this month patch a high-severity vulnerability exploited as a zero-day to install commercial spyware on compromised devices. According to a Google Threat Analysis Group report published in March, it was exploited as part of a complex chain of multiple 0-days and n-days in a spyware campaign targeting Samsung Android phones.

Various sectors in East Asian markets have been subjected to a new email phishing campaign that distributes a previously undocumented strain of Android malware called FluHorse that abuses the Flutter software development framework. "The malware features several malicious Android applications that mimic legitimate applications, most of which have more than 1,000,000 installs," Check Point said in a technical report.

A new Android subscription malware named Fleckpe has been unearthed on the Google Play Store, amassing more than 620,000 downloads in total since 2022. Kaspersky, which identified 11 apps on the official app storefront, said the malware masqueraded as legitimate photo editing apps, camera, and smartphone wallpaper packs.

A new Android subscription malware named 'Fleckpe' has been spotted on Google Play, the official Android app store, disguised as legitimate apps downloaded over 620,000 times. Kaspersky reveals that Fleckpe is the newest addition to the realm of malware that generates unauthorized charges by subscribing users to premium services, joining the ranks of other malicious Android malware, such as Jocker and Harly.

A new Android surveillanceware possibly used by the Iranian government has been used to spy on over 300 individuals belonging to minority groups. "The spyware may also have been used in efforts to counter and monitor illegal trafficking activity related to arms, drugs, and alcohol," Lookout said, based on exfiltrated data that contained photos of drugs, firearms, and official documents issued by FARAJA. BouldSpy, like other Android malware families, abuses its access to Android's accessibility services and other intrusive permissions to harvest sensitive data such as web browser history, photos, contact lists, SMS logs, keystrokes, screenshots, clipboard content, microphone audio, and video call recordings.

A set of 38 Minecraft copycat games on Google Play infected devices with the Android adware 'HiddenAds' to stealthily load ads in the background to generate revenue for its operators. Minecraft is a popular sandbox game with 140 million monthly active players, which numerous game publishers have attempted to recreate.

A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads. An additional eight million installations have been tracked through ONE store, a leading third-party app storefront in South Korea.

A new Android trojan called 'Chameleon' has been targeting users in Australia and Poland since the start of the year, mimicking the CoinSpot cryptocurrency exchange, an Australian government agency, and the IKO bank. The mobile malware was discovered by cybersecurity firm Cyble, which reports seeing distribution through compromised websites, Discord attachments, and Bitbucket hosting services.