Security News

FakeCalls Android malware returns with new ways to hide on phones
2023-03-16 19:36

Roid malware 'FakeCalls' is circulating again in South Korea, imitating phone calls for over 20 financial organizations and attempting to fool bankers into giving away their credit card details. "We discovered more than 2500 samples of the FakeCalls malware that used a variety of combinations of mimicked financial organizations and implemented anti-analysis techniques," reads CheckPoint's report.

Outlook app to get built-in Microsoft 365 MFA on Android, iOS
2023-03-13 17:07

Microsoft will soon fast-track multi-factor authentication adoption for its Microsoft 365 cloud productivity platform by adding MFA capabilities to the Outlook email client. The company says in a new Microsoft 365 roadmap entry that users will be able to complete MFA requests for Microsoft 365 apps directly in the Outlook app via a new feature dubbed Authenticator Lite.

Xenomorph Android malware now steals data from 400 banks
2023-03-10 10:24

The Xenomorph Android malware has released a new version that adds significant capabilities to conduct malicious attacks, including a new automated transfer system framework and the ability to steal credentials for 400 banks. "With these new features, Xenomorph is now able to complete automate the whole fraud chain, from infection to funds exfiltration, making it one of the most advanced and dangerous Android Malware trojans in circulation," warns ThreatFabric.

Xenomorph Android Banking Trojan Returns with a New and More Powerful Variant
2023-03-10 10:03

A new variant of the Android banking trojan named Xenomorph has surfaced in the wild, the latest findings from ThreatFabric reveal. "This new version of the malware adds many new capabilities to an already feature-rich Android banker, most notably the introduction of a very extensive runtime engine powered by Accessibility services, which is used by actors to implement a complete ATS framework," the Dutch security firm said in a report shared with The Hacker News.

Android March 2023 update fixes two critical code execution flaws
2023-03-07 14:48

Google has released March 2023 security updates for Android, fixing a total of 60 flaws, and among them, two critical-severity remote code execution vulnerabilities impacting Android Systems running versions 11, 12, and 13. "The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed," reads the security bulletin.

Shein's Android App Caught Transmitting Clipboard Data to Remote Servers
2023-03-07 07:42

An older version of Shein's Android application suffered from a bug that periodically captured and transmitted clipboard contents to a remote server. The Microsoft 365 Defender Research Team said it discovered the problem in version 7.9.2 of the app that was released on December 16, 2021.

Even Top-Ranked Android Apps in Google Play Store Provide Misleading Data Safety Labels
2023-02-24 09:00

An investigation into data safety labels for Android apps available on the Google Play Store has uncovered "Serious loopholes" that allow apps to provide misleading or outright false information. The study, conducted by the Mozilla Foundation as part of its *Privacy Not Included initiative, compared the privacy policies and labels of the 20 most popular paid apps and the 20 most popular free apps on the app marketplace.

Hackers use fake ChatGPT apps to push Windows, Android malware
2023-02-22 21:58

Threat actors are exploiting the popularity of OpenAI's ChatGPT chatbot to distribute malware for Windows and Android, or direct unsuspecting vitims to phishing pages. Security researcher Dominic Alvieri was among the first to notice one such example using the domain "Chat-gpt-pc.online" to infect visitors with the Redline info-stealing malware under the guise of a download for a ChatGPT Windows desktop client.

Google will boost Android security through firmware hardening
2023-02-21 17:30

Google has started working to harden the security of Android at the firmware level, a component of the software stack that interacts directly with the various processors of a system on a chip. The plan is to expand the security in Android devices beyond the operating system, which runs on a multi-core CPU, to the other processors on the SoC for dedicated tasks like cellular communication, media processing, or security modules.

Experts Warn of RambleOn Android Malware Targeting South Korean Journalists
2023-02-17 15:51

Suspected North Korean nation-state actors targeted a journalist in South Korea with a malware-laced Android app as part of a social engineering campaign. The findings come from South Korea-based non-profit Interlab, which coined the new malware RambleOn.