Security News

Google has officially begun rolling out support for passkeys, the next-generation passwordless login standard, to its stable version of Chrome web browser. This calls for websites to build passkey support on their sites using the WebAuthn API. Essentially, the technology works by creating a unique cryptographic key pair to associate with an account for the app or website during account registration.

Threat researchers have discovered an obfuscation platform that attaches malware to legitimate Android applications to lure users to install the malicious payload and make it difficult for security tools to detect. Analysts with cybersecurity vendor ThreatFabric found the platform, named "Zombinder," on the darknet while investigating a campaign that targeted both Android and Windows users with different types of malware.

The Tor Project team has announced the release of Tor Browser 12.0, a major version release introducing support for Apple Silicon chips and several enhancements for the Android version. Tor browser version 12.0 is based on Firefox 102, an upgrade from Firefox version 91, which was used as the base for the previous Tor release, v11.5.

Google has disclosed more technical details about how Private Compute Core on Android works and keeps sensitive user data processed locally on protected devices. The isolation of PCC from all other apps is achieved by using the Android Framework API for all data inputs and outputs from and to the PCC, facilitated by permissions granted during OS installation.

Researchers have shed light on a new hybrid malware campaign targeting both Android and Windows operating systems in a bid to expand its pool of victims. The attacks entail the use of different malware such as ERMAC, Erbium, Aurora, and Laplas, according to a ThreatFabric report shared with The Hacker News.

A darknet platform dubbed 'Zombinder' allows threat actors to bind malware to legitimate Android apps, causing victims to infect themselves while still having the full functionality of the original app to evade suspicion. This new platform was discovered by cybersecurity firm ThreatFabric, which spotted malicious Windows and Android campaigns distributing multiple malware families.

Google has released the December 2022 security update for Android, fixing four critical-severity vulnerabilities, including a remote code execution flaw exploitable via Bluetooth. CVE-2022-20472 - Remote code execution flaw in Android Framework, impacting Android versions 10 to 13.

Compromised Android platform certificate keys from device makers including Samsung, LG and Mediatek are being used to sign malware and deploy spyware, among other software nasties. Googler Łukasz Siewierski found and reported the security issue and it's a doozy that allows malicious applications signed with one of the compromised certificates to gain the same level of privileges as the Android operating system - essentially unfettered access to the victim's device.

A new set of Android malware, phishing, and adware apps have infiltrated the Google Play store, tricking over two million people into installing them. One app illustrated by Dr. Web that has amassed one million downloads is TubeBox, which remains available on Google Play at the time of writing this.

Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. "A platform certificate is the application signing certificate used to sign the 'android' application on the system image," a report filed through the Android Partner Vulnerability Initiative reads.