Security News
More than 300,000 users across 71 countries have been victimized by a new Android threat campaign called the Schoolyard Bully Trojan. Mainly designed to steal Facebook credentials, the malware is camouflaged as legitimate education-themed applications to lure unsuspecting users into downloading them.
Three Android applications that allow users to use devices as remote keyboards for their computers have critical vulnerabilities that could expose key presses and enable remote code execution. CVE-2022-45479 - PC Keyboard flow allowing a remote unauthenticated user to send instructions to the server to execute arbitrary code without requiring authorization or authentication.
Over 280 Android and iOS apps on the Google Play and the Apple App stores trapped users in loan schemes with misleading terms and employed various methods to extort and harass borrowers. [...]
A fake Android SMS application, with 100,000 downloads on the Google Play store, has been discovered to secretly act as an SMS relay for an account creation service for sites like Microsoft, Google, Instagram, Telegram, and Facebook. "Fake app I just download this app 4-5 times of OTP by Google, Airtel payment, Bank OTP, dream11 OTP, etc. Type of OTP comes at the time of login," reads one of the reviews.
A threat actor associated with cyberespionage operations since at least 2017 has been luring victims with fake VPN software for Android that is a trojanized version of legitimate software SoftVPN and OpenVPN. Researchers say that the campaign was "Highly targeted" and aimed at stealing contact and call data, device location, as well as messages from multiple apps. ESET malware analyst Lukas Stefanko says that Bahamut repackaged the SoftVPN and OpenVPN apps for Android to include malicious code with spying functions.
A set of five medium-severity security flaws in Arm's Mali GPU driver has continued to remain unpatched on Android devices for months, despite fixes released by the chipmaker. "These fixes have not yet made it downstream to affected Android devices," Project Zero researcher Ian Beer said in a report.
The cyber espionage group known as Bahamut has been attributed as behind a highly targeted campaign that infects users of Android devices with malicious apps designed to extract sensitive information. The activity, which has been active since January 2022, entails distributing rogue VPN apps through a fake SecureVPN website set up for this purpose, Slovak cybersecurity firm ESET said in a new report shared with The Hacker News.
The Android banking fraud malware known as SharkBot has reared its head once again on the official Google Play Store, posing as file managers to bypass the app marketplace's restrictions. SharkBot, first discovered towards the end of 2021 by Cleafy, is a recurring mobile threat distributed both on the Google Play Store and other third-party app stores.
A set of five exploitable vulnerabilities in Arm's Mali GPU driver remain unfixed months after the chip maker patched them, leaving potentially millions of Android devices exposed to attacks. The vulnerability impacts Arm Mali GPU kernel drivers Valhall r29p0 to r38p0.
A new collection of malicious Android apps posing as harmless file managers had infiltrated the official Google Play app store, infecting users with the Sharkbot banking trojan. Because the trojan apps are file managers, it's less likely to raise suspicions when requesting dangerous permissions for loading the Sharkbot malware.