Security News

These Android Apps with a Million Play Store Installations Redirect Users to Malicious Sites
2022-11-02 11:47

A set of four Android apps released by the same developer has been discovered directing victims to malicious websites as part of an adware and information-stealing campaign. The apps, published by a developer named Mobile apps Group and currently available on the Play Store, have been collectively downloaded over one million times.

Experts Warn of SandStrike Android Spyware Infecting Devices via Malicious VPN App
2022-11-02 09:39

A previously undocumented Android spyware campaign has been found striking Persian-speaking individuals by masquerading as a seemingly harmless VPN application. Russian cybersecurity firm Kaspersky is tracking the campaign under the moniker SandStrike.

Malicious Android apps with 1M+ installs found on Google Play
2022-11-01 20:03

At the time of publishing, the apps are still present on Google Play under a developer account called Mobile apps Group, and have a total install count of more than one million. According to a report from Malwarebytes, the same developer was exposed twice in the past for distributing adware on Google Play but it was allowed to continue publishing apps after submitting cleaned versions.

New SandStrike spyware infects Android devices via malicious VPN app
2022-11-01 15:29

Threat actors are using newly discovered spyware known as SandStrike and delivered via a malicious VPN application to target Android users. The attackers are promoting the malicious VPN app as a simple way to circumvent censorship of religious materials in certain regions.

Android malware droppers with 130K installs found on Google Play
2022-10-28 10:00

A set of Android malware droppers were found infiltrating the Google Play store to install banking trojans pretending to be app updates. Malware droppers are a challenging category of apps to stop because they do not contain malicious code themselves and thus can more easily pass Google Play reviews when submitted to the store.

Drinik Android malware now targets users of 18 Indian banks
2022-10-27 17:10

A new version of the Drinik Android trojan targets 18 Indian banks, masquerading as the country's official tax management app to steal victims' personal information and banking credentials. Drinik has been circulating in India since 2016, operating as an SMS stealer, but in September 2021, it added banking trojan features that target 27 financial institutes by directing victims to phishing pages.

Kimsuky Hackers Spotted Using 3 New Android Malware to Target South Koreans
2022-10-26 15:50

The North Korean espionage-focused actor known as Kimsuky has been observed using three different Android malware strains to target users located in its southern counterpart. That's according to findings from South Korean cybersecurity company S2W, which named the malware families FastFire, FastViewer, and FastSpy.

Typosquat campaign mimics 27 brands to push Windows, Android malware
2022-10-23 14:17

A massive, malicious campaign is underway using over 200 typosquatting domains that impersonate twenty-seven brands to trick visitors into downloading various Windows and Android malware. Some of the malicious sites were discovered by cyber-intelligence firm Cyble, which published a report this week focusing on domains mimicking popular Android app stores like Google Play, APKCombo, and APKPure, as well as download portals for PayPal, VidMate, Snapchat, and TikTok.

Android adware apps in Google Play downloaded over 20 million times
2022-10-22 16:12

Security researchers at McAfee have discovered a set of 16 malicious clicker apps that managed to sneak into Google Play, the official app store for Android. Clicker apps are a special category of adware that loads ads in invisible frames or in the background and clicks them to generate revenue for their operators.

Hackers Using New Version of FurBall Android Malware to Spy on Iranian Citizens
2022-10-20 11:33

The Iranian threat actor known as Domestic Kitten has been attributed to a new mobile campaign that masquerades as a translation app to distribute an updated variant of an Android malware known as FurBall. "Since June 2021, it has been distributed as a translation app via a copycat of an Iranian website that provides translated articles, journals, and books," ESET researcher Lukas Stefanko said in a report shared with The Hacker News.