Security News

Russian threat actors capitalized on the ongoing conflict against Ukraine to distribute Android malware camouflaged as an app for pro-Ukrainian hacktivists to launch distributed denial-of-service attacks against Russian sites. "The apps were not distributed through the Google Play Store, but hosted on a domain controlled by the actor and disseminated via links on third party messaging services."

Google on Tuesday officially announced support for DNS-over-HTTP/3 for Android devices as part of a Google Play system update designed to keep DNS queries private. To that end, Android smartphones running Android 11 and higher are expected to use DoH3 instead of DNS-over-TLS, which was incorporated into the mobile operating system with Android 9.0.

Google has added support for the DNS-over-HTTP/3 protocol on Android 11 and later to increase the privacy of DNS queries while providing better performance. Roid previously supported DNS-over-TLS for version 9 and later to bolster DNS query privacy, but this system inevitably slowed down DNS requests due to the encryption overhead. Moreover, DoT requires a complete renegotiation of the new connection when changing networks.

Kremlin-backed criminals are trying to trick people into downloading Android malware by spoofing a Ukrainian military group, according to Google security researchers. The CyberAzov app promises to "Help stop Russian aggression against Ukraine" by deploying Denial of Service attacks against set Russian targets, according to the phony website.

Cybersecurity researchers have discovered three Android malware families infiltrating the Google Play Store, hiding their malicious payloads inside many seemingly innocuous applications. The malicious activities suffered by users who installed the malware apps included stolen data, social media account takeovers, SMS interception, and unauthorized charges to their mobile numbers.

Google's Threat Analysis Group, whose primary goal is to defend Google users from state-sponsored attacks, said today that Russian-backed threat groups are still focusing their attacks on Ukrainian organizations. In a report regarding recent cyber activity in Eastern Europe, Google TAG security engineer Billy Leonard revealed that hackers part of the Turla Russian APT group have also been spotted deploying their first Android malware.

Taiwan, South Korea, Japan, the US, and the U.K. the Roaming Mantis operation moved to targeting Android and iOS users in France, likely compromising tens of thousands of devices. Roaming Mantis is believed to be a financially-motivated threat actor that started targeting European users in February.

Google has removed eight apps from its Google Play store that were propagating a new variant of the Joker spyware, but not before they already had garnered more than 3 million downloads. The trojan would hide in the advertisement frameworks utilized by the malicious apps propagating it; these frameworks aggregate and serve in-app ads.

A new Android malware family on the Google Play Store that secretly subscribes users to premium services was downloaded over 3,000,000 times. The malware, named 'Autolycos,' was discovered by Evina's security researcher Maxime Ingrao to be in at least eight Android applications, two of which are still available on the Google Play Store at the time of this writing.

Microsoft has released an update for the Windows Subsystem for Android, allowing all Windows 11 Insiders to use their VPN's IP address with Android apps. In May, Microsoft introduced a new 'Advanced Networking' feature to Windows 11 builds on the Dev channel, which made the Windows Subsystem for Android virtual machine and host share the same IP address.