Security News

Threat actors are using newly discovered spyware known as SandStrike and delivered via a malicious VPN application to target Android users. The attackers are promoting the malicious VPN app as a simple way to circumvent censorship of religious materials in certain regions.

A set of Android malware droppers were found infiltrating the Google Play store to install banking trojans pretending to be app updates. Malware droppers are a challenging category of apps to stop because they do not contain malicious code themselves and thus can more easily pass Google Play reviews when submitted to the store.

A new version of the Drinik Android trojan targets 18 Indian banks, masquerading as the country's official tax management app to steal victims' personal information and banking credentials. Drinik has been circulating in India since 2016, operating as an SMS stealer, but in September 2021, it added banking trojan features that target 27 financial institutes by directing victims to phishing pages.

The North Korean espionage-focused actor known as Kimsuky has been observed using three different Android malware strains to target users located in its southern counterpart. That's according to findings from South Korean cybersecurity company S2W, which named the malware families FastFire, FastViewer, and FastSpy.

A massive, malicious campaign is underway using over 200 typosquatting domains that impersonate twenty-seven brands to trick visitors into downloading various Windows and Android malware. Some of the malicious sites were discovered by cyber-intelligence firm Cyble, which published a report this week focusing on domains mimicking popular Android app stores like Google Play, APKCombo, and APKPure, as well as download portals for PayPal, VidMate, Snapchat, and TikTok.

Security researchers at McAfee have discovered a set of 16 malicious clicker apps that managed to sneak into Google Play, the official app store for Android. Clicker apps are a special category of adware that loads ads in invisible frames or in the background and clicks them to generate revenue for their operators.

The Iranian threat actor known as Domestic Kitten has been attributed to a new mobile campaign that masquerades as a translation app to distribute an updated variant of an Android malware known as FurBall. "Since June 2021, it has been distributed as a translation app via a copycat of an Iranian website that provides translated articles, journals, and books," ESET researcher Lukas Stefanko said in a report shared with The Hacker News.

A new version of the 'FurBall' Android spyware has been found targeting Iranian citizens in mobile surveillance campaigns conducted by the Domestic Kitten hacking group, also known as APT-C-50. The newest FurBall malware version was sampled and analyzed by ESET researchers, who report it has many similarities with earlier versions, but now comes with obfuscation and C2 updates.

As many as 16 malicious apps with over 20 million cumulative downloads have been taken down from the Google Play Store after they were caught committing mobile ad fraud. The Clicker malware masqueraded as seemingly harmless utilities like cameras, currency/unit converters, QR code readers, note-taking apps, and dictionaries, among others, in a bid to trick users into downloading them, cybersecurity firm McAfee said.

In a bid to prioritize security and privacy, Signal has announced that it will soon phase out SMS and MMS messaging support on Android. Signal now thinks it has reached the point where SMS support for Android users will be expunged to allow them to focus on security and privacy offerings on the Signal platform.