Security News

Microsoft has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its "Complex multi-step attack flow" and an improved mechanism to evade security analysis. Toll fraud belongs to a category of billing fraud wherein malicious mobile applications come with hidden subscription fees, roping in unsuspecting users to premium content without their knowledge or consent.

"The Amazon access token is used to authenticate the user across multiple Amazon APIs, some of which contain personal data such as full name, email, and address," Checkmarx researchers João Morais and Pedro Umbelino said. "Others, like the Amazon Drive API, allow an attacker full access to the user's files."

Amazon Photos is an image and video storage application that enables users to seamlessly share their snaps with up to five family members, offering powerful management and organization features. Exploiting this bug could have enabled a malicious app installed on the same device to snatch Amazon access tokens used for Amazon APIs authentication.

A previously unknown Android banking trojan has been discovered in the wild, targeting users of the Spanish financial services company BBVA. Said to be in its early stages of development, the malware - dubbed Revive by Italian cybersecurity firm Cleafy - was first observed on June 15, 2022 and distributed by means of phishing campaigns. "The name Revive has been chosen since one of the functionality of the malware is restarting in case the malware stops working, Cleafy researchers Federico Valentini and Francesco Iubatti said in a Monday write-up."

A new Android banking malware named Revive has been discovered that impersonates a 2FA application required to log into BBVA bank accounts in Spain. The new banking trojan follows a more focused approach targeting the BBVA bank instead of attempting to compromise customers of multiple financial institutes.

Bitwarden is so well designed and developed that anyone can use the app with very little problem. Let's dig into this feature, so you can take full advantage of Bitwarden on Android.

The iOS application does not trigger any alert since it is signed with a certificate from a company named 3-1 Mobile SRL, enrolled in the Apple Developer Enterprise Program. The Android malicious software requires the targeted user to allow the installation of applications from unknown sources.

Google is warning victims in Kazakhstan and Italy that they are being targeted by Hermit, a sophisticated and modular spyware from Italian vendor RCS Labs that not only can steal data but also record and make calls. Researchers from Google Threat Analysis Group revealed details in a blog post Thursday by TAG researchers Benoit Sevens and Clement Lecigne about campaigns that send a unique link to targets to fake apps impersonating legitimate ones to try to get them to download and install the spyware.

We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. This app in fact infected the device with RCS's spyware.

Google's Threat Analysis Group revealed today that RCS Labs, an Italian spyware vendor, has received help from some Internet service providers to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools. RCS Labs is just one of more than 30 spyware vendors whose activity is currently tracked by Google, according to Google TAG analysts Benoit Sevens and Clement Lecigne.