Security News

A banking trojan for Android that researchers call Fakecalls comes with a powerful capability that enables it to take over calls to a bank's customer support number and connect the victim directly with the cybercriminals operating the malware. While the victim sees the bank's real number on the screen, the connection is to the cybercriminals, who can pose as the bank's customer support representatives and obtain details that would give them access to the victim's funds.

A new Android banking malware named Octo has appeared in the wild, featuring remote access capabilities that allow malicious operators to perform on-device fraud. Octo is an evolved Android malware based on ExoCompact, a malware variant based on the Exo trojan that quit the cybercrime space and had its source code leaked in 2018.

Google has announced several key policy changes for Android application developers that will increase the security of users, Google Play, and the apps offered by the service. These new developer requirements will take effect between May 11th through November 1st, 2022, giving developers enough time to adjust to the new changes.

Mobile malware analysts warn about a set of applications available on the Google Play Store, which collected sensitive user data from over 45 million installs of the apps. The apps collected this data through a third-party SDK that includes the ability to capture clipboard content, GPS data, email addresses, phone numbers, and even the user's modem router MAC address and network SSID. This sensitive data could lead to significant privacy risks for the users if misused or leaked due to poor server/database security.

Malicious Android apps found masquerading as legitimate antivirus tools. In a report released Thursday, the cyber threat intelligence provider detailed its discovery of six apps in Google Play that appeared to be antivirus software but actually tried to install malware capable of stealing credentials and financial data.

If you go off-market, things can get much more dangerous, not least because there are many unofficial Android app stores out there where pretty much anything goes, including some app repositories that deliberately pitch themselves as a handy place to get at software that Google "Doesn't want you to have". As an aside, you might think that no one would deliberately seek out apps that clearly wouldn't be permitted on Google Play, or that have already been rejected by Google.

An Android spyware application has been spotted masquerading as a "Process Manager" service to stealthily siphon sensitive information stored in the infected devices. "When the application is run, a warning appears about the permissions granted to the application," Lab52 researchers said.

A previously unknown Android malware uses the same shared-hosting infrastructure previously seen used by the Russian APT group known as Turla, though attribution to the hacking group is weak at best. Researchers from Lab52 identified a malicious APK [VirusTotal] named "Process Manager" that acts as Android spyware, uploading information to the threat actors.

A previously unknown Android malware has been linked to the Turla hacking group after discovering the app used infrastructure previously attributed to the threat actors. Researchers from Lab52 identified a malicious APK [VirusTotal] named "Process Manager" that acts as Android spyware, uploading information to the threat actors.

Researchers have blown the lid off a sophisticated malicious scheme primarily targeting Chinese users via copycat apps on Android and iOS that mimic legitimate digital wallet services to siphon cryptocurrency funds. The wallet services are said to have been distributed through a network of over 40 counterfeit wallet websites that are promoted with the help of misleading articles posted on legitimate Chinese websites, as well as by means of recruiting intermediaries through Telegram and Facebook groups, in an attempt to trick unsuspecting visitors into downloading the malicious apps.