Security News

The GravityRAT remote access trojan is being distributed in the wild again, this time under the guise of an end-to-end encrypted chat application called SoSafe Chat. In 2020, the malware was targeting people via an Android app named 'Travel Mate Pro,' but since the pandemic has slowed down traveling, the actors moved to a new guise.

Two Android apps available on the Google Play store have been found to contain malware this week. Smart TV remote app packs 'Joker' malware.

Researchers discovered new Android spyware that provides similar capabilities to NSO Group's Pegasus controversial software. PhoneSpy disguises itself as a legitimate application and gives attackers complete access to data stored on a mobile device and grants full control over the targeted device, according to a Zimperium zLabs report published Wednesday.

An ongoing spyware campaign dubbed 'PhoneSpy' targets South Korean users via a range of lifestyle apps that nest in the device and silently exfiltrate data. The campaign deploys a powerful Android malware capable of stealing sensitive information from the users and taking over the device's microphone and camera.

A new Android malware known as MasterFred uses fake login overlays to steal the credit card information of Netflix, Instagram, and Twitter users. This new Android banking trojan also targets bank customers with custom fake login overlays in multiple languages.

Jack Wallen makes his case for Android users to switch from Chrome as their default browsers. I'm going to be honest here, I don't use a web browser very often on Android.

Google has rolled out its monthly security patches for Android with fixes for 39 flaws, including a zero-day vulnerability that it said is being actively exploited in the wild in limited, targeted attacks. Tracked as CVE-2021-1048, the zero-day bug is described as a use-after-free vulnerability in the kernel that can be exploited for local privilege escalation.

Google has rolled out its monthly security patches for Android with fixes for 39 flaws, including a zero-day vulnerability that it said is being actively exploited in the wild in limited, targeted attacks. Tracked as CVE-2021-1048, the zero-day bug is described as a use-after-free vulnerability in the kernel that can be exploited for local privilege escalation.

Among Google's November Android security updates is a patch for a zero-day weakness that "May be under limited, targeted exploitation," the company said. In this case, it can be exploited for local escalation of privilege and, when paired with a remote code execution bug, an exploit could allow attackers to gain administrative control over a targeted system.

Google has released the Android November 2021 security updates, which address 18 vulnerabilities in the framework and system components, and 18 more flaws in the kernel and vendor components. Not many technical details have been released around this flaw yet, as original equipment manufacturers are currently working on merging the patch with their custom builds, so most Android users are vulnerable.