Security News

Mobile security firm Zimperium, which first identified the GriftHorse Android Trojan, says the malware has infected more than 10 million Android devices worldwide; a fraction of one per cent of active 'droid devices, but still misery for literally millions of people. In a blog post on Wednesday, Zimperium researchers Aazim Yaswant and Nipun Gupta said that Trojan code dubbed GriftHorse has been spotted in more than 200 malicious apps in at least 70 different countries and has been afflicting Android phones since November 2020.

A newly discovered "Aggressive" mobile campaign has infected north of 10 million users from over 70 countries via seemingly innocuous Android apps that subscribe the individuals to premium services costing €36 per month without their knowledge. Zimperium zLabs dubbed the malicious trojan "GriftHorse." The money-making scheme is believed to have been under active development starting from November 2020, with victims reported across Australia, Brazil, Canada, China, France, Germany, India, Russia, Saudi Arabia, Spain, the U.K., and the U.S. No fewer than 200 trojan applications were used in the campaign, making it one of the most widespread scams to have been uncovered in 2021.

Facebook on Wednesday announced it's open-sourcing Mariana Trench, an Android-focused static analysis platform the company uses to detect and prevent security and privacy bugs in applications created for the mobile operating system at scale. In a nutshell, the utility allows developers to frame rules for different data flows to scan the codebase for in order to unearth potential issues - say, intent redirection flaws that could result in the leak of sensitive data or injection vulnerabilities that would allow adversaries to insert arbitrary code - explicitly setting boundaries as to where user-supplied data entering the app is allowed to come from and flow into such as a database, file, web view, or a log.

Facebook today open-sourced a static analysis tool its software and security engineers use internally to find potentially dangerous security and privacy flaws in the company's Android and Java applications. "A flow from sources to sinks indicate that for example user passwords may get logged into a file, which is not desirable and is called as an 'issue' under the context of Mariana Trench," Facebook Software Engineer Dominik Gabi said.

More than 10 million Android users have been saddled with a malware called GriftHorse that's trojanizing various applications and secretly subscribing victims to premium mobile services - a type of billing fraud that researchers categorize as "Fleeceware." Zimperium uncovered more than 130 GriftHorse apps being distributed through both Google Play and third-party application stores, across all categories.

A large-scale malware campaign has infected more than 10 million Android devices from over 70 countries and likely stole hundreds of millions from its victims by subscribing to paid services without their knowledge. According to the researchers' estimates, the cybercriminals could steal millions in recurring payments every month from victims around the world.

A new and devious SMS malware campaign is trying to infect people via their mobile devices by promising details about COVID-19. Aimed at Android users in the U.S. and Canada, the malware known as TangleBot can make and block phone calls, send text messages, and overlay malicious screens on a compromised device, said a new report from security firm Cloudmark.

The operators behind the BlackRock mobile malware have surfaced back with a new Android banking trojan called ERMAC that targets Poland and has its roots in the infamous Cerberus malware, according to the latest research. "The new trojan already has active distribution campaigns and is targeting 378 banking and wallet apps with overlays," ThreatFabric's CEO Cengiz Han Sahin said in an emailed statement.

An Android malware called TangleBot has weaved its way onto the cyber-scene: One that researchers said can perform a bouquet of malicious actions, including stealing personal info and controlling apps and device functions. The site tells users they need an "Adobe Flash update." If they click on the subsequent dialog boxes, TangleBot malware installs.

An "Insidious" new SMS smishing malware has been found targeting Android mobile users in the U.S. and Canada as part of a new campaign that uses SMS text message lures related to COVID-19 regulations and vaccine information in an attempt to steal personal and financial data. Proofpoint's messaging security subsidiary Cloudmark coined the emerging malware "TangleBot."