Security News

In a presentation at the Black Hat Europe security conference, researchers from the International Institute of Information Technology at Hyderabad said that their tests showed that most password managers for Android are vulnerable to AutoSpill, even if there is no JavaScript injection. Password managers on Android use the platform's WebView framework to automatically type in a user's account credentials when an app loads the login page to services like Apple, Facebook, Microsoft, or Google.

A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of...

A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices. Tracked as CVE-2023-45866, the issue relates to a case of...

More than a dozen malicious loan apps, which are generically named SpyLoan, have been downloaded more than 12 million times this year from Google Play but the count is much larger since they are also available on third-party stores and suspicious websites. Since the start of the year, cybersecurity company ESET, a member of the App Defense Alliance dedicated to detecting and eradicating malware from Google Play, has discovered 18 SpyLoan apps.

Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution bug. "The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation," the advisory explains.

Cybersecurity researchers have disclosed a new sophisticated Android malware called FjordPhantom that has been observed targeting users in Southeast Asian countries like Indonesia, Thailand, and...

A new Android malware named FjordPhantom has been discovered using virtualization to run malicious code in a container and evade detection. The malware was discovered by Promon, whose analysts report that it currently spreads via emails, SMS, and messaging apps targeting banking apps in Indonesia, Thailand, Vietnam, Singapore, and Malaysia.

An Android malware campaign targeting Iranian banks has expanded its capabilities and incorporated additional evasion tactics to fly under the radar. That's according to a new report from...

Android smartphone users in India are the target of a new malware campaign that employs social engineering lures to install fraudulent apps that are capable of harvesting sensitive data. “Using...

A new malware is bypassing an Android 13 security measure that restricts permissions to apps downloaded out of the legitimate Google Play Store. A new report from ThreatFabric, a fraud protection company, exposes SecuriDropper malware, which is capable of bypassing Android 13 restricted settings.