Security News

WhatsApp is rolling out end-to-end encrypted chat backups on iOS and Android to prevent anyone from accessing your chats, regardless of where they are stored. Currently, WhatsApp allows you to create backups of all your chats and store them on online storage services.

A new study by a team of university researchers in the UK has unveiled a host of privacy issues that arise from using Android smartphones. The researchers have focused on Samsung, Xiaomi, Realme, and Huawei Android devices, and LineageOS and /e/OS, two forks of Android that aim to offer long-term support and a de-Googled experience.

An Android app sitting on the Google Play store touts itself to be a photo editor app. Like many Android apps, the "Blender Photo Editor-Easy Photo Background Editor" app comes with the sign-in with Facebook functionality.

Jack Wallen dispenses his bi-annual advice to Android users on how to avoid falling prey to malicious apps and bad actors. Malicious actors count on users not bothering to do even the slightest bit of research or consider the consequences of randomly installing apps.

Google has released the Android October security updates, addressing 41 vulnerabilities, all ranging between high and critical severity. On the 5th of each month, Google releases the complete security patch for the Android OS which contains both the framework and the vendor fixes for that month.

The Flubot banking trojan is using a fake security warning to try to trick Android users into thinking that they've already been infected with Flubot. It's a lie, but it will become a reality if recipients of the text message fall for it and click on the "Install security update" button.

The Flubot malware has switched to a new and likely more effective lure to compromise Android devices, now trying to trick its victims into infecting themselves with the help of fake security updates warning them of Flubot infections. "Your device is infected with the FluBot® malware. Android has detected that your device has been infected," the new Flubot installation page says.

Mobile security firm Zimperium, which first identified the GriftHorse Android Trojan, says the malware has infected more than 10 million Android devices worldwide; a fraction of one per cent of active 'droid devices, but still misery for literally millions of people. In a blog post on Wednesday, Zimperium researchers Aazim Yaswant and Nipun Gupta said that Trojan code dubbed GriftHorse has been spotted in more than 200 malicious apps in at least 70 different countries and has been afflicting Android phones since November 2020.

A newly discovered "Aggressive" mobile campaign has infected north of 10 million users from over 70 countries via seemingly innocuous Android apps that subscribe the individuals to premium services costing €36 per month without their knowledge. Zimperium zLabs dubbed the malicious trojan "GriftHorse." The money-making scheme is believed to have been under active development starting from November 2020, with victims reported across Australia, Brazil, Canada, China, France, Germany, India, Russia, Saudi Arabia, Spain, the U.K., and the U.S. No fewer than 200 trojan applications were used in the campaign, making it one of the most widespread scams to have been uncovered in 2021.

Facebook on Wednesday announced it's open-sourcing Mariana Trench, an Android-focused static analysis platform the company uses to detect and prevent security and privacy bugs in applications created for the mobile operating system at scale. In a nutshell, the utility allows developers to frame rules for different data flows to scan the codebase for in order to unearth potential issues - say, intent redirection flaws that could result in the leak of sensitive data or injection vulnerabilities that would allow adversaries to insert arbitrary code - explicitly setting boundaries as to where user-supplied data entering the app is allowed to come from and flow into such as a database, file, web view, or a log.