Security News
A newly discovered Android banking Trojan relies on screen recording and keylogging instead of HTML overlays for the capturing of login credentials, according to security researchers at ThreatFabric. ThreatFabric said the mobile malware leverages the Accessibility Services to identify the application running in the foreground and, if the app is in the target list, the malware starts screen recording.
Google is emailing Android users to let them know that, starting late September, they will no longer be able to log in to their Google accounts on devices running Android 2.3.7 and lower. "As part of our ongoing efforts to keep our users safe, Google will no longer allow sign-in on Android devices that run Android 2.3.7 or lower starting September 27, 2021," Android Help Community Manager Zak Pollack explained.
Google has shared details of upcoming changes to Android including the ability to blank a device's advertising ID, and a new safety section for apps in the Play store. The advertising ID is an identifier unique to an Android device which is supplied by Google Play Services.
Google this week announced a series of updates to its Google Play policies that are meant to improve overall user privacy and security and provide more control over ads personalization. As per the new policy, all applications in Google Play will be required to detail their privacy and security practices by April 2022.
A previously undocumented Android-based remote access trojan has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud. "For the first time we are seeing an Android banking trojan that has screen recording and keylogging as the main strategy to harvest login credentials in an automated and scalable way," researchers from ThreatFabric said in a write-up shared with The Hacker News.
An Android malware that was observed abusing accessibility services in the device to hijack user credentials from European banking applications has morphed into an entirely new botnet as part of a renewed campaign that began in May 2021. Italy's CERT-AGID, in late January, disclosed details about Oscorp, a mobile malware developed to attack multiple financial targets with the goal of stealing funds from unsuspecting victims.
Google Play Protect, the Android built-in malware defense system, has failed the real-world tests of antivirus testing lab AV-TEST after detecting just over two thirds out of more than 20,000 malicious apps it was pitted against. While always running and scanning every app installed and launched on the device, "The endurance test revealed that this service does not provide particularly good security: every other security app offers better protection than Google Play Protect."
Google has announced today more details regarding their upcoming Google Play 'Safety section' feature that provides users information about the data collected and used by an Android app. In May, Google pre-announced upcoming changes to the Google Play Store requiring app developers to share what info their apps collect, how collected data is used, and what privacy/security features the apps utilize.
An advanced persistent threat actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims. "To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks," Trend Micro researchers Zhengyu Dong, Fyodor Yarochkin, and Steven Du said in a technical write-up published Wednesday.
During Windows 11's June 2021 event, Microsoft confirmed that Android apps are coming to Windows 11 and users will be able to try mobile apps on the desktop operating system. Amazon has already confirmed that its Appstore will support Android App Bundles, the next-generation Android app standard format that will eventually replace the current APK format.