Security News

Facebook today open-sourced a static analysis tool its software and security engineers use internally to find potentially dangerous security and privacy flaws in the company's Android and Java applications. "A flow from sources to sinks indicate that for example user passwords may get logged into a file, which is not desirable and is called as an 'issue' under the context of Mariana Trench," Facebook Software Engineer Dominik Gabi said.

More than 10 million Android users have been saddled with a malware called GriftHorse that's trojanizing various applications and secretly subscribing victims to premium mobile services - a type of billing fraud that researchers categorize as "Fleeceware." Zimperium uncovered more than 130 GriftHorse apps being distributed through both Google Play and third-party application stores, across all categories.

A large-scale malware campaign has infected more than 10 million Android devices from over 70 countries and likely stole hundreds of millions from its victims by subscribing to paid services without their knowledge. According to the researchers' estimates, the cybercriminals could steal millions in recurring payments every month from victims around the world.

A new and devious SMS malware campaign is trying to infect people via their mobile devices by promising details about COVID-19. Aimed at Android users in the U.S. and Canada, the malware known as TangleBot can make and block phone calls, send text messages, and overlay malicious screens on a compromised device, said a new report from security firm Cloudmark.

The operators behind the BlackRock mobile malware have surfaced back with a new Android banking trojan called ERMAC that targets Poland and has its roots in the infamous Cerberus malware, according to the latest research. "The new trojan already has active distribution campaigns and is targeting 378 banking and wallet apps with overlays," ThreatFabric's CEO Cengiz Han Sahin said in an emailed statement.

An Android malware called TangleBot has weaved its way onto the cyber-scene: One that researchers said can perform a bouquet of malicious actions, including stealing personal info and controlling apps and device functions. The site tells users they need an "Adobe Flash update." If they click on the subsequent dialog boxes, TangleBot malware installs.

An "Insidious" new SMS smishing malware has been found targeting Android mobile users in the U.S. and Canada as part of a new campaign that uses SMS text message lures related to COVID-19 regulations and vaccine information in an attempt to steal personal and financial data. Proofpoint's messaging security subsidiary Cloudmark coined the emerging malware "TangleBot."

Google on Friday said it's bringing an Android 11 feature that auto-resets permissions granted to apps that haven't been used in months, to devices running Android versions 6 and above. The expansion is expected to go live later this year in December 2021 and enabled on Android phones with Google Play services running Android 6.0 or higher, which the company said should cover "Billions more devices." Google officially released Android 6.0 Marshmallow on October 5, 2015.

Google announced today that support for a recently released Android privacy protection feature would be backported to billions of devices running older Android versions later this year. When this feature starts rolling out to older Android devices, it will be made available on all devices with Google Play services and running Android 6.0 up to and including Android 10.

Microsoft says a OneDrive issue prevents some Android users from uploading photos and videos from their camera roll to the cloud. OneDrive Android customers impacted by this problem are seeing "Camera upload is paused. To activate camera upload, give OneDrive permission to access your photos and media." errors.