Security News

Google has rolled out its monthly security patches for Android with fixes for 39 flaws, including a zero-day vulnerability that it said is being actively exploited in the wild in limited, targeted attacks. Tracked as CVE-2021-1048, the zero-day bug is described as a use-after-free vulnerability in the kernel that can be exploited for local privilege escalation.

Among Google's November Android security updates is a patch for a zero-day weakness that "May be under limited, targeted exploitation," the company said. In this case, it can be exploited for local escalation of privilege and, when paired with a remote code execution bug, an exploit could allow attackers to gain administrative control over a targeted system.

Google has released the Android November 2021 security updates, which address 18 vulnerabilities in the framework and system components, and 18 more flaws in the kernel and vendor components. Not many technical details have been released around this flaw yet, as original equipment manufacturers are currently working on merging the patch with their custom builds, so most Android users are vulnerable.

A new and dangerous form of malware for rooting Android phones has been spotted in 19 apps on Google's Play store, as well as in several in the Amazon Appstore, the Samsung Galaxy Store, and other third-party sites. Dubbed AbstractEmu by bug-hunters at Lookout, who first spotted the code, the malware would give full access to all functions on an Android device and would be almost impossible to remove without doing a full system wipe.

An unidentified threat actor has been linked to a new Android malware strain that features the ability to root smartphones and take complete control over infected smartphones while simultaneously taking steps to evade detection. Lookout Threat Labs said it found a total of 19 Android applications that posed as utility apps and system tools like password managers, money managers, app launchers, and data saving apps, seven of which contained the rooting functionality.

A new variant of the Android info-stealer called FakeCop has been spotted by Japanese security researchers, who warn that the distribution of the malicious APK is picking up pace. Osumi, Yusuke October 19, 2021 Masked as a popular security tool.

New Android malware can root infected devices to take complete control and silently tweak system settings, as well as evade detection using code abstraction and anti-emulation checks. The malware, dubbed AbstractEmu by security researchers at the Lookout Threat Labs who found it, was bundled with 19 utility apps distributed via Google Play and third-party app stores.

A set of seemingly innocuous Android apps have been infecting Israeli users with spyware since 2018, and the campaign continues to this day. The spyware-laden apps were discovered by researchers at Qihoo 360 who found various apps disguised as social applications, Threema, Al-Aqsa Radio, Al-Aqsa Mosque, Jerusalem Guide, PDF viewer, Wire, and other applications.

A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge. The premium SMS scam campaign - dubbed "UltimaSMS" - is believed to commenced in May 2021 and involved apps that cover a wide range of categories, including keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and games, with most of the fraudulent apps downloaded by users in Egypt, Saudi Arabia, Pakistan, the U.A.E., Turkey, Oman, Qatar, Kuwait, the U.S., and Poland.

Threat actors are using malicious Android apps to scam users into signing up for a bogus premium SMS subscription service, which results in big charges accruing on their phone bills. All of the offerings are "Essentially copies of the same fake app used to spread the premium SMS scam campaign," Vavra explained, which he said likely indicates that one bad actor or group is behind the entire campaign.