Security News

Google this week announced a series of updates to its Google Play policies that are meant to improve overall user privacy and security and provide more control over ads personalization. As per the new policy, all applications in Google Play will be required to detail their privacy and security practices by April 2022.

A previously undocumented Android-based remote access trojan has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud. "For the first time we are seeing an Android banking trojan that has screen recording and keylogging as the main strategy to harvest login credentials in an automated and scalable way," researchers from ThreatFabric said in a write-up shared with The Hacker News.

An Android malware that was observed abusing accessibility services in the device to hijack user credentials from European banking applications has morphed into an entirely new botnet as part of a renewed campaign that began in May 2021. Italy's CERT-AGID, in late January, disclosed details about Oscorp, a mobile malware developed to attack multiple financial targets with the goal of stealing funds from unsuspecting victims.

Google Play Protect, the Android built-in malware defense system, has failed the real-world tests of antivirus testing lab AV-TEST after detecting just over two thirds out of more than 20,000 malicious apps it was pitted against. While always running and scanning every app installed and launched on the device, "The endurance test revealed that this service does not provide particularly good security: every other security app offers better protection than Google Play Protect."

Google has announced today more details regarding their upcoming Google Play 'Safety section' feature that provides users information about the data collected and used by an Android app. In May, Google pre-announced upcoming changes to the Google Play Store requiring app developers to share what info their apps collect, how collected data is used, and what privacy/security features the apps utilize.

An advanced persistent threat actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims. "To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks," Trend Micro researchers Zhengyu Dong, Fyodor Yarochkin, and Steven Du said in a technical write-up published Wednesday.

During Windows 11's June 2021 event, Microsoft confirmed that Android apps are coming to Windows 11 and users will be able to try mobile apps on the desktop operating system. Amazon has already confirmed that its Appstore will support Android App Bundles, the next-generation Android app standard format that will eventually replace the current APK format.

Roid 12 adds killswitches for both the mic and camera. With Android 12, you simply tap the killswitch for either the camera or the mic and then investigate why this happened in the first place.

Joker has been around since 2017, disguising itself within common, legitimate apps like camera apps, games, messengers, photo editors, translators and wallpapers. Once installed, Joker apps silently simulate clicks and intercept SMS messages to subscribe victims to unwanted, paid premium services controlled by the attackers - a type of billing fraud that researchers categorize as "Fleeceware." The apps also steal SMS messages, contact lists and device information.

Messaging apps are becoming some of the most popular smartphone programs in the world, and that means more attempts to phish their users, Kaspersky finds. New data from Kaspersky reveals that messaging apps for Android devices are wildly popular targets for phishing scammers.