Security News

New malware with extensive spyware capabilities steals data from infected Android devices and is designed to automatically trigger whenever new info is ready for exfiltration. Zimperium researchers who spotted it said that it's capable of "Stealing data, messages, images and taking control of Android phones."

Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities - from collecting browser searches to recording audio and phone calls. While malware on Android has previously taken the guise of copycat apps, which go under names similar to legitimate pieces of software, this sophisticated new malicious app masquerades itself as a System Update application to take control of compromised devices.

Facebook's threat intelligence team says it has disrupted a sophisticated Chinese spying team that routinely use iPhone and Android malware to hit journalists, dissidents and activists around the world. The hacking group, known to malware hunters as Evil Eye, has used Facebook to plant links to watering hole websites rigged with exploits for the two major mobile platforms.

Even back in the early days, WebView was problematic because, with a JavaScript bridge enabled, a webpage viewed in WebView could execute code as the WebView application itself. There's the app itself, there are the Android subsystems, there are the apps that depend on WebView, there are the developers who might make use of JavaScript, which then depends on a third-party server that may or may not use SSL properly.

Google has warned Android users that a recently patched vulnerability has been exploited in attacks. The vulnerability in question, tracked as CVE-2020-11261, was patched by Google with the Android security updates released in January 2021.

Google has disclosed that a now-patched vulnerability affecting Android devices that use Qualcomm chipsets is being weaponized by adversaries to launch targeted attacks. "There are indications that CVE-2020-11261 may be under limited, targeted exploitation," the search giant said in an updated January security bulletin on March 18.

Project Zero, Google's zero-day bug-hunting team, discovered a group of hackers that used 11 zero-days in attacks targeting Windows, iOS, and Android users within a single year. The Project Zero team revealed that the hacking group behind these attacks ran two separate campaigns, in February and October 2020.

Researchers are warning of a fake version of the popular audio chat app Clubhouse, which delivers malware that steals login credentials for more than 450 apps. As of now the app is only available on Apple's App Store mobile application marketplace - there's no Android version yet.

Roid, the most popular mobile operating system in the world, runs on plenty of devices used by U.S. government workers, but only 0.08% of those devices are running the latest version of Android, a report finds. Mobile security firm Lookout is behind the report, which looked at over 200 million mobile devices being used by U.S. federal and state government workers between January 2019 and December 2020.

Jack Wallen shows you how easy it is to block and report spam SMS messages on the Android platform.