Security News

Why a strong patch management strategy is essential for reducing business riskIn this Help Net Security interview, Eran Livne, Senior Director of Product Management, Endpoint Remediation at Qualys and Thomas Scheffler, Security Operations Manager of Cintas Corporation, discuss their experiences with automated patch management. These risks are driven by heightened cybersecurity threats, evolving regulations, and increased public awareness of security breaches.

Cybersecurity researchers have uncovered a new Android remote access trojan called BingoMod that not only performs fraudulent money transfers from the compromised devices but also wipes them in an attempt to erase traces of the malware. "BingoMod belongs to the modern RAT generation of mobile malware, as its remote access capabilities allow threat actors to conduct Account Takeover directly from the infected device, thus exploiting the on-device fraud technique," researchers Alessandro Strino and Simone Mattia said.

A new Android malware that researchers call 'BingoMod' can wipe devices after successfully stealing money from the victims' bank accounts using the on-device fraud technique. [...]

Zimperium's zLabs team has uncovered a new and widespread threat dubbed SMS Stealer. The SMS Stealer threat, first identified in 2022, uses fake ads and Telegram bots posing as legitimate services to trick victims into gaining access to their SMS messages.

A new malicious campaign has been observed making use of malicious Android apps to steal users' SMS messages since at least February 2022 as part of a large-scale campaign. Once installed, the app requests permission to access incoming SMS messages, following which it reaches out to one of the 13 command-and-control servers to transmit stolen SMS messages.

A malicious campaign targeting Android devices worldwide utilizes thousands of Telegram bots to infect devices with SMS-stealing malware and steal one-time 2FA passwords for over 600 services. The SMS stealer is distributed either through malvertising or Telegram bots that automate communications with the victim.

A new version of the Android spyware 'Mandrake' has been found in five applications downloaded 32,000 times from Google Play, the platform's official app store. Kaspersky now reports that a new variant of Mandrake that features better obfuscation and evasion sneaked into Google Play through five apps submitted to the store in 2022.

A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service offerings to the next level. The phishing kit is priced anywhere between $150 and $900 a month, whereas the bundle including the phishing kit and Android malware is available on a subscription basis for about $500 per month.

Using the exploit to abuse a vulnerability that ESET named "EvilVideo," attackers could share malicious Android payloads via Telegram channels, groups, and chats, and make them appear to be multimedia files. "We found the exploit being advertised for sale on an underground forum. In the post, the seller shows screenshots and a video of testing the exploit in a public Telegram channel. We were able to identify the channel in question, with the exploit still available. That allowed us to get our hands on the payload and test it ourselves," explains ESET researcher Lukáš Štefanko, who discovered the Telegram exploit.

A Telegram for Android zero-day vulnerability dubbed 'EvilVideo' allowed attackers to send malicious Android APK payloads disguised as video files. A threat actor named 'Ancryno' first began selling the Telegram zero-day exploit on June 6, 2024, in a post on the Russian-speaking XSS hacking forum, stating the flaw existed in Telegram v10.14.4 and older.