Security News

Google patched five critical bugs in its Android operating system as part of its February Security Bulletin. Three additional critical Qualcomm bugs were reported by Google and patched by Qualcomm - part of a separate security bulletin disclosure.

Google this week published its Android security bulletin for February 2021, which includes information on more than 40 vulnerabilities, most of which could lead to elevation of privilege. Tracked as CVE-2021-0325, the issue is considered critical on Android 8.1 and 9 platform releases, but has only a high severity rating on Android 10 and 11, Google's advisory explains.

ESET researchers have discovered that the updating mechanism of NoxPlayer, an Android emulator for Windows and macOS, made by Hong Kong-based company BigNox, was compromised by an unknown threat actor and used to infect gamers with malware. NoxPlayer is used by gamers from over 150 countries around the globe according to BigNox but, as ESET found in January 2021, the supply-chain attack was focused on infecting only Asian gamers with at least three different malware strains.

Researchers have disclosed a new family of Android malware that abuses accessibility services in the device to hijack user credentials and record audio and video. The malware repeatedly reopens the Settings screen every eight seconds until the user turns on permissions for accessibility and device usage statistics, thus pressurizing the user into granting the extra privileges.

A newly discovered Android malware has been found to propagate itself through WhatsApp messages to other contacts in order to expand what appears to be an adware campaign. "This malware spreads via victim's WhatsApp by automatically replying to any received WhatsApp message notification with a link to [a] malicious Huawei Mobile app," ESET researcher Lukas Stefanko said.

Jack Wallen shows you how easy it is to block and report spam SMS messages on the Android platform. How to block spam SMS. You'll be shocked at how easy this is.

Verimatrix announced general availability of version 2.2 of the Verimatrix Application Protection service for Android. The company's latest Code Protection service for Android applications now supports the forthcoming Android ecosystem change that will mandate the use of Android Application Bundles in the second half of 2021.

A recently identified malvertising campaign targeting mobile and other connected devices users makes heavy use of obfuscation and cloaking to avoid detection. Dubbed LuckyBoy, the multi-stage, tag-based campaign is focused on iOS, Android, and Xbox users.

Roid 11 allows users to enable the Wi-Fi-Enhanced MAC randomization. In the name of privacy, the Google developers made it possible to use a randomized MAC address, starting with Android 8.

The ongoing controversies surrounding TikTok hit a new gear on Thursday with a bombshell report accusing the Chinese company of spying on millions of Android users using a technique banned by Google. The Wall Street Journal said TikTok was exploiting a loophole to collect MAC addresses for at least 15 months.