Security News

A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information. "These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services," cybersecurity firm McAfee said in an analysis published on Monday.

Ten variants of the Joker Android Trojan managed to slip into the Huawei AppGallery app store and were downloaded by more than 538,000 users, according to new data from Russian anti-malware vendor Doctor Web. Also known as Bread, the Joker Trojan was first observed in 2017 when it was originally focused on SMS fraud.

More than 500,000 Huawei users have downloaded from the company's official Android store applications infected with Joker malware that subscribes to premium mobile services. These ten apps were downloaded by more than 538,000 Huawei users, Doctor Web says.

Security researchers found malware embedded within the official application of APKPure, a popular third-party Android app store and an alternative to Google's official Play Store. The malware was discovered by Kaspersky and Dr.Web malware analysts embedded within an advertisement SDK included with APKPure version 3.7.18.

South Korean tech giant LG this week announced that it will continue to provide operating system updates to users of its premium Android smartphones, for up to three years. On Thursday, the company announced that it will continue to provide platform updates for all premium LG smartphones that are currently in use.

Gigaset has revealed a malware infection discovered in its Android devices was the result of a compromise of a server belonging to an external update service provider. Impacting older smartphone models - GS100, GS160, GS170, GS180, GS270, and GS370 series - the malware took the form of multiple unwanted apps that were downloaded and installed through a pre-installed system update app.

In what appears to be a fresh twist in Android malware, users of Gigaset mobile devices are encountering unwanted apps that are being downloaded and installed through a pre-installed system update app. "The culprit installing these malware apps is the Update app, package name com.redstone.ota.ui, which is a pre-installed system app," Malwarebytes researcher Nathan Collier said.

Roid smartphones from Gigaset have been infected by malware direct from the manufacturer in what appears to be a supply-chain attack. The Trojan, once downloaded and installed on a victim's device via a poisoned software update from the vendor, is capable of opening browser windows, fetching more malicious apps, and sending people text messages to further spread the malware, say researchers and users.

Owners of Gigaset Android phones have been repeatedly infected with malware since the end of March after threat actors compromised the vendor's update server in a supply-chain attack. Gigaset is a German manufacturer of telecommunications devices, including a series of smartphones running the Android operating system.

Researchers have discovered new Android malware that uses Netflix as its lure and spreads malware via auto-replies to received WhatsApp messages. The discovery was reported to Google, and the malware - dubbed FlixOnline - has been removed from Google Play; but the researchers expect the methodology to return and be reused in other malware.