Security News

GravityRAT, a malware strain known for checking the CPU temperature of Windows computers to detect virtual machines or sandboxes, is now multi-platform spyware as it can now also be used to infect Android and macOS devices. While the malware authors previously focused their efforts on targeting Windows machines, a sample discovered by Kaspersky researchers last year shows that they are now adding macOS and Android support.

The streaming box allows arbitrary code execution as root, paving the way to pilfering social-media tokens, passwords, messaging history and more. A critical bug in the Hindotech HK1 TV Box would allow root-privilege escalation thanks to improper access control.

Microsoft has warned about a new strain of mobile ransomware that takes advantage of incoming call notifications and Android's Home button to lock the device behind a ransom note. The findings concern a variant of a known Android ransomware family dubbed "MalLocker.B" which has now resurfaced with new techniques, including a novel means to deliver the ransom demand on infected devices as well as an obfuscation mechanism to evade security solutions.

A fresh variant of a sophisticated Android ransomware known as MalLocker locks up mobile devices - surfacing its ransom note when a user hits the Home button. MalLocker is different though: It uses the "Call" notification, among several categories of notifications that Android supports, which requires immediate user attention.

Microsoft warned users on Thursday that it has spotted a sophisticated piece of Android ransomware that abuses notification services to display a ransom note. Roid ransomware typically allows cybercriminals to make a profit not by encrypting files - such as in the case of ransomware targeting desktop systems - but by displaying a full-screen ransom note that is difficult for the user to remove.

Google has released patches addressing high-severity flaws in its System component. Two elevation of privilege issues, the most serious of the flaws, exist in the Android System component, the core of the operating system that's on Android phones.

The October 2020 security updates for Android patch a total of 48 vulnerabilities, including critical-severity flaws that affect Qualcomm closed-source components. Twenty of the vulnerabilities described in the latest Android Security Bulletin were patched as part of the 2020-10-01 security patch level, the most important of which is a high-risk bug in System that could allow a remote attacker to gain additional permissions.

Google on Friday announced the Android Partner Vulnerability Initiative, an effort aimed at improving patching of security issues specific to Android OEMs. Through the new initiative, the tech giant also expects to improve transparency around vulnerabilities identified by Google's own researchers, but which impact device models coming from the company's Android partners. Google already provides security researchers with various programs through which they can report security issues, such as the Android Security Rewards Program, which is for reporting vulnerabilities in Android code, and the Google Play Security Rewards Program, for reporting bugs in popular third-party Android apps.

Google has announced two new security initiatives: one is aimed at helping bug hunters improve the security of various browsers' JavaScript engines, the other at helping Android OEMs improve the security of the mobile devices they ship. "JavaScript engine security continues to be critical for user safety, as demonstrated by recent in-the-wild zero-day exploits abusing vulnerabilities in v8, the JavaScript engine behind Chrome. Unfortunately, fuzzing JavaScript engines to uncover these vulnerabilities is generally quite expensive due to their high complexity and relatively slow processing of input," noted Project Zero's Samuel Groß.

A new variant of the InterPlanetary Storm malware has been discovered, which comes with fresh detection-evasion tactics and now targets Mac and Android devices. Researchers say, the malware is building a botnet with a current estimated 13,500 infected machines across 84 countries worldwide - and that number continues to grow.