Security News
Threat actors started to use progressive web applications to impersonate banking apps and steal credentials from Android and iOS users. [...]
ESET researchers discovered an uncommon type of phishing campaign targeting Android and iPhone users. The phishing websites targeting iOS instruct victims to add a Progressive Web Application to their home screens, while on Android, the PWA is installed after confirming custom pop-ups in the browser.
Google will redact your credit card details, passwords and other sensitive information in Chrome when you're sharing or recording your screen on Android. [...]
Google says it is taking a privacy-minded approach to the integration of AI features like the Gemini assistant on Android devices, implementing end-to-end protection to secure data in transit...
Google says it is taking a privacy-minded approach to the integration of AI features like the Gemini assistant on Android devices, implementing end-to-end protection to secure data in transit...
Cybersecurity researchers have lifted the lid on a new technique adopted by threat actors behind the Chameleon Android banking trojan targeting users in Canada by masquerading as a Customer Relationship Management app. The campaign, spotted in July 2024, targeted customers in Canada and Europe, indicating an expansion of its victimology footprint from Australia, Italy, Poland, and the U.K. The use of CRM-related themes for the malicious dropper apps containing the malware points to the targets being customers in the hospitality sector and Business-to-Consumer employees.
Google released 46 fixes for Android in its August security patch batch, including one for a Linux kernel flaw in the mobile OS that can lead to remote code execution. While Google never provides much detail in its monthly patch bulletins about how Android flaws are being abused in the wild, it does note that "There are indications that CVE-2024-36971 may be under limited, targeted exploitation."
Proton VPN has announced a series of updates to its Windows and Android apps to help users combat censorship, circumvent blocks, and protect themselves from authoritarian governments due to using...
Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021. Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted its use of Yandex Cloud, a Russian cloud service, for command-and-control communications as a way to avoid having a dedicated infrastructure and evade detection.
Google has addressed a high-severity security flaw impacting the Android kernel that it has been actively exploited in the wild. That said, Clement Lecigne of Google's Threat Analysis Group has been credited with reporting the flaw, suggesting that it's likely being exploited by commercial spyware vendors to infiltrate Android devices in narrowly targeted attacks.