Security News

Cybersecurity researchers today uncovered a new strain of banking malware that targets not only banking apps but also steals data and credentials from social networking, dating, and cryptocurrency apps-a total of 337 non-financial Android applications on its target list. Dubbed "BlackRock" by ThreatFabric researchers, which discovered the trojan in May, its source code is derived from a leaked version of Xerxes banking malware, which itself is a strain of the LokiBot Android banking trojan that was first observed during 2016-2017.

Cybersecurity researchers today uncovered a new strain of banking malware that targets not only banking apps but also steals data and credentials from social networking, dating, and cryptocurrency apps-a total of 337 non-financial Android applications on its target list. Dubbed "BlackRock" by ThreatFabric researchers, which discovered the trojan in May, its source code is derived from a leaked version of Xerxes banking malware, which itself is a strain of the LokiBot Android banking trojan that was first observed during 2016-2017.

Researchers have discovered a new variant of the LokiBot trojan called BlackRock, that's attacking not just financial and banking apps, but also a massive list of well-known and commonly used brand-name apps on Android devices. While BlackRock's banker abilities are not overly impressive, offering "a quite common set of capabilities compared to average Android banking trojans," according to the report, it has other assets.

Following a January report on malware found pre-installed on smartphones sold in the United States to budget-conscious users, Malwarebytes has discovered another mobile device riddled with malware from the get-go. Now, Malwarebytes's Nathan Collier says that another phone model provided through the Lifeline Assistance program was found to include pre-installed malware: the ANS UL40 running Android 7.1.1.

A new variant of the infamous Joker malware has once again made it onto Google Play, with Google removing 11 malicious Android applications from its official app marketplace, researchers disclosed Thursday. "The Joker malware is tricky to detect, despite Google's investment in adding Play Store protections. Although Google removed the malicious apps from the Play Store, we can fully expect Joker to adapt again. Everyone should take the time to understand what Joker is and how it hurts everyday people."

Always a thorn in Google's side, the Joker malware arrived as a new variant a few months ago and evaded Google Play Protect to infect legitimate apps and sign people up to premium services. Check Point researchers disclosed its findings to Google, which removed 11 identified apps from Google Play by April 30, 2020.

Security researchers have identified yet another Android-based mobile device available through the government-funded Lifeline Assistance Program pre-loaded with malware, a discovery adding evidence to the disturbing trend of smartphones infected with undeletable malicious code upon purchase. Hard on the heels of research exposing the prevalence of pre-installed adware on Android devices, researchers at Malwarebytes Labs found an American Network Solutions UL40 device running Android OS 7.1.1, preloaded with compromised Settings and Wireless Update apps.

Several critical remote code execution vulnerabilities were addressed in Android this week with the release of the July 2020 set of security patches, including three in the media framework and system components. Google addressed two critical flaws in the system component, one impacting Android 8.0 and newer releases, and the other affecting Android 10 only.

UPDATE. A healthy percentage of Android users targeted by mobile malware or mobile adware last year suffered a system partition infection, making the malicious files virtually undeletable. "A system partition infection entails a high level of risk for the users of infected devices, as a security solution cannot access the system directories, meaning it cannot remove the malicious files," the firm explained, in a posting on Monday.

For seven years, a Chinese threat actor has targeted the Uyghur ethnic minority with several malware families, including newly identified Android surveillance tools, mobile security firm Lookout reports. Malicious attacks focusing on Uyghurs are not new, with several of them publicly detailed over the years, targeting users of Windows PCs, Macs, and mobile devices.