Security News

SMS Stealer malware targeting Android users: Over 105,000 samples identified
2024-07-31 14:48

Zimperium's zLabs team has uncovered a new and widespread threat dubbed SMS Stealer. The SMS Stealer threat, first identified in 2022, uses fake ads and Telegram bots posing as legitimate services to trick victims into gaining access to their SMS messages.

Cybercriminals Deploy 100K+ Malware Android Apps to Steal OTP Codes
2024-07-31 10:01

A new malicious campaign has been observed making use of malicious Android apps to steal users' SMS messages since at least February 2022 as part of a large-scale campaign. Once installed, the app requests permission to access incoming SMS messages, following which it reaches out to one of the 13 command-and-control servers to transmit stolen SMS messages.

Massive SMS stealer campaign infects Android devices in 113 countries
2024-07-30 21:29

A malicious campaign targeting Android devices worldwide utilizes thousands of Telegram bots to infect devices with SMS-stealing malware and steal one-time 2FA passwords for over 600 services. The SMS stealer is distributed either through malvertising or Telegram bots that automate communications with the victim.

Android spyware 'Mandrake' hidden in apps on Google Play since 2022
2024-07-29 22:29

A new version of the Android spyware 'Mandrake' has been found in five applications downloaded 32,000 times from Google Play, the platform's official app store. Kaspersky now reports that a new variant of Mandrake that features better obfuscation and evasion sneaked into Google Play through five apps submitted to the store in 2022.

This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps
2024-07-26 13:17

A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service offerings to the next level. The phishing kit is priced anywhere between $150 and $900 a month, whereas the bundle including the phishing kit and Android malware is available on a subscription basis for about $500 per month.

Vulnerability in Telegram app for Android allows sending malicious files disguised as videos
2024-07-23 09:04

Using the exploit to abuse a vulnerability that ESET named "EvilVideo," attackers could share malicious Android payloads via Telegram channels, groups, and chats, and make them appear to be multimedia files. "We found the exploit being advertised for sale on an underground forum. In the post, the seller shows screenshots and a video of testing the exploit in a public Telegram channel. We were able to identify the channel in question, with the exploit still available. That allowed us to get our hands on the payload and test it ourselves," explains ESET researcher Lukáš Štefanko, who discovered the Telegram exploit.

Telegram zero-day allowed sending malicious Android APKs as videos
2024-07-22 14:41

A Telegram for Android zero-day vulnerability dubbed 'EvilVideo' allowed attackers to send malicious Android APK payloads disguised as video files. A threat actor named 'Ancryno' first began selling the Telegram zero-day exploit on June 6, 2024, in a post on the Russian-speaking XSS hacking forum, stating the flaw existed in Telegram v10.14.4 and older.

Pro-Houthi Group Targets Yemen Aid Organizations with Android Spyware
2024-07-19 09:29

A suspected pro-Houthi threat group targeted at least three humanitarian organizations in Yemen with Android spyware designed to harvest sensitive information. "The OilAlpha threat group is highly likely active and executing targeted activity against humanitarian and human rights organizations operating in Yemen, and potentially throughout the Middle East," the cybersecurity company said.

Microsoft China staff can't log on with an Android, so Redmond buys them iThings
2024-07-09 06:32

Theregister.com needs to review the security of your connection before proceeding. Theregister.com to respond.....

CapraRAT Spyware Disguised as Popular Apps Threatens Android Users
2024-07-01 13:00

The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest. "These APKs continue the...