Security News

Malware disguised as a Netflix app, lurking on the Google Play store, spread through WhatsApp messages, researchers have discovered. According to a Check Point Research analysis released on Wednesday, the malware masqueraded as an app called "FlixOnline," which advertised via WhatsApp messages promising "2 Months of Netflix Premium Free Anywhere in the World for 60 days." But once installed, the malware sets about stealing data and credentials.

Security researchers note an increase in alternative methods to steal data from phishing attacks, as scammers obtain the stolen info through Google Forms or private Telegram bots. Email remains the preferred method to exfiltrate stolen info but these channels foreshadow a new trend in the evolution of phishing kits.

The April 2021 Android security bulletin published this week by Google describes more than 30 vulnerabilities in the mobile operating system, including a remote code execution flaw in the System component. Tracked as CVE-2021-0430 and affecting Android 10 and 11, the code execution vulnerability is deemed critical severity.

Cybersecurity researchers have discovered yet another piece of wormable Android malware-but this time downloadable directly from the official Google Play Store-that's capable of propagating via WhatsApp messages. Disguised as a rogue Netflix app under the name of "FlixOnline," the malware comes with features that allow it to automatically reply to a victim's incoming WhatsApp messages with a payload received from a command-and-control server.

Apps on Android have been able to infer the presence of specific apps, or even collect the full list of installed apps on the device. A study undertaken by a group of Swiss researchers in 2019 found that "Free apps are more likely to query for such information and that third-party libraries are the main requesters of the list of installed apps."

The same North Korean threat actors that targeted security researchers in January appear to be readying a new campaign using a fake company that aim to lure security professionals into another cyber-espionage trap. While researchers have seen no evidence yet of nefarious activity from attackers that leverage these web assets, it appears that attackers are gearing up to target security researchers again by the nature of the activity, according to Google TAG. Like previous websites that Google TAG has observed Zinc establish, the SecuriElite website has a link to the group's PGP public key at the bottom of the page, researchers noted.

Mobile device-tracking by Apple and Google take center stage in a report revealing that, despite both allowing users to opt out of sharing telemetry data - they do anyway. The research, entitled Mobile Handset Privacy: Measuring The Data iOS and Android Send to Apple And Google, also found that Google collects up to 20 times more data from its Android Pixel users compared to the amount of data that Apple collects from iOS users.

Google's Threat Analysis Group says that North Korean government-sponsored hackers are once again targeting security researchers using fake Twitter and LinkedIn social media accounts. The hackers also created a website for a fake company named SecuriElite and supposedly offering offensive security services as the Google security team focused on hunting down state-backed hackers discovered on March 17.

Google offers a password checking service that will check all of your Chrome-saved passwords for weaknesses and against known breaches. With a tool called Password Checkup, the Google AI will comb through your vast array of authentication credentials to let you know if you have a password associated with a breach.

Google Chrome developers have announced plans to roll out DNS-over-HTTPS support to Chrome web browser for Linux. Yesterday, the open-source Chromium project which powers the Google Chrome web browser announced plans to release a Chrome for Linux version with DNS-over-HTTPS support.