Showing only posts tagged android. Show all posts.

Android Trojan that intercepts voice calls to banks just got more stealthy

Source

Researchers have found new versions of a sophisticated Android financial-fraud Trojan that’s notable for its ability to intercept calls a victim tries to place to customer-support personnel of their banks. FakeCall first came to public attention in 2022, when researchers from security firm Kaspersky reported that the malicious …

11 million devices infected with botnet malware hosted in Google Play

Source

Enlarge (credit: Getty Images ) Five years ago, researchers made a grim discovery—a legitimate Android app in the Google Play market that was surreptitiously made malicious by a library the developers used to earn advertising revenue. With that, the app was infected with code that caused 100 million infected …

Novel technique allows malicious apps to escape iOS and Android guardrails

Source

Enlarge (credit: Getty Images) Phishers are using a novel technique to trick iOS and Android users into installing malicious apps that bypass safety guardrails built by both Apple and Google to prevent unauthorized apps. Both mobile operating systems employ mechanisms designed to help users steer clear of apps that …

Mysterious family of malware hid in Google Play for years

Source

Enlarge A mysterious family of Android malware with a demonstrated history of effectively concealing its myriad spying activities has once again been found in Google Play after more than two years of hiding in plain sight. The apps, disguised as file-sharing, astronomy, and cryptocurrency apps, hosted Mandrake, a family …

Thousands of phones and routers swept into proxy service, unbeknownst to users

Source

Enlarge (credit: Getty Images) Crooks are working overtime to anonymize their illicit online activities using thousands of devices of unsuspecting users, as evidenced by two unrelated reports published Tuesday. The first, from security firm Lumen, reports that roughly 40,000 home and office routers have been drafted into a …

How worried should we be about the “AutoSpill” credential leak in Android password managers?

Source

Enlarge / Close up of hand holding smartphone and screen applications with unlocking mobile phones. Concept of technological safety. (credit: Getty Images) By now, you’ve probably heard about a vulnerability named AutoSpill, which can leak credentials from any of the seven leading password managers for Android. The threat it …

Vulnerable Arm GPU drivers under active exploitation. Patches may not be available

Source

Enlarge (credit: Getty Images) Arm warned on Monday of active ongoing attacks targeting a vulnerability in device drivers for its Mali line of GPUs, which run on a host of devices, including Google Pixels and other Android handsets, Chromebooks, and hardware running Linux. “A local non-privileged user can make …

Russia targets Ukraine with new Android backdoor, intel agencies say

Source

Enlarge / Ukrainian soldiers. (credit: Getty Images) Russia’s military intelligence unit has been targeting Ukrainian Android devices with “Infamous Chisel,” the tracking name for new malware that’s designed to backdoor devices and steal critical information, Western intelligence agencies said on Thursday. “Infamous Chisel is a collection of components …

It’s a hot 0-day summer for Apple, Google, and Microsoft security fixes

Source

Enlarge (credit: WIRED staff ) The summer patch cycle shows no signs of slowing down, with tech giants Apple, Google, and Microsoft releasing multiple updates to fix flaws being used in real-life attacks. July also saw serious bugs squashed by enterprise software firms SAP, Citrix, and Oracle. Here’s everything …

Android malware steals user credentials using optical character recognition

Source

Enlarge (credit: Getty Images) Security researchers have unearthed a rare malware find: malicious Android apps that use optical character recognition to steal credentials displayed on phone screens. The malware, dubbed CherryBlos by researchers from security firm Trend Micro, has been embedded into at least four Android apps available outside …

Inner workings revealed for “Predator,” the Android malware that exploited 5 0-days

Source

Enlarge Smartphone malware sold to governments around the world can surreptitiously record voice calls and nearby audio, collect data from apps such as Signal and WhatsApp, and hide apps or prevent them from running upon device reboots, researchers from Cisco’s Talos security team have found. An analysis Talos …

Potentially millions of Android TVs and phones come with malware preinstalled

Source

Enlarge / Cybercriminals or anonymous hackers use malware on mobile phones to hack personal and business passwords online. (credit: Getty Images) Overall, Android devices have earned a decidedly mixed reputation for security. While the OS itself and Google's Pixels have stood up over the years against software exploits, the never-ending …

Those scary warnings of juice jacking in airports and hotels? They’re mostly nonsense

Source

Enlarge (credit: Aurich Lawson | Getty Images) Federal authorities, tech pundits, and news outlets want you to be on the lookout for a scary cyberattack that can hack your phone when you do nothing more than plug it into a public charging station. These warnings of “juice jacking,” as the …

Leaked Signing Keys Are Being Used to Sign Malware

Source

A bunch of Android OEM signing keys have been leaked or stolen, and they are actively being used to sign malware. Łukasz Siewierski, a member of Google’s Android Security Team, has a post on the Android Partner Vulnerability Initiative (AVPI) issue tracker detailing leaked platform certificate keys that …

Differences in App Security/Privacy Based on Country

Source

Depending on where you are when you download your Android apps, it might collect more or less data about you. The apps we downloaded from Google Play also showed differences based on country in their security and privacy capabilities. One hundred twenty-seven apps varied in what the apps were …

Google closes data loophole amid privacy fears over abortion ruling

Source

Enlarge (credit: Lari Bat | Getty Images ) Google is closing a loophole that has allowed thousands of companies to monitor and sell sensitive personal data from Android smartphones, an effort welcomed by privacy campaigners in the wake of the US Supreme Court’s decision to end women’s constitutional right …

Billing fraud apps can disable Android Wi-Fi and intercept text messages

Source

Enlarge (credit: Aurich Lawson ) Android malware developers are stepping up their billing fraud game with apps that disable Wi-Fi connections, surreptitiously subscribe users to pricey wireless services, and intercept text messages, all in a bid to collect hefty fees from unsuspecting users, Microsoft said on Friday. This threat class …

Data-harvesting code in mobile apps sends user data to “Russia’s Google”

Source

Enlarge (credit: Kirill Kudryavtsev | Getty Images) Russia’s biggest Internet company has embedded code into apps found on mobile devices that allows information about millions of users to be sent to servers located in its home country. The revelation relates to software created by Yandex that permits developers to …

Samsung Encryption Flaw

Source

Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. From the abstract: In this work, we expose the cryptographic design and implementation of Android’s Hardware-Backed Keystore in Samsung’s Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered and provide a detailed …

Android malware can factory-reset phones after draining bank accounts

Source

Enlarge (credit: Getty Images) A banking-fraud trojan that has been targeting Android users for three years has been updated to create even more grief. Besides draining bank accounts, the trojan can now activate a kill switch that performs a factory reset and wipes infected devices clean. Brata was first …

Google Play app with 500,000 downloads sent user contacts to Russian server

Source

Enlarge (credit: Getty Images ) An Android app with more than 500,000 downloads from Google Play has been caught hosting malware that surreptitiously sends users’ contacts to an attacker-controlled server and signs up users to pricey subscriptions, a security firm reported. The app, named Color Message, was still available …

DuckDuckGo wants to stop apps tracking you on Android

Source

Enlarge / Gabriel Weinberg, creator of DuckDuckGo. (credit: Washington Post | Getty Images) At the end of April, Apple’s introduction of App Tracking Transparency tools shook the advertising industry to its core. iPhone and iPad owners could now stop apps from tracking their behavior and using their data for personalized …

Hundreds of scam apps hit over 10 million Android devices

Source

Enlarge / Never put a GriftHorse on your phone. (credit: John Lamparsky | Getty Images) Google has taken increasingly sophisticated steps to keep malicious apps out of Google Play. But a new round of takedowns involving about 200 apps and more than 10 million potential victims shows that this longtime problem …

Apps with 5.8 million Google Play downloads stole users’ Facebook passwords

Source

Enlarge (credit: Mateusz Slodkowski/SOPA Images/LightRocket via Getty Images) Google has given the boot to nine Android apps downloaded more than 5.8 million times from the company's Play marketplace after researchers said these apps used a sneaky way to steal users' Facebook login credentials. In a bid …

page 1 | older articles »