Two Android 0-day bugs disclosed and fixed, plus 105 more to patch
Christmas comes early for attackers this year Two high-severity Android bugs were exploited as zero-days before Google issued a fix, according to its December Android security bulletin. …
Previously unknown Landfall spyware used in 0-day attacks on Samsung phones
'Precision espionage campaign' began months before the flaw was fixed A previously unknown Android spyware family called LANDFALL exploited a zero-day in Samsung Galaxy devices for nearly a year, installing surveillance code capable of recording calls, tracking...
Android malware types like your gran to steal banking creds
By appearing more human, it evades detection A new Android malware strain, Herodotus, steals credentials, logs keystrokes, streams victims' screens, and hijacks input - but with a twist: it mimics human typing by adding random delays between keystrokes to evade...
OnePlus leaves researchers on read over Android bug that exposes texts
Rapid7 warns flaw could let any app peek at your SMS, but smartphone vendor won't pick up Security researchers report that OnePlus smartphone users remain vulnerable to a critical bug that allows any application to read SMS and MMS data — a flaw that has persisted...
Samsung fixes Android 0-day that may have been used to spy on WhatsApp messages
A similar vuln on Apple devices was used against 'specific targeted users' Samsung has fixed a critical flaw that affects its Android devices - but not before attackers found and exploited the bug, which could allow remote code execution on affected devices.…
Boffins build automated Android bug hunting system
AI agent system said to have found more than 100 zero-day flaws in production apps AI models get slammed for producing sloppy bug reports and burdening open source maintainers with hallucinated issues, but they also have the potential to transform application security...
Android drops mega patch bomb – 120 fixes, two already exploited
September bundle the largest this year, and possibly the most serious Patch Tuesday is next week, but Android is ahead of the game, dropping its biggest patch bundle this year while attackers actively exploit two of the now-fixed flaws.…
The Badbox botnet is back, powered by up to a million backdoored Androids
Best not to buy cheap hardware and use third-party app stores if you want to stay clear of this vast ad fraud effort Human Security’s Satori research team says it has found a new variant of the remote-controllable Badbox malware, and as many as a million infected...
Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV)
Starting with Snapdragon 8 Elite and 'droid 15 It seems manufacturers are finally getting the message that people want to use their kit for longer without security issues, as Qualcomm has said it'll provide Android software updates, including vulnerability fixes, for...
Google patches odd Android kernel security bug amid signs of targeted exploitation
Also, Netgear fixes critical router, access point vulnerabilities Google has released its February Android security updates, including a fix for a high-severity kernel-level vulnerability, which is suspected to be in use by targeted exploits.…
FireScam infostealer poses as Telegram Premium app to surveil Android devices
Once installed, it helps itself to your data like it's a free buffet Android malware dubbed FireScam tricks people into thinking they are downloading a Telegram Premium application that stealthily monitors victims' notifications, text messages, and app activity, while...
Google’s Rust belts bugs out of Android, helps kill off unsafe code substantially
Memory safety flaws used to represent 76% of 'droid security holes. Now they account for 24% Google says its effort to prioritize memory-safe software development over the past six years has substantially reduced the number of memory safety vulnerabilities in its...
Necro malware continues to haunt side-loaders of dodgy Android mods
11M devices exposed to trojan, Kaspersky says The Necro trojan is once again making a move against Android users, with up to eleven million individuals thought to be exposed to infected apps.…
Google splats device-hijacking exploited-in-the-wild Android kernel bug among others
And Qualcomm addresses 'permanent denial of service' flaw in its stuff Google released 46 fixes for Android in its August security patch batch, including one for a Linux kernel flaw in the mobile OS that can lead to remote code execution (RCE).…
CapraRAT Spyware Disguised as Popular Apps Threatens Android Users
The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest. "These APKs continue the group's trend of embedding spyware into curated video browsing...
Windows: Insecure by design
Windows: Insecure by design Go to Source Get your hands off my computer, Microsoft! Opinion I've been pointing out Windows security bugs since Windows for Workgroups showed up in 1992 and I showed how you could steal data from your...
Government workers are being told to immediately update their Pixel phones to patch a serious exploit
The US government has issued a dire warning to employees with Pixel phones, mandating a security update by July 4, as originally reported by Forbes. This is due to a high-severity firmware vulnerability within the Android operating system that could open up devices to...
Oyster Backdoor Spreading via Trojanized Popular Software Downloads
Oyster Backdoor Spreading via Trojanized Popular Software Downloads Go to Source A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a backdoor called...
Singapore Police Extradites Malaysians Linked to Android Malware Fraud
The Singapore Police Force (SPF) has announced the extradition of two men from Malaysia for their alleged involvement in a mobile malware campaign targeting citizens in the country since June 2023. The unnamed individuals, aged 26 and 47, engaged in scams that tricked...
Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware
The threat actor known as Arid Viper has been attributed to a mobile espionage campaign that leverages trojanized Android apps to deliver a spyware strain dubbed AridSpy. "The malware is distributed through dedicated websites impersonating various messaging apps, a...
Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS
Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least 2018. The activity, still ongoing, entails the use of an Android malware called GravityRAT and a Windows-based malware loader...
In Other News: TikTok Zero-Day, DMM Bitcoin Hack, Free VPN App Analysis
Noteworthy stories that might have slipped under the radar: TikTok patches account hijacking zero-day, $300 million DMM Bitcoin hack, free Android VPN apps analyzed. The post In Other News: TikTok Zero-Day, DMM Bitcoin Hack, Free VPN App Analysis appeared first on...
Cybercrooks get cozy with BoxedApp to dodge detection
Some of the biggest names in the game are hopping on the trend Malware miscreants are increasingly showing a penchant for abusing legitimate, commercial packer apps to evade detection.…
The Next Generation of RBI (Remote Browser Isolation)
The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in...
Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine
A new sophisticated cyber attack has been observed targeting endpoints geolocated to Ukraine with an aim to deploy Cobalt Strike and seize control of the compromised hosts. The attack chain, per Fortinet FortiGuard Labs, involves a Microsoft Excel file that carries an...
37 Vulnerabilities Patched in Android
Android’s June 2024 security update resolves 37 vulnerabilities, including high-severity flaws in Framework and System. The post 37 Vulnerabilities Patched in Android appeared first on SecurityWeek.
DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks
Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the...
Telegram Combolists – 361,468,099 breached accounts
In May 2024, 2B rows of data with 361M unique email addresses were collated from malicious Telegram channels. The data contained 122GB across 1.7k files with email addresses, usernames, passwords and in many cases, the website they were entered into. The data appears...
Authorities Ramp Up Efforts to Capture the Mastermind Behind Emotet
Law enforcement authorities behind Operation Endgame are seeking information related to an individual who goes by the name Odd and is allegedly the mastermind behind the Emotet malware. Odd is also said to go by the nicknames Aron, C700, Cbd748, Ivanov Odd, Mors,...
Identities of Cybercriminals Linked to Malware Loaders Revealed
Law enforcement reveals the identities of eight cybercriminals linked to recently disrupted malware loaders. The post Identities of Cybercriminals Linked to Malware Loaders Revealed appeared first on SecurityWeek.