Collaborate Disseminate
The DoNot APT threat group is leveraging the legitimate Google Firebase Cloud Messaging server as a command-and-control (C2) communication mechanism. Continue reading Firestarter Android Malware Abuses Google Firebase Cloud Messaging
Mobile ransomware scams — in which crooks lock your phone and demand money — are nothing new. But they are getting more clever as cybercriminals find new ways to circumvent security. The latest example is a ransomware scheme targeting Android phones that Microsoft made public Thursday. According to the research, the malicious code gets around security checks that Google, which owns Android, has instituted against previous ransomware kits. Instead of abusing a permission feature that controls what apps can do on the phone, as other mobile ransomware scams have, this one triggers an incoming call notice to display the ransom note. It’s “the latest variant of a ransomware family that’s been in the wild for a while but has been evolving non-stop,” Dinesh Venkatesan, a Microsoft researcher, wrote in a blog. Mobile ransomware generally isn’t as profitable as ransomware attacks on PCs or enterprise networks. But Allan Liska, an analyst at threat […]
The post Android ransomware authors have a new trick to go with an old shakedown technique appeared first on CyberScoop.
Continue reading Android ransomware authors have a new trick to go with an old shakedown technique
The Android malware comes from threat group APT-C-23, also known as Two-Tailed Scorpion and Desert Scorpion. Continue reading Android Spyware Variant Snoops on WhatsApp, Telegram Messages
A new Android malware strain has been uncovered, part of the Rampant Kitten threat group’s widespread surveillance campaign that targets Telegram credentials and more. Continue reading Android Malware Bypasses 2FA And Targets Telegram, Gmail Passwords
The six malicious apps have been removed from Google Play, but could still threaten 200,000 installs. Continue reading Joker Spyware Plagues More Google Play Apps
A new variant of the Joker malware has hoodwinked its way onto the Google Play marketplace yet again, in 11 Android apps that were recently removed. Continue reading Joker Android Malware Dupes Its Way Back Onto Google Play
Researchers say that 14.8 percent of Android users who were targeted with mobile malware or adware last year were left with undeletable files. Continue reading Android Users Hit with ‘Undeletable’ Adware
A newly revealed set of mobile hacking tools adds to the extensive picture of Chinese government surveillance aimed at the country’s Uighur minority. Like Android-focused surveillance kits before them, the malicious software is capable of stealing sensitive data on target phones and turning them into listening devices, according to mobile security firm Lookout, which made the discovery. Some of the hacking tools have been in use for more than five years, but Lookout pieced them together into a vast spying effort tied to the Chinese government, underscoring the pervasive nature of the surveillance and the challenges of uncovering all of it. “Our research found that there are eight malware families meant to stealthily spy on this ethnic minority at the minimum, with some of them expanding even more broadly in their targeting,” said Kristin Del Rosso, Lookout’s senior security intelligence engineer. One of those malware families was cover in a 2013 report from the […]
The post Chinese mobile surveillance of Uighurs more pervasive than previously thought, researchers say appeared first on CyberScoop.
Two years ago, when researchers at antivirus company Trend Micro reported on a new mobile data-stealing kit known as FakeSpy, they warned there could be more to come from the hackers. Directing the Android-focused malware at users outside of South Korea and Japan, where it was discovered, would simply be a matter of reconfiguring the code, the researchers said. That’s exactly what happened. On Wednesday, another set of researchers, from security company Cybereason, revealed how FakeSpy’s operators have been impersonating various postal services in attacks on users in the U.S., China and Europe in the last several weeks. The hackers have taken aim at thousands of users with the help of phony text messages that, if clicked, install code capable of siphoning off financial data from mobile applications. The findings show how, with an effective mobile malware kit written, hackers can tweak the code to target different parts of the world and see […]
The post Operators of Android hacking kit impersonate postal services in US and Europe appeared first on CyberScoop.
Continue reading Operators of Android hacking kit impersonate postal services in US and Europe
A software surveillance tool that appears to be linked to a spyware company notorious for shoddy exploits has been spying on WhatsApp and Facebook messages of Android users in Thailand, according to new Cisco Talos research published Tuesday. The malware, which Talos dubs “WolfRAT,” searches for activity on the victims’ chat applications so it can record activity on the screen, according to Talos. The surveillance tool is also capable of intercepting SMS messages, collecting contact information and browser history, taking photos, recording audio, and stealing users’ pictures, Talos researchers told CyberScoop. The tool, which Talos observed being used as recently as April, is believed to be attached to Wolf Research, a now-defunct startup that was shut down once its work was exposed in a talk at the 2018 VirusBulletin Conference. Targets may be downloading WolfRAT after visiting websites with domain names linked to popular Thai cuisine, according to Talos. Victims may also have downloaded […]
The post Tool targeting Android users in Thailand looks to be work of sloppy spyware startup appeared first on CyberScoop.
Continue reading Tool targeting Android users in Thailand looks to be work of sloppy spyware startup