Collaborate Disseminate
More than 50 Android apps on the Google Play Store—most of which were designed for kids and had racked up almost 1 million downloads between them—have been caught using a new trick to secretly click on ads without the knowledge of smartphone users.
D… Continue reading Dozens of Android Apps for Kids on Google Play Store Caught in Ad Fraud Scheme
A series of critical vulnerabilities have been discovered in Qualcomm chipsets that could allow hackers to compromise Android devices remotely just by sending malicious packets over-the-air with no user interaction.
Discovered by security researchers … Continue reading New Flaws in Qualcomm Chips Expose Millions of Android Devices to Hacking
A contractor for the Russian military that was sanctioned for interfering in the 2016 U.S. election has developed Android malware that is being used in “highly-targeted” attacks that exfiltrate data using third-party applications, according to mobile security company Lookout. The malware allegedly developed by the contractor, St. Petersburg-based Special Technology Center (STC), is capable of installing the attacker’s own software certificate in a certificate store and then using it for “man-in-the-middle” attacks, intercepting data before it reaches its intended recipient. “This ability is something that Lookout researchers have never seen in the wild before,” Lookout’s Adam Bauer, Apurva Kumar, Christoph Hebeisen said Wednesday. The so-called “Monokle” malware is extremely invasive, according to Lookout. It can record a target device’s screen while the user is unlocking it, capturing the user’s PIN. It abuses Android’s accessibility features to harvest data from third-party apps. And it uses “predictive-text dictionaries” to figure out what a […]
The post A Russian military contractor has a new, shady Android malware kit appeared first on CyberScoop.
Continue reading A Russian military contractor has a new, shady Android malware kit
If you think that the media files you receive on your end-to-end encrypted secure messaging apps can not be tampered with, you need to think again.
Security researchers at Symantec yesterday demonstrated multiple interesting attack scenarios against W… Continue reading Hackers Can Manipulate Media Files You Receive Via WhatsApp and Telegram
Like any competitive company, a spyware vendor has to innovate when its proprietary data is exposed or stolen. For Gamma Group, the maker of the notorious FinSpy spyware, the definitive moment came in 2014, when it was hacked and information about its software and clients was dumped online. Since then, FinSpy’s authors have revamped big portions of the software, improving the encryption and making the code harder for analysts to parse, according to new research from Kaspersky Lab. The updated spyware implants for iOS and Android have been used in nearly 20 countries in the last year or so across Asia, Europe, and the Middle East, the researchers said Wednesday. In Myanmar, an ongoing campaign has infected several dozen phones. The researchers suspect there are many more victims out there, given how popular FinSpy has been with government clients. “The developers behind FinSpy constantly monitor security updates for mobile platforms and tend to quickly […]
The post The developers of the notorious FinSpy spyware are innovating — and thriving appeared first on CyberScoop.
Continue reading The developers of the notorious FinSpy spyware are innovating — and thriving
One of the most powerful, infamous, and advanced piece of government-grade commercial surveillance spyware dubbed FinSpy—also known as FinFisher—has been discovered in the wild targeting users in Myanmar.
Created by German company Gamma International,… Continue reading Powerful FinSpy Spyware Found Targeting iOS and Android Users in Myanmar
A newly uncovered espionage campaign in the Middle East has infected more than 660 Android phones, and much of the stolen data appears to be “military-related,” researchers from cybersecurity company Trend Micro said Tuesday. The malware in question is highly invasive, posing as popular news and lifestyle apps to suck up a target phone’s call logs and records, text messages, and storage and memory details, among other data. Attackers aren’t using the Google Play store, a sometimes popular receptacle for malicious apps. Instead, the host website for the malware is being promoted via social media channels, according to Trend Micro. One feature of the malware even allows the operator to take a photo from an infected phone when the device’s owner “wakes” it in locked mode. Analysts did not pin the so-called “Bouncing Golf” spying operation on any group or person, but said the structure of the code used and the data targeted […]
The post Android-based espionage campaign in the Middle East targets military data appeared first on CyberScoop.
Continue reading Android-based espionage campaign in the Middle East targets military data
Beware! If you are using UC Browser on your smartphones, you should consider uninstalling it immediately.
Why? Because the China-made UC Browser contains a “questionable” ability that could be exploited by remote attackers to automatically download an… Continue reading Insecure UC Browser ‘Feature’ Lets Hackers Hijack Android Phones Remotely
A notorious piece of spyware has been used to target the wife of a slain Mexican journalist, security researchers said Wednesday, adding to ongoing public scrutiny of the company that developed the powerful surveillance tool. Days after Javier Valdez Cárdenas, a reporter known for his coverage of international drug trafficking, was murdered in May 2017, multiple attempts were made to hack the phone of his widow, Griselda Triana, with spyware made by NSO Group, according to Citizen Lab, a digital rights and research organization at the University of Toronto. The text messages sent to Triana, who is also a journalist, were laced with software that would have turned her phone into a multifaceted surveillance device, Citizen Lab researchers said. One of the messages tugged at her grief as a widow, asking, “What do you think of this story?” Triana didn’t click on either link and turned the texts over to Mexican advocacy […]
The post NSO Group spyware targeted widow of Mexican journalist, researchers say appeared first on CyberScoop.
Continue reading NSO Group spyware targeted widow of Mexican journalist, researchers say
Even after so many efforts by Google for preventing its Play Store from malware, shady apps somehow managed to fool its anti-malware protections and get into its service to infect Android users with malware.
Two such Android apps have recently been sp… Continue reading New Android Malware Apps Use Motion Sensor to Evade Detection