Google Removes 85 Adware Apps That Infect 9 Million Android Users

Google has removed 85 apps from its Play Store after finding out that they were pushing aggressive, full-screen adware to Android users.

With the rise in the mobile market, Adware has become one of the most prevalent mobile threats in the world. Adwar… Continue reading Google Removes 85 Adware Apps That Infect 9 Million Android Users

0-Days Found in iPhone X, Samsung Galaxy S9, Xiaomi Mi6 Phones

At Pwn2Own 2018 mobile hacking competition held in Tokyo on November 13-14, white hat hackers once again demonstrated that even the fully patched smartphones running the latest version of software from popular smartphone manufacturers can be hacked.

T… Continue reading 0-Days Found in iPhone X, Samsung Galaxy S9, Xiaomi Mi6 Phones

Mysterious malware campaign targets just 13 iPhones in India

An application-warping malware campaign in India is aimed at just 13 iPhones in what researchers are calling a “highly targeted” operation. The attackers are using an open-source mobile device management (MDM) server to distribute the malware through popular apps like Telegram and WhatsApp, researchers from Talos, Cisco’s threat intelligence unit, revealed Thursday. The use of MDM, a popular enterprise tool for administering mobile apps, allows hackers to control how their malware is interacting with the target phones. “This campaign is of note since the malware goes to great lengths to replace specific mobile apps for data interception,” researchers Warren Mercer, Paul Rascagneres, and Andrew Williams wrote in a blog post. The researchers don’t know who was targeted in the campaign, who carried out the attack, or why. While the hackers apparently tried to plant a “false flag” by posing as Russian, evidence suggests they were operating in India, according to Talos. […]

The post Mysterious malware campaign targets just 13 iPhones in India appeared first on Cyberscoop.

Continue reading Mysterious malware campaign targets just 13 iPhones in India

4G is vulnerable to same types of attacks as 3G, researchers say

The 4G wireless telecommunications protocol is vulnerable to the same types of remote exploitation as its 3G predecessor, new research emphasizes. As with the flaw-ridden protocol underlying 3G, the 4G protocol is susceptible to attacks that disclose mobile users’ information or impose a denial of service, according to a report from mobile-security company Positive Technologies. Security researchers have long warned that spies or hackers could exploit the protocol supporting 3G — known as Signaling System No. 7 (SS7) — to intercept or track call data. The move from 3G to 4G, and the latter’s Diameter protocol, was supposed to mitigate some vulnerabilities, but security experts also have made clear that Diameter is no safeguard against hacking. While the new research indicates 4G is vulnerable to a smaller scope of attacks than 3G, it shows that attackers could shift a user’s device to 3G mode to exploit the less-secure SS7. Further, most mobile […]

The post 4G is vulnerable to same types of attacks as 3G, researchers say appeared first on Cyberscoop.

Continue reading 4G is vulnerable to same types of attacks as 3G, researchers say

Wyden calls for FCC investigation into cell-phone tracking used by law enforcement

Democratic Senator Ron Wyden has asked the Federal Communications Commission to investigate revelations that U.S. law enforcement officials have access to a tracking service that can geolocate almost any phone in the country. The tracking service provided by Securus Technologies accesses location data from big wireless carriers like AT&T and Verizon to pinpoint phone users, and a former Missouri sheriff allegedly used the service to track other officers without court orders, the New York Times reported. A spokesperson for Securus, a Texas-based provider of prison phone services, told The Times that the firm requires customers to submit legal evidence, such as an affidavit or warrant, that the surveillance is authorized. But in his letter to the FCC, Wyden said Securus employees confirmed to his office that the firm “takes no steps to verify” that those documents legally authorize surveillance. The Oregon senator called Securus’s vetting process “nothing more than the legal equivalent of […]

The post Wyden calls for FCC investigation into cell-phone tracking used by law enforcement appeared first on Cyberscoop.

Continue reading Wyden calls for FCC investigation into cell-phone tracking used by law enforcement

ViperRAT spyware resurfaces in Google Play Store

One year after a hacking campaign targeted Israeli Defense Force soldiers, the ViperRAT malware family returned to the Google Play Store, according to new research from the mobile security firm Lookout. ViperRAT made waves last year after a wave of IDF personnel fell victim to social engineering attacks from hackers posing as young women, who tricked the soldiers into installing third-party apps that copied files and spied on communications. The malware relatively disappeared after intense media coverage, but the new samples look even more sophisticated — so much so that they’ve snuck into the Google Play Store. It’s not clear who is  being targeted or responsible for building the ViperRAT 2.0. The two ViperRAT malicious chat apps (called VokaChat and Chattak) in the Google Play Store were downloaded over 1,000 times before Lookout discovered and Google removed them. “The chat functionality of the apps, which in earlier ViperRAT samples did not function, […]

The post ViperRAT spyware resurfaces in Google Play Store appeared first on Cyberscoop.

Continue reading ViperRAT spyware resurfaces in Google Play Store

After litany of lies, Israeli hacking firm Ability settles lawsuit for $3 million

Plagued by investor lawsuits and federal investigations over allegedly lying about products and finances, Israeli hacking company Ability Inc. recently settled out of court by paying $3 million to investors who say Ability’s executives have been misleading about their company’s finances from the start. Most of the allegations in the class action lawsuit are also violations of federal law, so it’s little surprise that Ability came under federal investigation last year for allegedly lying about products and finances. When asked about the current status of the investigation, the SEC declined to comment. Investigations of this nature tend to take years to complete. The settlement is a significant hit for a company with fast evaporating cash reserves and revenue — and little explanation as to why things have gone so badly. With just $3.6 million in cash left on their balance sheet, according to SEC filings, the clock is ticking. The company spent $8.4 million […]

The post After litany of lies, Israeli hacking firm Ability settles lawsuit for $3 million appeared first on Cyberscoop.

Continue reading After litany of lies, Israeli hacking firm Ability settles lawsuit for $3 million

A Company Offers $500,000 For Secure Messaging Apps Zero-Day Exploits

How much does your privacy cost?

It will soon be sold for half a Million US dollars.

A controversial company specialises in acquiring and reselling zero-day exploits is ready to pay up to US$500,000 for working zero-day vulnerabilities targeting popu… Continue reading A Company Offers $500,000 For Secure Messaging Apps Zero-Day Exploits

Android Trojan Now Targets Non-Banking Apps that Require Card Payments

The infamous mobile banking trojan that recently added ransomware features to steal sensitive data and lock user files at the same time has now been modified to steal credentials from Uber and other booking apps as well.

Security researchers at Kasper… Continue reading Android Trojan Now Targets Non-Banking Apps that Require Card Payments

Dangerous Mobile Banking Trojan Gets ‘Keylogger’ to Steal Everything

Cyber criminals are becoming more adept, innovative, and stealthy with each passing day. They have now shifted from traditional to more clandestine techniques that come with limitless attack vectors and are harder to detect.

Security researchers have … Continue reading Dangerous Mobile Banking Trojan Gets ‘Keylogger’ to Steal Everything