A single threat actor has aggressively bombarded Android users with more than 4,000 spyware apps since February, and in at least three cases the actor snuck the apps into Google's official Play Market, security researchers said Thursday.
Soniac was one of the three apps that made its way into Google Play, according to a blog post published Thursday by a researcher from mobile security firm Lookout. The app, which had from 1,000 to 5,000 downloads before Google removed it, provided messaging functions through a customized version of the Telegram communications program.Read more
Researchers from Georgia Institute of Technology have released a full report on a new attack vector that affects Android up to version 7.1.2.
The exploit, called Cloak & Dagger, uses Android’s design and screen behaviours against users, effectively hiding activity behind various app-generated interface elements that lets a hacker grab screen interactions and hide activity behind seemingly innocuous screens. Experts have created proof of concept users of the exploit including a bit of malware that draws an invisible grid over the Android screen that exactly mirrors – and can capture – the onscreen keyboard.Read more
The sheer dominance of Google's Android operating system in the mobile market also comes with a flipside. Due to the increasing number of people using the OS on their smartphones and tablets, it has become the most preferred choice for hackers attacking the platform with malware.
According to a new report from German software company G DATA, its security researchers discovered over 750,000 new Android malware apps in the first quarter of 2017. On an average, the number equates to nearly 8,400 new malware instances every day. The company said that the year 2017 was off to a slower start in comparison with the same period last year.Read more
There are plenty of privacy-invading marketing ploys to worry about in life. Some examples are in your face, some are more subtle. And a relatively new kind manages to be outright invisible. In the most inconspicuous hustle of all, apps have increasingly incorporated ultrasonic tones to track consumers.
They ask permission to access your smartphone microphone, then listen for inaudible “beacons” that emanate from retail stores and even websites. If you’re not paying attention to the permissions you grant, you could be feeding marketers information about your online browsing, what stores you go to, and what products you like and dislike.Read more
While going through the web browsing, annoying adverts get on your nerves and you are unable to do anything to get rid of them except closing them again and again. Sometimes, these advertisements are very useful in some context, but often, they are annoying and of course, you would like to find out a way to get rid of them.
Well! What you can do is to select an extension or app to block website ads. It is also necessary for you to get because, the appearance of these adverts can make your system slower down and thus, the website, you want to open will be also loaded slowly. It is incredibly irritating when you find yourself helpless before them.Read more
Android malware capable of accessing smartphone users' location and sending it to cyberattackers remained undetected in the Google Play store for three years, according to a security company.
Discovered by IT security researchers, the SMSVova Android spyware poses as a system update in the Play Store and was downloaded between one million and five million times since it first appeared in 2014. The app claims to give users access to the latest Android system updates, but it's actually malware designed to compromise the victims' smartphone and provide the users' exact location in real time.Read more
Turns out that the spyware gold rush is so hot even amateurs are trying to join it. Malware hunters often say that it's really hard to point the finger at who's behind a cyberattack or a specific piece of malicious software — what's known in the cybersecurity community as "attribution."
Hackers, especially if they work for a government, go to great lengths to obfuscate who they are and who employs them. But sometimes hackers make mistakes, even blatant ones like leaving a link to the website of the company that developed the malware in the malware code itself. It would be like a burglar broke into your home and left their business card behind.Read more
Bought a brand new Android Smartphone? Do not expect it to be a clean slate. At least 36 high-end smartphone models belonging to popular manufacturing companies such as Samsung, LG, Xiaomi, Asus, Nexus, Oppo, and Lenovo, which are being distributed by two unidentified companies have been found pre-loaded with malware programs.
These malware infected devices were identified after a Check Point malware scan was performed on Android devices. Two malware families were detected on the infected devices: Loki and SLocker. These malicious software apps were not part of the official ROM firmware.Read more
Donald Trump's phone use is raising security concerns among a pair of senate Democrats. Sens. Tom Carper and Claire McCaskill sent a letter last week to Secretary of Defense James Mattis about whether the president is using a secure device to make calls and post tweets.
The senators, who both service on the Homeland Security Committee, worry that an unsecured device could be vulnerable to hacking, posing a national security risk. "Public reports originally indicated that President Trump began using a 'secure, encrypted device approved by the U.S. Secret Service' prior to taking office," the senators wrote in the letter, which was made public Monday.Read more
An alarming number of Android VPNs are providing a decidedly false sense of security to users, especially those living in areas where communication is censored or technology is crucial to the privacy and physical security.
A study published recently identified a number of shortcomings common to high percentages of 238 mobile VPN apps analyzed by a handful of researchers. Users downloading and installing these apps expecting secure communication and connections to private networks are instead using apps that lack encryption, are infected with malware, intercept TLS traffic, track user activity, and manipulate HTTP traffic.Read more