Smartphone users are just as vulnerable to cryptocurrency mining hijacks as their PC counterparts, and sometimes on a dramatic scale.
Malwarebytes has detailed a "drive-by" mining campaign that redirected millions of Android users to a website that hijacked their phone processors for mining Monero. While the exact trigger wasn't clear, researchers believed that infected apps with malicious ads would steer people toward the pages. And it wasn't subtle -- the site would claim that you were showing "suspicious" web activity and tell you that it was mining until you entered a captcha code to make it stop.Read more
Malware which aims to steal Facebook login credentials and also aggressively displays pop-up adverts has been uncovered targeting Android users via the Google Play store -- and may have been downloaded by hundreds of thousands of unwitting victims.
Dubbed GhostTeam after strings in the code by the analysts at security company Trend Micro which uncovered it, the malware was first published in April 2017 and was disguised in the official Android marketplace as utility apps, performance boosters, and social media video downloaders.Read more
If you happen to have an old Android device lying around and a reason to worry about people messing with your business, Edward Snowden has an app for that.
Haven is an open-source project that Snowden developed in conjunction with Freedom of the Press Foundation and Guardian Project. You can find directions and links for downloading and installing it on the latter organization's Github page. This isn't your typical security app. Haven doesn't lock down a single device or prevent tampering; instead, it repurposes an Android device — an old, unused one, preferably — and, using an assortment of built-in sensors, turns it into a multi-functional security gadget.Read more
This is bad. Google actively receives location data from Android users even when location services have been switched off. Starting from early 2017, Android phones have been gathering addresses of nearby cellular towers and sending this data back to Google. The most troubling part is that this has been going on even when users have disabled location services.
According to the publication, Android handsets collected location data pretty much all the time and subsequently relayed all stored information back to Google once connected to the internet. Quarts claims that all modern Android phones are affected by this vulnerability.Read more
More than one million people were tricked into downloading a fake Android app that was pretending to be WhatsApp. The app was called "Update WhatsApp" and is still on the Play Store, although the developer has now changed its name to "Dual Whatsweb Update" and switched the icon, which doesn't look like the WhatsApp icon anymore.
But before its facelift, the app mimicked WhatsApp in a clear attempt to trick users into downloading it thinking they were downloading an update for the popular messaging app, according to users who reviewed the app on the Play Store, and users on Reddit, who flagged the malicious app.Read more
The Internet is awash with covert crypto currency miners that bog down computers and even smartphones with computationally intensive math problems called by hacked or ethically questionable sites.
A new Android banking malware dubbed LokiBot comes with some ransomware capabilities and is being sold on the dark web for $2,000 worth of Bitcoins. Although LokiBot functions primarily as a banking Trojan, it can turn into a ransomware if attempts are made to disable the malware's admin rights or when victims try to remove it.
Once the ransomware feature is activated, LokiBot encrypts all of the victims' data. The malware is also capable of stealing victims' contacts, reading and sending SMS messages and locking out users from accessing their phones. LokiBot's main attack vector involves phishing overlays on numerous banking apps.Read more
Google is offering security experts a bounty to identify Android app flaws as the Alphabet Inc unit seeks to wipe out bugs from its Google Play store.
Each flaw will score at least $1,000 under the program announced on Thursday to back up automated checks that have failed to block malware and other problems that security experts say infect the 8-year-old app store far more than Apple Inc’s rival App Store. Google will partner with HackerOne, a bug bounty program management website, to target a list of apps and flaws such as those that allow a hacker to redirect a user to a phishing website or infect a gadget with a virus.Read more
Google has booted eight Android apps from its Play marketplace, even though the apps have been downloaded as many as 2.6 million times. The industry giant took action after researchers found that the apps add devices to a botnet and can perform denial-of-service attacks or other malicious actions.
The stated purpose of the apps is to provide a skin that can modify the look of characters in the popular Minecraft: Pocket Edition game. Under the hood, the apps contain highly camouflaged malware known as Android.Sockbot, which connects infected devices to developer-controlled servers.Read more
A new exploit can allow attackers to read Wi-Fi traffic between devices and wireless access points, and even modify it to inject malware into websites. Researchers have started disclosing security vulnerabilities, and it looks like Android and Linux-based devices are the worst affected by them.
Researchers also claim some of the attack works against all modern Wi-Fi networks using WPA or WPA 2 encryption, and that the weakness is in the Wi-Fi standard itself so it affects macOS, Windows, iOS, Android, and Linux devices. Intercepting traffic lets attackers read information that was previously assumed to be safely encrypted.Read more