Another month, another bunch of Android malware that's found its way onto Google Play. That's according to researchers from Check Point, who claimed to have found the second-biggest outbreak to ever hit Google's platform, with as many as 21.1 million infections from one malware family.
The malware's been dubbed ExpensiveWall after hiding inside wallpaper apps. The researchers warned it sent fraudulent premium SMS messages and charged for fake services. In the latest outbreak detected by Check Point, ExpensiveWall infected at least 50 apps, which together were downloaded between 1 million and 4.2 million times.Read more
Modern smartphones take pains to “sandbox” apps, keeping them carefully segregated so that no mischievous program can meddle in another app’s sensitive business.
But security researchers have found an unexpected feature of Android that can surreptitiously grant an app the permission to not merely reach outside its sandbox but fully redraw the phone’s screen while another part of the operating system is running, tricking users into tapping on fake buttons that can have unexpected consequences. And while that hijacking of your finger inputs isn’t a new feat for Android hackers, a fresh tweak on the attack makes it easier than ever to pull off.Read more
Smartphone bootloader firmware should be secure even if the operating system is compromised. But researchers have found five flaws in major chipset vendors' code that leave the process vulnerable.
The vulnerabilities have been found by a group of researchers from the University of California, Santa Barbara, who've built a tool called BootStomp to automatically detect security flaws in bootloaders, which load the OS kernel when devices are turned on. The tool identified six zero-day flaws in two bootloaders after analyzing code from four large chipset makers, including Qualcomm, MediaTek, Nvidia, and Huawei.Read more
A ransomware development kit that doesn't require any coding skills to use is being sold on underground forums. Now, all wannabe cybercriminals need to build their own file-locking malware is an Android phone.
Downloadable from hacking discussion boards for free, the Trojan Development Kit app comes with an easy to use interface that allows criminals to quickly create their own ransomware, according to the researchers. "The entire process of creating a ready-to-use piece of malware is done on a smartphone without any requirement to write a single line of code," said Dinesh Venkatesan, principal threat analysis engineer at Symantec.Read more
A single threat actor has aggressively bombarded Android users with more than 4,000 spyware apps since February, and in at least three cases the actor snuck the apps into Google's official Play Market, security researchers said Thursday.
Soniac was one of the three apps that made its way into Google Play, according to a blog post published Thursday by a researcher from mobile security firm Lookout. The app, which had from 1,000 to 5,000 downloads before Google removed it, provided messaging functions through a customized version of the Telegram communications program.Read more
Android users need to be on the lookout yet again for a new type of malware targeting the mobile devices. The latest attack poses as an update to Flash and targets banking information and credit card details of its victims.
The attack, discovered by security researchers at SophosLabs, has been identified as Andr/Banker-GUA or Invisible Man —a variant of a well-known banking malware known as Svpeng that previously ran amok on Android devices. The modified version of the trojan originally developed by Russian hackers has an additional threat that was absent in the original: a keylogger that keeps track of everything a victim types on their infected devices.Read more
Android seems to have become the preferred target of virus writers across the world, with new forms of malware capable of infecting more devices detected every day.
This time, security company Trend Micro warns of a new Android backdoor called GhostCtrl and which is a variant of the more famous OmniRAT that was discovered in late 2015 and affected a wider array of platforms, including Windows, Linux, and Mac. GhostCtrl is specifically trying to infect Android devices and it spreads as stand-alone APKs. The malware has been discovered in three different versions, with the most advanced giving hackers full control over a device and the rights to access and transfer any data stored locally.Read more
Wikileaks published another set of documents Thursday. The latest release of files purportedly from the U.S. Central Intelligence Agency (CIA) details a piece of malicious software for Android devices.
The malware, referred to as Highrise, can redirect or intercept text messages sent to a target’s phone, allowing a CIA agent to access it before it lands in the inbox of the person it was intended for. HighRise acts as a proxy server for text messages, bouncing the messages to internet “listening posts” that allow an agent to intercept them. While the malicious software provides the CIA with a powerful snooping tool, there is a major limitation to Highrise.Read more
A form of Android ransomware which threatens to send the victim's private information and web history to all of their contacts has been discovered in the official Google Play app store.
LeakerLocker doesn't actually encrypt the victims' files, but instead claims to have made a backup of data stored on the device and threatens to share it with all of the user's phone and email contacts. Those behind the malware demand $50 in exchange for not leaking personal data including photos, Facebook messages, web history, emails, location history and more, playing on fears of potential embarrassment rather than any form of cryptography.Read more
Google has released its latest monthly security update for Android devices, including a serious bug in some Broadcom Wi-Fi chipsets that affects millions of Android devices, as well as some iPhone models.
Dubbed BroadPwn, the remote code execution vulnerability resides in Broadcom's BCM43xx family of WiFi chipsets, which can be triggered remotely without user interaction, allows a remote attacker to execute malicious code on targeted Android devices. "The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process," Google describes.Read more