A group of highly sophisticated state-sponsored hackers is spying on the Israeli military by hacking into the personal Android phones of individual soldiers to monitor their activities and steal data.
A newly released research by Lookout and Kaspersky suggests that more than 100 Israeli servicemen from the Israeli Defense Force are believed to have been targeted with spyware. Dubbed ViperRAT, the malware has specifically been designed to hijack Israeli soldiers’ Android-based smartphones and remotely exfiltrate data of high value, including photos and audio recordings, directly from the compromised devices.Read more
Researchers here at the RSA Conference demonstrated a way a hacker can bypass enterprise mobility management sandboxing tools known as Android for Work that are designed to segregate work and personal data on Android devices.
Researchers showed how two separate malicious apps can circumvent Android’s multiuser framework designed to secure a work profile from a personal profile on a single device. The prerequisite of the attacks hinge on a targeted victim downloading apps in their personal profile that grants attackers heightened privileges over the device’s Accessibility Services and Notification permissions in both work and personal profiles.Read more
Android-targeting banking Trojan Marcher is on the rise, infecting devices via a phishing attack using SMS/MMS, gaining extensive privileges, displaying an overlay window to your banking app and collecting all your data, all the while successfully avoiding your antivirus apps.
It all starts with a phishing attack using SMS or MMS, with the messages including a link leading to a fake version of a popular app, such as WhatsApp, Runtastic or Netflix, to name a few. The link, however, doesn’t lead you to the good old Google Play Store, which is safe for the most part, but to a third-party app store. Of course, this doesn’t work if you don’t have the option selected from your phone’s security settings.Read more
Donald Trump's phone use is raising security concerns among a pair of senate Democrats. Sens. Tom Carper and Claire McCaskill sent a letter last week to Secretary of Defense James Mattis about whether the president is using a secure device to make calls and post tweets.
The senators, who both service on the Homeland Security Committee, worry that an unsecured device could be vulnerable to hacking, posing a national security risk. "Public reports originally indicated that President Trump began using a 'secure, encrypted device approved by the U.S. Secret Service' prior to taking office," the senators wrote in the letter, which was made public Monday.Read more
The use of droppers to infect devices with ransomware has spread to Android, Symantec security researchers warn. The use of a dropper to deliver malware on Android is a new technique, although it is a very popular one when it comes to malware for desktop computers.
Furthermore, researchers say, the actors using it have also implemented a 2D barcode technique meant to help them receive payment from victims, but they did this ineffectively. Spotted about a year ago, the Lockdroid ransomware was designed to encrypt user files and perform other nefarious activities as well. It requests device admin rights and, if the user grants them, it can also lock devices.Read more
An alarming number of Android VPNs are providing a decidedly false sense of security to users, especially those living in areas where communication is censored or technology is crucial to the privacy and physical security.
A study published recently identified a number of shortcomings common to high percentages of 238 mobile VPN apps analyzed by a handful of researchers. Users downloading and installing these apps expecting secure communication and connections to private networks are instead using apps that lack encryption, are infected with malware, intercept TLS traffic, track user activity, and manipulate HTTP traffic.Read more
Someone send Samsung's pr people some biscuits or something, they could do with a break.
Not only have the poor bastards had to endure the news that the company that they work for released a phone that can catch fire, but now a security firm called Context says that its Galaxy phones are vulnerable to an SMS attack that can be triggered remotely and turn users' devices into the sort of thing that young people in pyjamas are supposed to rescue from the floor of swimming pools. A brick. Context starts by telling us that Android phones are vulnerable to these SMS attacks and that the victim will be subjected to ransomware shakedowns.Read more
President Trump has carried his Twitter habit into his presidency. He has also brought with him another tech habit that is causing concern. Mr. Trump has been using his old, unsecured Android phone to post on Twitter since moving to Washington late last week.
The president’s use of an unsecured personal device raises concerns that his desire to use his old smartphone could be exposing him and the nation to security threats. He is using the Android smartphone mainly to post on Twitter, not to make calls. But it’s unclear what security measures have been put in place on the device and how vulnerable he could be to someone stealing data or breaking into his Twitter account.Read more
CheckPoint has let off a warning about Android malware called HummingWhale that it says was hidden inside 20 apps and could have been downloaded millions of times. HummingWhale is a variant of HummingGad, which was as bad as its name suggests.
HummingWhale is a much more sophisticated thing that the earlier one, and uses its control and command centre to basically kill your phone through shitty fake apps and ads. CheckPoint gave us the warning about Hummingbird last year. That version presented itself within very legitimate applications on the Google Play store, and the security company estimated that perhaps as many as 10 million people have been affected.Read more
A few hours after President-elect Donald Trump was briefed by intelligence officials about Russian meddling in the election, a reporter called his cellphone seeking an interview. The call went to voicemail and the reporter did not leave a message. About an hour later, Trump called back.
It's hard to imagine many politicians — particularly one about to become president of the United States — calling back an unknown number on their cellphone. With Trump, it's simply how business gets done, whether he's fielding calls from real estate partners and longtime friends or foreign leaders and congressional lawmakers in the weeks after the election.Read more