Bought a brand new Android Smartphone? Do not expect it to be a clean slate. At least 36 high-end smartphone models belonging to popular manufacturing companies such as Samsung, LG, Xiaomi, Asus, Nexus, Oppo, and Lenovo, which are being distributed by two unidentified companies have been found pre-loaded with malware programs.
These malware infected devices were identified after a Check Point malware scan was performed on Android devices. Two malware families were detected on the infected devices: Loki and SLocker. These malicious software apps were not part of the official ROM firmware.
Read moreSecurity doom-monger ESET has let off a warning about a threat that it once warned about and has now come to its dreadful fruition. ESET says that some Android banking malware that it recently found on Google Play is back in the wild and is back targeting banks.
It explains that the source code for the malware was released a couple of months ago - we are surprised that it has taken this long to come out, to be honest - and says that it was worth the wait, in a way. The malware was distributed via Google Play as a trojanized version of a legitimate weather forecast application Good Weather. It could lock and unlock infected devices remotely, as well as intercept text messages.
Read moreA group of highly sophisticated state-sponsored hackers is spying on the Israeli military by hacking into the personal Android phones of individual soldiers to monitor their activities and steal data.
A newly released research by Lookout and Kaspersky suggests that more than 100 Israeli servicemen from the Israeli Defense Force are believed to have been targeted with spyware. Dubbed ViperRAT, the malware has specifically been designed to hijack Israeli soldiers’ Android-based smartphones and remotely exfiltrate data of high value, including photos and audio recordings, directly from the compromised devices.
Read moreResearchers here at the RSA Conference demonstrated a way a hacker can bypass enterprise mobility management sandboxing tools known as Android for Work that are designed to segregate work and personal data on Android devices.
Researchers showed how two separate malicious apps can circumvent Android’s multiuser framework designed to secure a work profile from a personal profile on a single device. The prerequisite of the attacks hinge on a targeted victim downloading apps in their personal profile that grants attackers heightened privileges over the device’s Accessibility Services and Notification permissions in both work and personal profiles.
Read moreAndroid-targeting banking Trojan Marcher is on the rise, infecting devices via a phishing attack using SMS/MMS, gaining extensive privileges, displaying an overlay window to your banking app and collecting all your data, all the while successfully avoiding your antivirus apps.
It all starts with a phishing attack using SMS or MMS, with the messages including a link leading to a fake version of a popular app, such as WhatsApp, Runtastic or Netflix, to name a few. The link, however, doesn’t lead you to the good old Google Play Store, which is safe for the most part, but to a third-party app store. Of course, this doesn’t work if you don’t have the option selected from your phone’s security settings.
Read moreDonald Trump's phone use is raising security concerns among a pair of senate Democrats. Sens. Tom Carper and Claire McCaskill sent a letter last week to Secretary of Defense James Mattis about whether the president is using a secure device to make calls and post tweets.
The senators, who both service on the Homeland Security Committee, worry that an unsecured device could be vulnerable to hacking, posing a national security risk. "Public reports originally indicated that President Trump began using a 'secure, encrypted device approved by the U.S. Secret Service' prior to taking office," the senators wrote in the letter, which was made public Monday.
Read moreThe use of droppers to infect devices with ransomware has spread to Android, Symantec security researchers warn. The use of a dropper to deliver malware on Android is a new technique, although it is a very popular one when it comes to malware for desktop computers.
Furthermore, researchers say, the actors using it have also implemented a 2D barcode technique meant to help them receive payment from victims, but they did this ineffectively. Spotted about a year ago, the Lockdroid ransomware was designed to encrypt user files and perform other nefarious activities as well. It requests device admin rights and, if the user grants them, it can also lock devices.
Read moreAn alarming number of Android VPNs are providing a decidedly false sense of security to users, especially those living in areas where communication is censored or technology is crucial to the privacy and physical security.
A study published recently identified a number of shortcomings common to high percentages of 238 mobile VPN apps analyzed by a handful of researchers. Users downloading and installing these apps expecting secure communication and connections to private networks are instead using apps that lack encryption, are infected with malware, intercept TLS traffic, track user activity, and manipulate HTTP traffic.
Read moreSomeone send Samsung's pr people some biscuits or something, they could do with a break.
Not only have the poor bastards had to endure the news that the company that they work for released a phone that can catch fire, but now a security firm called Context says that its Galaxy phones are vulnerable to an SMS attack that can be triggered remotely and turn users' devices into the sort of thing that young people in pyjamas are supposed to rescue from the floor of swimming pools. A brick. Context starts by telling us that Android phones are vulnerable to these SMS attacks and that the victim will be subjected to ransomware shakedowns.
Read morePresident Trump has carried his Twitter habit into his presidency. He has also brought with him another tech habit that is causing concern. Mr. Trump has been using his old, unsecured Android phone to post on Twitter since moving to Washington late last week.
The president’s use of an unsecured personal device raises concerns that his desire to use his old smartphone could be exposing him and the nation to security threats. He is using the Android smartphone mainly to post on Twitter, not to make calls. But it’s unclear what security measures have been put in place on the device and how vulnerable he could be to someone stealing data or breaking into his Twitter account.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland