Android

Pierluigi Paganini January 10, 2023
StrongPity APT spreads backdoored Android Telegram app via fake Shagle site

The StrongPity APT group targeted Android users with a trojanized version of the Telegram app served through a website impersonating a video chat service called Shagle. ESET researchers reported that StrongPity APT group targeted Android users with a trojanized version of the Telegram app. The campaign has been active since November 2021, threat actors served the malicious app […]

Pierluigi Paganini December 08, 2022
Zombinder APK binding service used in multiple malware attacks

Zombinder is a third-party service on darknet used to embed malicious payloads in legitimate Android applications. While investigating a new malware campaign targeting Android and Windows systems, researchers at Threat Fabric discovered a darknet service, dubbed Zombinder, used to embed malicious payloads in legitimate Android apps. The campaign involved the Ermac Android banking Trojan along […]

Pierluigi Paganini December 08, 2022
Android app with over 5m downloads leaked user browsing history

The Android app Web Explorer – Fast Internet left an open instance, exposing a trove of sensitive data that malicious actors could use to check specific users’ browsing history. Original post at https://cybernews.com/security/android-app-leaked-user-browsing-history/ A browsing app for Android devices, Web Explorer – Fast Internet, left open its Firebase instance, exposing app and user data, the Cybernews research […]

Pierluigi Paganini November 16, 2022
Beginning 2023 Google plans to rollout the initial Privacy Sandbox Beta

Google announced it will roll out the Privacy Sandbox system for Android in beta to a limited number of Android 13 devices in early 2023. Google announced it will roll out the Privacy Sandbox for Android in beta to mobile devices running Android 13 starting early next year. The Privacy Sandbox aims at creating technologies to […]

Pierluigi Paganini November 12, 2022
Malicious app in the Play Store spotted distributing Xenomorph Banking Trojan

Experts discovered two new malicious dropper apps on the Google Play Store distributing the Xenomorph banking malware. Zscaler ThreatLabz researchers discovered a couple of malicious dropper apps on the Play Store distributing the Xenomorph banking malware. Xenomorph was first spotted by ThreatFabric researchers in February 2022, at the time the malware was employed in attacks […]

Pierluigi Paganini November 11, 2022
Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. The threat actors behind the campaigns used two Android spyware to spy on the victims and steal sensitive information. The campaigns involved a new piece of malware called […]

Pierluigi Paganini November 11, 2022
Researcher received a $70k award for a Google Pixel lock screen bypass

Google fixed a high-severity security bug affecting all Pixel smartphones that can allow attackers to unlock the devices. Google has addressed a high-severity security bug, tracked as CVE-2022-20465, affecting all Pixel smartphones that could be exploited to unlock the devices. The Google Pixel Lock Screen Bypass was reported by security researcher David Schütz that was […]

Pierluigi Paganini November 02, 2022
4 Malicious apps on Play Store totaled +1M downloads

Four malicious Android apps uploaded by the same developer to Google Play totaled at least one million downloads. Malwarebytes researchers discovered four malicious apps uploaded by the same developer (Mobile apps Group) to the official Google Play. The apps are infected with the Android/Trojan.HiddenAds.BTGTHB malware, the apps totaled at least one million downloads. Below is […]

Pierluigi Paganini October 31, 2022
Malicious dropper apps on Play Store totaled 30.000+ installations

ThreatFabric researchers discovered five malicious dropper apps on Google Play Store with more than 130,000 downloads. Researchers at ThreatFabric have discovered five malicious dropper apps on the official Google Play Store. The malicious dropper apps are designed to deliver banking trojans, such as SharkBot and Vultur, that already totaled over 130,000 installations. “Droppers on Google Play went […]

Pierluigi Paganini October 13, 2022
YoWhatsApp, unofficial WhatsApp Android app spreads the Triada Trojan

Kaspersky researchers warn of a recently discovered malicious version of a popular WhatsApp messenger mod dubbed YoWhatsApp. Kaspersky researchers discovered an unofficial WhatsApp Android application named ‘YoWhatsApp’ that steals access keys for users’ accounts. Mod apps are advertised as unofficial versions of legitimate apps that have features that the official one does not supports. YoWhatsApp is […]