Tag: android
-
ResidentBat Android Malware Grants Belarusian KGB Ongoing Mobile Access
ResidentBat is a custom Android spyware implant used by the Belarusian KGB to turn seized smartphones into long”‘lived surveillance platforms against journalists and civil society targets. Operating outside the Play Store ecosystem and requiring hands”‘on installation, it combines deep data collection with remote control features, including the ability to wipe a device on demand. RSF’s…
-
New $300 Android RAT Boasts Automated Permission Bypass and Hidden Remote Control
Every so often, a new piece of malware emerges that truly shifts the threat landscape. Oblivion, a newly discovered Android Remote Access Trojan (RAT), appears to be one such moment. Unlike recycled or buggy Remote Access Trojan (RATs) seen across underground markets, Oblivion is promoted as a ground”‘up build, tested for months before public release. The…
-
Steaelite RAT combines data theft and ransomware management capability in one tool
Tags: access, android, attack, authentication, awareness, business, corporate, credentials, crypto, cybercrime, data, ddos, defense, encryption, endpoint, extortion, infection, infosec, malware, mobile, monitoring, password, phishing, ransomware, rat, remote-code-execution, theft, threat, tool, training, windowsCSO that this isn’t the most sophisticated RAT he’s seen. “The novel aspect here,” he said, “is the convergence. Steaelite bundles remote access, credential harvesting, data exfiltration, and ransomware (currently in development) in a single package.” Traditionally, he explained, these capabilities have occupied different parts of the cybercrime toolchain, but Steaelite unifies the functions, giving…
-
Developer creates app to detect nearby smart glasses
Tags: androidA developer created an Android app that looks for nearby smart glasses. It’s not perfect, but it can help people in certian circumstances. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/developer-creates-app-to-detect-nearby-smart-glasses/
-
$300 a Month Android Malware ‘Oblivion’ Uses Fake Updates to Hijack Phones
Cybersecurity researchers at Certo reveal Oblivion, a new Android Trojan targeting major brands like Samsung and Xiaomi. It bypasses security to steal passwords and bank codes. First seen on hackread.com Jump to article: hackread.com/android-malware-oblivion-fake-updates-hijack-phones/
-
Android RAT SURXRAT Grants Hackers Full Device Control and Data Exfiltration
SURXRAT is an actively developed Android Remote Access Trojan (RAT) sold as a commercial malware-as-a-service (MaaS) on Telegram, giving attackers full device control and powerful data”‘stealing capabilities. It combines large”‘scale affiliate distribution, cloud”‘hosted command”‘and”‘control, and even experimental AI modules, making it a serious and evolving threat for Android users. The Indonesian operator runs a channel…
-
SURXRAT, a Trojan’s LLM-Driven Expansion in Android Malware
SURXRAT, an Android Remote Access Trojan (RAT), has come out as a commercially structured malware operation. Distributed under the branding “SURXRAT V5,” the malware is sold through a Telegram-based malware-as-a-service (MaaS) network that enables affiliates to generate customized builds while the core operator retains centralized infrastructure and oversight. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/surxrat-arsinkrat-llm-android-rat-analysis/
-
New ZeroDayRAT Malware Claims Full Monitoring of Android and iOS Devices
Meet ZeroDayRAT, a newly advertised malware targeting Android and iOS devices with surveillance, location tracking, and crypto theft tools sold via Telegram as a MaaS service. First seen on hackread.com Jump to article: hackread.com/zerodayrat-malware-monitoring-android-ios-devices/
-
ZeroDayRAT Targets Android and iOS Devices for Surveillance and Financial Data Theft
ZeroDayRAT targets Android and iOS devices, combining real-time surveillance with direct financial theft within a single browser panel. The Malware-as-a-Service (MaaS) ecosystem is entering a new phase, blending mobile surveillance and financial crime into one seamless platform. Active promotions for this RAT (Remote Access Trojan) began on Telegram channels on February 2, 2026, highlighting its dual purpose: real-time spying and direct financial…
-
Android mental health apps with 14.7M installs filled with security flaws
Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users’ sensitive medical information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/android-mental-health-apps-with-147m-installs-filled-with-security-flaws/
-
WhatsApp is adding another lock to your account
Meta has released WhatsApp Beta for Android 2.26.7.8 through the Google Play Beta Program. The update includes references to password-protected accounts, indicating plans to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/23/whatsapp-account-password-feature-beta/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 85
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ninja Browser & Lumma Infostealer Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware Hudson Rock Identifies Real-World Infostealer Infection Targeting OpenClaw Configurations Divide and conquer: how the new Keenadu backdoor exposed links…
-
Week in review: Firmware-level Android backdoor found on tablets, Dell zero-day exploited since 2024
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Security at AI speed: The new CISO reality The CISO role has changed … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/22/week-in-review-firmware-level-android-backdoor-found-on-tablets-dell-zero-day-exploited-since-2024/
-
Neue Android-Malware nutzt Gemini als Gehirn
Sicherheitsforscher des slowakischen IT-Unternehmens ESET haben eine neue Android-Schadsoftware entdeckt, die Google Gemini aktiv im laufenden Betrieb einsetzt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/neue-android-malware-nutzt-gemini-als-gehirn
-
Android Malware Taps Google Gemini at Runtime
Researchers Say PromptSpy Automates Persistence on Infected Devices. A newly discovered Android malware strain, PromptSpy, is using Google’s Gemini generative artificial intelligence model to automate part of its persistence mechanism, marking what researchers describe as the second known case of AI-driven mobile malware. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/android-malware-taps-google-gemini-at-runtime-a-30819
-
Google Blocked 1.75M Harmful Apps From Play Store in 2025
Google used AI-driven review systems to block 1.75 million policy-violating apps and ban 80,000 developer accounts in 2025, expanding Play Store and Android security enforcement. The post Google Blocked 1.75M Harmful Apps From Play Store in 2025 appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-ai-blocked-1-75-million-apps-2025/
-
Google Blocks 1.75 Million Malicious Apps from Entering Play Store
Google has revealed that it blocked more than 1.75 million malicious or policy”‘violating Android apps from reaching users through the Play Store in 2025, highlighting a major AI”‘driven push to secure the mobile ecosystem against malware, fraud, and privacy abuse. More than 80,000 “bad” developer accounts were also banned, cutting off repeat offenders who tried…
-
Android Malware Hijacks Google Gemini to Stay Hidden
A new Android malware implant using Google Gemini to perform persistence tasks was discovered on VirusTotal and analyzed by ESET First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/android-malware-hijacks-google/
-
PromptSpy abuses Gemini AI to gain persistent access on Android
PromptSpy is the first Android malware to abuse Google’s Gemini AI, enabling persistence and advanced spying features. Security researchers at ESET have uncovered PromptSpy, the first known Android malware to exploit Google’s Gemini AI to maintain persistence. The malware can capture lockscreen data, block uninstallation attempts, collect device information, take screenshots, and record screen activity…
-
PromptSpy läutet mit GenAI die Ära der Android-Bedrohungen ein
ESET-Forscher entdecken PromptSpy, die erste bekannte Android-Malware, die generative KI in ihrem Ausführungsablauf nutzt. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/promptspy-lautet-mit-genai-die-ara-der-android-bedrohungen-ein/
-
PromptSpy: First Android AI Malware Leverages Google’s Gemini for Decision-Making
PromptSpy is a newly discovered Android malware family that abuses Google’s Gemini generative AI model to make real”‘time decisions on how to manipulate the user interface and stay active on infected devices. PromptSpy’s AI”‘assisted functionality is focused on persistence rather than initial infection or data theft. Instead of relying on hardcoded tap coordinates or fragile…
-
PromptSpy is the first known Android malware to use generative AI at runtime
Researchers have discovered the first known Android malware to use generative AI in its execution flow, using Google’s Gemini model to adapt its persistence across different devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/promptspy-is-the-first-known-android-malware-to-use-generative-ai-at-runtime/
-
PromptSpy is the first known Android malware to use generative AI at runtime
Researchers have discovered the first known Android malware to use generative AI in its execution flow, using Google’s Gemini model to adapt its persistence across different devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/promptspy-is-the-first-known-android-malware-to-use-generative-ai-at-runtime/
-
PromptSpy is the first Android malware to use generative AI at runtime
Researchers have discovered the first known Android malware to use generative AI in its execution flow, using Google’s Gemini model to adapt its persistence across different devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/promptspy-is-the-first-android-malware-to-use-generative-ai-at-runtime/
-
Google blocked over 1.75 million Play Store app submissions in 2025
Google says that through 2025, it blocked more than 255,000 Android apps from obtaining excessive access to sensitive user data and rejected over 1.75 million apps from being published on Google Play due to policy violations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-blocked-over-175-million-play-store-app-submissions-in-2025/
-
PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence
Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google’s generative artificial intelligence (AI) chatbot, as part of its execution flow and achieves persistence.The malware has been codenamed PromptSpy by ESET. The malware is equipped to capture lockscreen data, block uninstallation efforts, gather device information, take screenshots, First seen…
-
PromptSpy Android malware may exploit Gemini AI
A newly-uncovered malware targeting the Android operating system seems to exploit Google’s Gemini GenAI tool to help it maintain persistence. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639201/PromptSpy-Android-malware-may-exploit-Gemini-AI
-
Android malware taps Gemini to navigate infected devices
The real deal or another research project overblown? First seen on theregister.com Jump to article: www.theregister.com/2026/02/19/genai_malware_android/
-
Android malware taps Gemini to navigate infected devices
The real deal or another research project overblown? First seen on theregister.com Jump to article: www.theregister.com/2026/02/19/genai_malware_android/
-
PromptSpy: First Android malware to use generative AI in its execution flow
ESET researchers have discovered PromptSpy, the first known Android malware to abuse generative AI as part of its execution flow in order to achieve persistence. This marks … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/19/promptspy-android-malware-generative-ai/