Tag: android
-
North Korean APT Uses Remote Wipe to Target Android Users
North Korean hackers are exploiting Google’s Find Hub to wipe Android devices. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/north-korean-apt-uses-remote-wipe-to-target-android-users/
-
North Korean APT Uses Remote Wipe to Target Android Users
North Korean hackers are exploiting Google’s Find Hub to wipe Android devices. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/north-korean-apt-uses-remote-wipe-to-target-android-users/
-
North Korean spies turn Google’s Find Hub into remote-wipe weapon
KONNI espionage crew covertly abused Google’s Find My Device feature to remotely factory-reset Android phones First seen on theregister.com Jump to article: www.theregister.com/2025/11/11/north_korean_spies_turn_googles/
-
Kimsuky APT Takes Over South Korean Androids, Abuses KakaoTalk
Konni, a subset of the state-sponsored DPRK cyberespionage group, first exploits Google Find Hub, which ironically aims to protect lost Android devices, to remotely wipe devices. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/kimsuky-apt-south-korean-androids-abuses-kakaotalk
-
Android Devices Targeted By KONNI APT in Find Hub Exploitation
A new cyber-attack has been observed exploiting Google Find Hub to remotely wipe Android devices, linked to North Korean APTs First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/android-devices-targeted-konni-apt/
-
Fantasy Hub: Russian-sold Android RAT boasts full device espionage as MaaS
Researchers found Fantasy Hub, a Russian MaaS Android RAT that lets attackers spy, steal data, and control devices via Telegram. Zimperium researchers uncovered Fantasy Hub, a Russian-sold Android RAT offered as Malware-as-a-Service, enabling spying, device control, and data theft via Telegram. The malware allows operators to take over infected devices, gathering SMS messages, contacts, call…
-
North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors
North Korea-linked APT Konni posed as counselors to steal data and wipe Android phones via Google Find Hub in Sept 2025. Genians Security Center researchers warn that the North Korea-linked Konni APT group (aka Kimsuky, Earth Imp, TA406, Thallium, Vedalia, and Velvet Chollima) posed as counselors to hack Android and Windows, stealing data and wiping phones…
-
New “KomeX” Android RAT Hits Hacker Forums with Tiered Subscriptions
A sophisticated Android remote-access trojan named KomeX RAT has emerged on underground hacking forums, with the threat actor Gendirector actively marketing the malware through tiered subscription models. The malware, built on the foundation of previously documented BTMOB, poses a significant threat to Android device owners due to its extensive capabilities and aggressive advertising campaign within…
-
Android Trojan ‘Fantasy Hub’ Malware Service Turns Telegram Into a Hub for Hackers
Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that’s sold on Russian-speaking Telegram channels under a Malware-as-a-Service (MaaS) model.According to its seller, the malware enables device control and espionage, allowing threat actors to collect SMS messages, contacts, call logs, images, and videos, as well as intercept, reply,…
-
Android Trojan ‘Fantasy Hub’ Malware Service Turns Telegram Into a Hub for Hackers
Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that’s sold on Russian-speaking Telegram channels under a Malware-as-a-Service (MaaS) model.According to its seller, the malware enables device control and espionage, allowing threat actors to collect SMS messages, contacts, call logs, images, and videos, as well as intercept, reply,…
-
North Korea’s KONNI APT Hijacks Google Find Hub to Remotely Wipe and Track South Korean Android Devices
The post North Korea’s KONNI APT Hijacks Google Find Hub to Remotely Wipe and Track South Korean Android Devices appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-koreas-konni-apt-hijacks-google-find-hub-to-remotely-wipe-and-track-south-korean-android-devices/
-
APT37 hackers abuse Google Find Hub in Android data-wiping attacks
North Korean hackers from the KONNI activity cluster are abusing Google’s Find Hub tool to track their targets’ GPS positions and trigger remote factory resets of Android devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apt37-hackers-abuse-google-find-hub-in-android-data-wiping-attacks/
-
APT37 hackers abuse Google Find Hub in Android data-wiping attacks
North Korean hackers from the KONNI activity cluster are abusing Google’s Find Hub tool to track their targets’ GPS positions and trigger remote factory resets of Android devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apt37-hackers-abuse-google-find-hub-in-android-data-wiping-attacks/
-
Konni Hackers Turn Google’s Find Hub into a Remote Data-Wiping Weapon
The North Korea-affiliated threat actor known as Konni (aka Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia) has been attributed to a new set of attacks targeting both Android and Windows devices for data theft and remote control.”Attackers impersonated psychological counselors and North Korean human rights activists, distributing malware disguised as stress-relief programs,” the Genians…
-
LANDFALL Spyware Targeted Samsung Galaxy Phones via Malicious Images
Unit 42 discovered LANDFALL, commercial-grade Android spyware, which used a hidden image vulnerability (CVE-2025-21042) to remotely spy on Samsung Galaxy users via WhatsApp. Update your phone now. First seen on hackread.com Jump to article: hackread.com/landfall-spyware-samsung-galaxy-malicious-images/
-
Android Users Hit by Malware Disguised as Relaxation Programs
A sophisticated new cyberattack targeting Android devices in South Korea has been uncovered, leveraging Google’s asset-tracking feature, Find Hub, to remotely wipe sensitive user data. Threat actors disguised as psychological counselors and North Korean human rights activists have distributed malware masquerading as stress-relief programs, marking a significant escalation in state-sponsored attacks linked to the notorious…
-
Android Users Hit by Malware Disguised as Relaxation Programs
A sophisticated new cyberattack targeting Android devices in South Korea has been uncovered, leveraging Google’s asset-tracking feature, Find Hub, to remotely wipe sensitive user data. Threat actors disguised as psychological counselors and North Korean human rights activists have distributed malware masquerading as stress-relief programs, marking a significant escalation in state-sponsored attacks linked to the notorious…
-
âš¡ Weekly Recap: Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More
Cyber threats didn’t slow down last week”, and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild.But that’s just the surface. From sleeper logic bombs to a fresh alliance between major threat groups, this week’s roundup highlights a clear…
-
âš¡ Weekly Recap: Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More
Cyber threats didn’t slow down last week”, and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild.But that’s just the surface. From sleeper logic bombs to a fresh alliance between major threat groups, this week’s roundup highlights a clear…
-
âš¡ Weekly Recap: Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More
Cyber threats didn’t slow down last week”, and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild.But that’s just the surface. From sleeper logic bombs to a fresh alliance between major threat groups, this week’s roundup highlights a clear…
-
New “LANDFALL” Android Malware Uses Samsung 0-Day Vulnerability Hidden in WhatsApp Images
Cybersecurity researchers at Unit 42 have uncovered a sophisticated Android spyware campaign that exploited a previously unknown zero-day vulnerability in Samsung Galaxy devices. The malware, dubbed LANDFALL, leveraged a critical vulnerability in Samsung’s image processing library to deliver commercial-grade surveillance capabilities through maliciously crafted image files sent via WhatsApp. The LANDFALL campaign exploited CVE-2025-21042, a…
-
Samsung Mobile Flaw Exploited as Zero-Day to Deploy LANDFALL Android Spyware
A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a “commercial-grade” Android spyware dubbed LANDFALL in targeted attacks in the Middle East.The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the “libimagecodec.quram.so” component that could allow remote attackers to execute arbitrary First…
-
New “LANDFALL” Android Malware Uses Samsung 0-Day Vulnerability Hidden in WhatsApp Images
Cybersecurity researchers at Unit 42 have uncovered a sophisticated Android spyware campaign that exploited a previously unknown zero-day vulnerability in Samsung Galaxy devices. The malware, dubbed LANDFALL, leveraged a critical vulnerability in Samsung’s image processing library to deliver commercial-grade surveillance capabilities through maliciously crafted image files sent via WhatsApp. The LANDFALL campaign exploited CVE-2025-21042, a…
-
Samsung Mobile Flaw Exploited as Zero-Day to Deploy LANDFALL Android Spyware
A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a “commercial-grade” Android spyware dubbed LANDFALL in targeted attacks in the Middle East.The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the “libimagecodec.quram.so” component that could allow remote attackers to execute arbitrary First…
-
New Microsoft Teams Feature Exposes Users to Phishing and Malware Risks
Microsoft is poised to roll out a significant update to Teams, enabling users to initiate chats with anyone using just an email address”, even if the recipient isn’t a Teams user. While the feature, launching in targeted releases by early November 2025 and globally by January 2026, promises expanded connectivity across Android, desktop, iOS, Linux,…
-
New LandFall spyware exploited Samsung zero-day via WhatsApp messages
A threat actor exploited a zero-day vulnerability in Samsung’s Android image processing library to deploy a previously unknown spyware called ‘LandFall’ using malicious images sent over WhatsApp. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-landfall-spyware-exploited-samsung-zero-day-via-whatsapp-messages/
-
Newly identified Android spyware appears to be from a commercial vendor
Researchers spotted a 9-month-long campaign involving previously undiscovered spyware they call LANDFALL, which leveraged a zero-day bug in Samsung Galaxy phones. First seen on therecord.media Jump to article: therecord.media/landfall-spyware-middle-east-appears-commercial-grade

