Tag: android
-
Google to verify all Android devs to protect users from malware
Google is introducing a new defense for Android called ‘Developer Verification’ to block malware installations from sideloaded apps sourced from outside the official Google Play app store. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-to-verify-all-android-devs-to-protect-users-from-malware/
-
New Malware Exploits TASPEN Legacy Systems to Target Indonesian Elderly
Threat actors are leveraging the trusted brand of Indonesia’s state pension fund, PT Dana Tabungan dan Asuransi Pegawai Negeri (Persero), or TASPEN, to deploy a malicious Android application disguised as an official portal. This banking trojan and spyware targets pensioners and civil servants, exploiting legacy systems and digital transformation vulnerabilities to steal sensitive data including…
-
Google to verify all Android devs to block malware on Google Play
Google is introducing a new defense for Android called ‘Developer Verification’ to block malware installations from sideloaded apps sourced from outside the official Google Play app store. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-to-verify-all-android-devs-to-block-malware-on-google-play/
-
Hook Android Trojan Now Delivers Ransomware-Style Attacks
New features to take over smartphones and monitor user activity demonstrate the continued evolution of the malware, which is now being spread on GitHub. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/hook-android-trojan-ransomware-attacks
-
77 Malicious Android Apps With 19M Downloads Targeted 831 Banks Worldwide
Zscaler reports 77 Android apps on Google Play with 19 million installs spread malware, hitting 831 banks and… First seen on hackread.com Jump to article: hackread.com/77-malicious-android-apps-19-million-install-banks/
-
New Hook Android Banking Malware Emerges with Advanced Features and 107 Remote Commands
Zimperium’s zLabs research team has identified a sophisticated new variant of the Hook Android banking trojan, marking a significant escalation in mobile threat sophistication. This iteration incorporates ransomware-style overlays that display extortion messages, demanding payments via dynamically fetched wallet addresses from the command-and-control (C2) server. Activated by the >>ransome
-
Google Introduces Enhanced Developer Verification for Play Store App Distribution
Google has announced that all Android apps installed on approved devices will soon need to be able to be traced back to a verified developer identity in an effort to combat the growing wave of financial fraud operations and mobile viruses. The policy, scheduled to roll out in select high-risk regions in 2025 before global…
-
New Android Trojan Variant Expands with Ransomware Tactics
A new version of the Hook Android banking Trojan features 107 remote commands, including ransomware overlays First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/android-trojan-expands-ransomware/
-
Google to Require Identity Verification for Android App Developers: Here’s the Rollout Timeline
Currently, developers who create “sideloaded” Android apps are exempt from Google’s verification requirements. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-android-sideloading-app-developer/
-
Beware! Fake Google Play Store Sites Used to Spread Android Malware
Cybersecurity researchers have identified a resurgence of SpyNote malware campaigns targeting Android users through sophisticated fake Google Play Store websites. The malicious actor behind these attacks has implemented new anti-analysis techniques and expanded their deceptive tactics since previous reports, demonstrating a persistent threat to mobile device security. Deceptive Campaign Hits Popular Apps The threat actor…
-
New Android Hook Malware Variant Locks Devices With Ransomware
Zimperium’s research reveals the Hook Android malware is now a hybrid threat, using ransomware and spyware to steal… First seen on hackread.com Jump to article: hackread.com/android-hook-malware-variant-locks-devices-ransomware/
-
Threat Actors Update Android Droppers to Remain Effective with Even Simple Malware
Threat actors are increasingly refining Android droppers to circumvent enhanced security measures, extending their utility beyond sophisticated banking trojans to simpler malware variants like SMS stealers and basic spyware. Historically, droppers served as innocuous entry points for payloads requiring elevated permissions, such as Accessibility Services, particularly after Android 13’s API restrictions limited direct installations. These…
-
Threat Actors Update Android Droppers to Remain Effective with Even Simple Malware
Threat actors are increasingly refining Android droppers to circumvent enhanced security measures, extending their utility beyond sophisticated banking trojans to simpler malware variants like SMS stealers and basic spyware. Historically, droppers served as innocuous entry points for payloads requiring elevated permissions, such as Accessibility Services, particularly after Android 13’s API restrictions limited direct installations. These…
-
Banking-Trojaner und mehr: Android-Malware millionenfach über Google Play verteilt
Forscher haben im Google Play Store 77 Android-Apps entdeckt, die eine gefährliche Malware nachladen. Letztere zielt auch auf deutsche Nutzer ab. First seen on golem.de Jump to article: www.golem.de/news/banking-trojaner-und-mehr-android-malware-millionenfach-ueber-google-play-verteilt-2508-199521.html
-
HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands
Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages.”A prominent characteristic of the latest variant is its capacity to deploy a full-screen ransomware overlay, which aims to coerce the victim into remitting a ransom payment,” Zimperium zLabs researcher Vishnu Pratapagiri First…
-
ID-Pflicht für Android-Entwickler
Wer Apps für Google-zertifizierte Android-Geräte entwickelt, muss bald einen Identifikationsnachweis liefern – auch für Apps abseits des Play Stores. First seen on golem.de Jump to article: www.golem.de/news/google-id-pflicht-fuer-android-entwickler-2508-199513.html
-
Google to Verify All Android Developers in 4 Countries to Block Malicious Apps
Google has announced plans to begin verifying the identity of all developers who distribute apps on Android, even for those who distribute their software outside the Play Store.”Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices,” the company said. “This creates crucial…
-
Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware
Experts found 77 malicious Android apps with 19M+ installs on Google Play, spreading malware, including the Anatsa (TeaBot) banking trojan. While investigating Anatsa (Tea Bot) banking trojan infections, Zscaler’s ThreatLabs discovered seventy-seven malicious Android apps with more than 19 million installs. Several Anatsa decoy apps have each been downloaded more than 50,000 times. The malicious apps…
-
Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware
Experts found 77 malicious Android apps with 19M+ installs on Google Play, spreading malware, including the Anatsa (TeaBot) banking trojan. While investigating Anatsa (Tea Bot) banking trojan infections, Zscaler’s ThreatLabs discovered seventy-seven malicious Android apps with more than 19 million installs. Several Anatsa decoy apps have each been downloaded more than 50,000 times. The malicious apps…
-
Malicious Android apps with 19M installs removed from Google Play
Seventy-seven malicious Android apps containing different types of malware were found on Google Play after being downloaded more than 19 million times. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-android-apps-with-19m-installs-removed-from-google-play/
-
Fake Google Play Store Websites Deliver Potent RAT to Steal Sensitive Data
Cybersecurity researchers have uncovered a persistent campaign deploying the AndroidOS SpyNote malware, a sophisticated Remote Access Trojan (RAT) designed for surveillance, data exfiltration, and remote device control. This operation mimics legitimate Google Play Store pages for popular Android apps, tricking users into downloading malicious APK files. The campaign, linked to the same threat actor previously…
-
0-Click Zendesk Flaw Lets Hackers Hijack Accounts and View All Tickets
A critical zero-click vulnerability in Zendesk’s Android SDK has been uncovered, enabling attackers to hijack support accounts and harvest every ticket without any user interaction. Discovered during a private bug bounty program, the flaw stems from weak token generation and storage mechanisms within Zendesk’s mobile application. Vulnerability Overview Zendesk’s Android client generates authentication tokens by…
-
New Android malware poses as antivirus from Russian intelligence agency
A new Android malware posing as an antivirus tool software created by Russia’s Federal Security Services agency (FSB) is being used to target executives of Russian businesses. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-android-malware-poses-as-antivirus-from-russian-intelligence-agency/
-
New Android malware poses as antivirus from Russian intelligence agency
A new Android malware posing as an antivirus tool software created by Russia’s Federal Security Services agency (FSB) is being used to target executives of Russian businesses. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-android-malware-poses-as-antivirus-from-russian-intelligence-agency/
-
New Android Spyware Masquerading as Antivirus Targets Business Executives
Doctor Web’s antivirus laboratory has identified a sophisticated Android backdoor malware, designated Android.Backdoor.916.origin, which has been evolving since its initial detection in January 2025. This multifunctional spyware primarily targets representatives of Russian businesses through targeted attacks rather than mass distribution. Attackers disseminate the malicious APK file via private messages in popular messengers, disguising it as…
-
Android.Backdoor.916.origin malware targets Russian business executives
New Android spyware Android.Backdoor.916.origin is disguised as an antivirus linked to Russia’s intelligence agency FSB, and targets business executives. Doctor Web researchers observed a multifunctional backdoor Android.Backdoor.916.origin targeting Android devices belonging to representatives of Russian businesses. The malware executes attacker commands, enabling surveillance, keylogging, and theft of chats, browser data, and even live camera/audio streams.…
-
Week in review: Covertly connected and insecure Android VPN apps, Apple fixes exploited zero-day
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Android VPN apps used by millions are covertly connected AND insecure Three … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/24/week-in-review-covertly-connected-and-insecure-android-vpn-apps-apple-fixes-exploited-zero-day/
-
FydeOS offers ChromeOS without the Google strings attached
Fork runs Android apps and keeps old PCs ticking over … all without signing into an account with the mothership First seen on theregister.com Jump to article: www.theregister.com/2025/08/21/fydeos_chromiumos_degoogled/
-
Anatsa Malware Escalates: Android Under Siege as Hackers Harvest Credentials and Track Keystrokes
The Zscaler ThreatLabz team has uncovered significant advancements in the Anatsa malware, also known as TeaBot, an Android banking trojan that has been active since 2020. Originally designed for credential theft, keylogging, and facilitating fraudulent transactions, Anatsa has evolved into a more sophisticated threat, now targeting over 831 financial institutions worldwide. This expansion includes new…
-
Fake Antivirus App Spreads Android Malware to Spy on Russian Users
Doctor Web warns of Android.Backdoor.916.origin, a fake antivirus app that spies on Russian users by stealing data, streaming… First seen on hackread.com Jump to article: hackread.com/fake-antivirus-app-android-malware-spy-russian-users/