Tag: android
-
MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict
Iran-linked APT MuddyWater is deploying new DCHSpy spyware variants to target Android users amid the ongoing conflict with Israel. Lookout researchers observed Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, and Static Kitten) is deploying a new version of the DCHSpy Android spyware in the context of the Israel-Iran conflict. The firstMuddyWatercampaign wasobservedin late 2017, when the APT group targeted entities in…
-
Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents
Cybersecurity researchers have unearthed new Android spyware artifacts that are likely affiliated with the Iranian Ministry of Intelligence and Security (MOIS) and have been distributed to targets by masquerading as VPN apps and Starlink, a satellite internet connection service offered by SpaceX.Mobile security vendor Lookout said it discovered four samples of a surveillanceware tool it…
-
Iranian Hackers Deploy New Android Spyware Version
New samples of DCHSpy, a spyware implant linked to Iranian APT group MuddyWater, were detected by Lookout one week after the start of the Israel-Iran conflict First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-hackers-new-android-spyware/
-
Four new Android spyware samples linked to Iran’s intel agency
Persians added snooping capabilities to DCHSpy after Israeli bombs fell First seen on theregister.com Jump to article: www.theregister.com/2025/07/21/muddywaters_android_iran/
-
Google Sues BadBox 2.0 Botnet Operators Behind 10 Million+ Infected Devices
Google has initiated legal proceedings against the operators of BadBox 2.0, identified as the largest botnet comprising internet-connected televisions and other devices. This botnet, uncovered through a collaborative effort with cybersecurity firms HUMAN Security and Trend Micro, has infected over 10 million uncertified devices running the Android Open Source Project (AOSP). Unlike certified Android systems…
-
Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices
Google on Thursday revealed it’s pursuing legal action in New York federal court against 25 unnamed individuals or entities in China for allegedly operating BADBOX 2.0 botnet and residential proxy infrastructure.”The BADBOX 2.0 botnet compromised over 10 million uncertified devices running Android’s open-source software (Android Open Source Project), which lacks Google’s security protections,” First seen…
-
Google sues to disrupt BadBox 2.0 botnet infecting 10 million devices
Google has filed a lawsuit against the anonymous operators of the Android BadBox 2.0 malware botnet, accusing them of running a global ad fraud scheme against the company’s advertising platforms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-sues-to-disrupt-badbox-20-botnet-infecting-10-million-devices/
-
BADBOX 2.0 Found Preinstalled on Android IoT Devices Worldwide
BADBOX variant BADBOX 2.0 found preinstalled on Android IoT devices in 222 countries, turning them into proxy nodes used in fraud and large-scale malicious activity. First seen on hackread.com Jump to article: hackread.com/badbox-2-0-preinstalled-android-iot-devices-worldwide/
-
Konfety Android Malware Exploits ZIP Tricks to Masquerade as Legit Apps on Google Play
Security researchers from zLabs have discovered a more advanced version of the Konfety Android malware, which uses complex ZIP-level changes to avoid detection and mimic genuine apps on the Google Play Store, marking a dramatic increase in mobile dangers. This malware employs an >>evil-twin
-
New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code
Cybersecurity researchers have discovered a new, sophisticated variant of a known Android malware referred to as Konfety that leverages the evil twin technique to enable ad fraud.The sneaky approach essentially involves a scenario wherein two variants of an application share the same package name: A benign “decoy” app that’s hosted on the Google Play Store…
-
Altered Telegram App Steals Chinese Users’ Android Data
Using more than 600 domains, attackers entice Chinese-speaking victims to download a vulnerable Telegram app that is nearly undetectable on older versions of Android. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/telegram-app-chinese-users-android-data
-
Zimperium-Warnung vor Konfety-Malware: Angriffe auf Android-Mobilgeräte mittels neuer Variante
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/zimperium-konfety-malware-android-geraete
-
Fake Telegram Apps Spread via 607 Domains in New Android Malware Attack
Fake Telegram apps are being spread through 607 malicious domains to deliver Android malware, using blog-style pages and phishing tactics to trick users. First seen on hackread.com Jump to article: hackread.com/fake-telegram-apps-domains-android-malware-attack/
-
Android Malware Konfety evolves with ZIP manipulation and dynamic loading
A new Konfety Android malware variant uses a malformed ZIP and obfuscation to evade detection, posing as fake apps with no real functionality. Zimporium zLabs researchers are tracking a new, sophisticated Konfety Android malware variant that uses an >>evil-twin
-
Android malware Konfety uses malformed APKs to evade detection
A new variant of the Konfety Android malware emerged with a malformed ZIP structure along with other obfuscation methods that allow it to evade analysis and detection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/android-malware-konfety-uses-malformed-apks-to-evade-detection/
-
Spyware on Androids Soars
In general, malware aimed at Androids rose 151% in February and March but a whopping increase came with the 692% jump in SMS-based malware that occurred in April and May. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/spyware-on-androids-soars/
-
Ducex Packer for Android Evades Detection with Heavy Obfuscation Techniques
The team at ANY.RUN recently reviewed a powerful Android packer called Ducex, which is linked to the infamous Triada malware, and criticized it for its sophisticated obfuscation methods. First identified within a fake Telegram app, Ducex serves as a protective shell for Triada, one of the most sophisticated Android trojans since its debut in 2016.…
-
Brave Browser For Android via F”‘Droid: Now Fully Available
Brave has taken a significant step toward empowering privacy-conscious Android users by making its browser fully available through its own F-Droid repository, providing an alternative distribution method that bypasses Google Play Store entirely. According to the recent report, this strategic move addresses growing concerns about Big Tech’s control over app distribution and offers users greater…
-
Plötzlich Vollzugriff: Angriffstechnik trickst Android-Nutzer mit Animationen aus
Tags: androidDurch eine Angriffstechnik namens Taptrap erlangen Angreifer völlig unbemerkt weitreichende Zugriffsrechte. Selbst Android 16 bietet davor keinen Schutz. First seen on golem.de Jump to article: www.golem.de/news/ploetzlich-vollzugriff-angriffstechnik-trickst-android-nutzer-mit-animationen-aus-2507-197954.html
-
Neue Malware-Welle trifft Android-Geräte
Android-Nutzer geraten erneut ins Fadenkreuz von Cyberkriminellen. Trotz Rückgängen bei bestimmten Malware-Typen bleibt die Bedrohungslage ernst auch offizielle App-Stores sind betroffen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/malware-welle-android
-
Google reveals details on Android’s Advanced Protection for Chrome
Google is sharing more information on how Chrome operates when Android mobile users enable Advanced Protection, highlighting strong security improvements. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-reveals-details-on-androids-advanced-protection-for-chrome/
-
TapTrap Android Exploit Allows Malicious Apps to Bypass Permissions
A new Android vulnerability called TapTrap that allows malicious apps to bypass the operating system’s permission system without requiring any special permissions themselves. The attack exploits activity transition animations”, a core feature of Android’s user interface”, to trick users into unknowingly granting sensitive permissions or performing destructive actions. Unlike traditional tapjacking attacks that rely on…
-
Google Launches Advanced Protection for Vulnerable Users via Chrome on Android
Google has announced the expansion of its Advanced Protection Program to Chrome on Android, providing enhanced security features specifically designed for high-risk users including journalists, elected officials, and public figures. The new device-level security setting, available on Android 16 with Chrome 137+, offers comprehensive protection against sophisticated cyber threats through three key security enhancements. The…
-
SparkKitty Malware Steals Photos from iOS and Android Devices
A sophisticated Trojan malware campaign has been targeting mobile device users across iOS and Android platforms since February 2024, with cybersecurity researchers identifying a significant escalation in photo theft capabilities that poses particular risks to cryptocurrency users and individuals storing sensitive information in their device galleries. SparkKitty represents a concerning evolution in mobile malware distribution,…
-
New Android TapTrap attack fools users with invisible UI trick
A novel tapjacking technique can exploit user interface animations to bypass Android’s permission system and allow access to sensitive data or trick users into performing destructive actions, such as wiping the device. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-android-taptrap-attack-fools-users-with-invisible-ui-trick/
-
Anatsa mobile malware returns to victimize North American bank customers
Android banking malware known as Anatsa was back for a brief but noticeable run in late June, researchers said. First seen on therecord.media Jump to article: therecord.media/anatsa-android-banking-malware-returns-north-america
-
Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play
Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google’s official app marketplace.The malware, disguised as a “PDF Update” to a document viewer app, has been caught serving a deceptive overlay when users attempt to access their…
-
Android malware Anatsa infiltrates Google Play to target US banks
The Anatsa banking trojan has sneaked into Google Play once more via an app posing as a PDF viewer that counted more than 50,000 downloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/android-malware-anatsa-infiltrates-google-play-to-target-us-banks/
-
Unless users take action, Android will let Gemini access third-party apps
Important changes to Android devices took effect starting Monday. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/07/unless-users-take-action-android-will-let-gemini-access-third-party-apps/