Tag: android
-
New Android Trojan Variant Expands with Ransomware Tactics
A new version of the Hook Android banking Trojan features 107 remote commands, including ransomware overlays First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/android-trojan-expands-ransomware/
-
Google to Require Identity Verification for Android App Developers: Here’s the Rollout Timeline
Currently, developers who create “sideloaded” Android apps are exempt from Google’s verification requirements. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-android-sideloading-app-developer/
-
Beware! Fake Google Play Store Sites Used to Spread Android Malware
Cybersecurity researchers have identified a resurgence of SpyNote malware campaigns targeting Android users through sophisticated fake Google Play Store websites. The malicious actor behind these attacks has implemented new anti-analysis techniques and expanded their deceptive tactics since previous reports, demonstrating a persistent threat to mobile device security. Deceptive Campaign Hits Popular Apps The threat actor…
-
New Android Hook Malware Variant Locks Devices With Ransomware
Zimperium’s research reveals the Hook Android malware is now a hybrid threat, using ransomware and spyware to steal… First seen on hackread.com Jump to article: hackread.com/android-hook-malware-variant-locks-devices-ransomware/
-
Threat Actors Update Android Droppers to Remain Effective with Even Simple Malware
Threat actors are increasingly refining Android droppers to circumvent enhanced security measures, extending their utility beyond sophisticated banking trojans to simpler malware variants like SMS stealers and basic spyware. Historically, droppers served as innocuous entry points for payloads requiring elevated permissions, such as Accessibility Services, particularly after Android 13’s API restrictions limited direct installations. These…
-
Threat Actors Update Android Droppers to Remain Effective with Even Simple Malware
Threat actors are increasingly refining Android droppers to circumvent enhanced security measures, extending their utility beyond sophisticated banking trojans to simpler malware variants like SMS stealers and basic spyware. Historically, droppers served as innocuous entry points for payloads requiring elevated permissions, such as Accessibility Services, particularly after Android 13’s API restrictions limited direct installations. These…
-
Banking-Trojaner und mehr: Android-Malware millionenfach über Google Play verteilt
Forscher haben im Google Play Store 77 Android-Apps entdeckt, die eine gefährliche Malware nachladen. Letztere zielt auch auf deutsche Nutzer ab. First seen on golem.de Jump to article: www.golem.de/news/banking-trojaner-und-mehr-android-malware-millionenfach-ueber-google-play-verteilt-2508-199521.html
-
HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands
Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages.”A prominent characteristic of the latest variant is its capacity to deploy a full-screen ransomware overlay, which aims to coerce the victim into remitting a ransom payment,” Zimperium zLabs researcher Vishnu Pratapagiri First…
-
ID-Pflicht für Android-Entwickler
Wer Apps für Google-zertifizierte Android-Geräte entwickelt, muss bald einen Identifikationsnachweis liefern – auch für Apps abseits des Play Stores. First seen on golem.de Jump to article: www.golem.de/news/google-id-pflicht-fuer-android-entwickler-2508-199513.html
-
Google to Verify All Android Developers in 4 Countries to Block Malicious Apps
Google has announced plans to begin verifying the identity of all developers who distribute apps on Android, even for those who distribute their software outside the Play Store.”Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices,” the company said. “This creates crucial…
-
Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware
Experts found 77 malicious Android apps with 19M+ installs on Google Play, spreading malware, including the Anatsa (TeaBot) banking trojan. While investigating Anatsa (Tea Bot) banking trojan infections, Zscaler’s ThreatLabs discovered seventy-seven malicious Android apps with more than 19 million installs. Several Anatsa decoy apps have each been downloaded more than 50,000 times. The malicious apps…
-
Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware
Experts found 77 malicious Android apps with 19M+ installs on Google Play, spreading malware, including the Anatsa (TeaBot) banking trojan. While investigating Anatsa (Tea Bot) banking trojan infections, Zscaler’s ThreatLabs discovered seventy-seven malicious Android apps with more than 19 million installs. Several Anatsa decoy apps have each been downloaded more than 50,000 times. The malicious apps…
-
Malicious Android apps with 19M installs removed from Google Play
Seventy-seven malicious Android apps containing different types of malware were found on Google Play after being downloaded more than 19 million times. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-android-apps-with-19m-installs-removed-from-google-play/
-
Fake Google Play Store Websites Deliver Potent RAT to Steal Sensitive Data
Cybersecurity researchers have uncovered a persistent campaign deploying the AndroidOS SpyNote malware, a sophisticated Remote Access Trojan (RAT) designed for surveillance, data exfiltration, and remote device control. This operation mimics legitimate Google Play Store pages for popular Android apps, tricking users into downloading malicious APK files. The campaign, linked to the same threat actor previously…
-
0-Click Zendesk Flaw Lets Hackers Hijack Accounts and View All Tickets
A critical zero-click vulnerability in Zendesk’s Android SDK has been uncovered, enabling attackers to hijack support accounts and harvest every ticket without any user interaction. Discovered during a private bug bounty program, the flaw stems from weak token generation and storage mechanisms within Zendesk’s mobile application. Vulnerability Overview Zendesk’s Android client generates authentication tokens by…
-
New Android malware poses as antivirus from Russian intelligence agency
A new Android malware posing as an antivirus tool software created by Russia’s Federal Security Services agency (FSB) is being used to target executives of Russian businesses. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-android-malware-poses-as-antivirus-from-russian-intelligence-agency/
-
New Android malware poses as antivirus from Russian intelligence agency
A new Android malware posing as an antivirus tool software created by Russia’s Federal Security Services agency (FSB) is being used to target executives of Russian businesses. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-android-malware-poses-as-antivirus-from-russian-intelligence-agency/
-
New Android Spyware Masquerading as Antivirus Targets Business Executives
Doctor Web’s antivirus laboratory has identified a sophisticated Android backdoor malware, designated Android.Backdoor.916.origin, which has been evolving since its initial detection in January 2025. This multifunctional spyware primarily targets representatives of Russian businesses through targeted attacks rather than mass distribution. Attackers disseminate the malicious APK file via private messages in popular messengers, disguising it as…
-
Android.Backdoor.916.origin malware targets Russian business executives
New Android spyware Android.Backdoor.916.origin is disguised as an antivirus linked to Russia’s intelligence agency FSB, and targets business executives. Doctor Web researchers observed a multifunctional backdoor Android.Backdoor.916.origin targeting Android devices belonging to representatives of Russian businesses. The malware executes attacker commands, enabling surveillance, keylogging, and theft of chats, browser data, and even live camera/audio streams.…
-
Week in review: Covertly connected and insecure Android VPN apps, Apple fixes exploited zero-day
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Android VPN apps used by millions are covertly connected AND insecure Three … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/24/week-in-review-covertly-connected-and-insecure-android-vpn-apps-apple-fixes-exploited-zero-day/
-
FydeOS offers ChromeOS without the Google strings attached
Fork runs Android apps and keeps old PCs ticking over … all without signing into an account with the mothership First seen on theregister.com Jump to article: www.theregister.com/2025/08/21/fydeos_chromiumos_degoogled/
-
Anatsa Malware Escalates: Android Under Siege as Hackers Harvest Credentials and Track Keystrokes
The Zscaler ThreatLabz team has uncovered significant advancements in the Anatsa malware, also known as TeaBot, an Android banking trojan that has been active since 2020. Originally designed for credential theft, keylogging, and facilitating fraudulent transactions, Anatsa has evolved into a more sophisticated threat, now targeting over 831 financial institutions worldwide. This expansion includes new…
-
Fake Antivirus App Spreads Android Malware to Spy on Russian Users
Doctor Web warns of Android.Backdoor.916.origin, a fake antivirus app that spies on Russian users by stealing data, streaming… First seen on hackread.com Jump to article: hackread.com/fake-antivirus-app-android-malware-spy-russian-users/
-
Android VPN apps used by millions are covertly connected AND insecure
Three families of Android VPN apps, with a combined 700 million-plus Google Play downloads, are secretly linked, according to a group of researchers from Arizona State … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/19/android-vpn-apps-used-by-millions-are-covertly-connected-and-insecure/
-
New Android Attack Targets Indian Users with Free Electricity Subsidy to Install Malware
A newly identified Android phishing campaign is aggressively targeting Indian users by masquerading as the legitimate PM Surya Ghar: Muft Bijli Yojana, a government initiative approved in February 2024 that offers subsidies for solar rooftop installations, covering up to 60% of costs for systems under 2kW and 40% for those up to 3kW. Attackers leverage…
-
ERMAC Android malware source code leak exposes banking trojan infrastructure
The source code for version 3 of the ERMAC Android banking trojan has been leaked online, exposing the internals of the malware-as-a-service platform and the operator’s infrastructure. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ermac-android-malware-source-code-leak-exposes-banking-trojan-infrastructure/
-
Android’s pKVM hypervisor earns SESIP Level 5 security certification
Google announced that its protected Kernel-based Virtual Machine (pKVM) for Android has achieved SESIP Level 5 certification, the highest security assurance level for IoT and mobile platforms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/androids-pkvm-hypervisor-earns-sesip-level-5-security-certification/
-
Gemini per Kalendereinladung gehackt
Kriminelle könnten Gemini mit Prompt-Injection in Kalendereinladungen angreifen.Google hat den KI-gestützten Assistenten Gemini in Android, Google-Webdienste und Googles Workspace-Apps integriert. Neben seiner Funktion als Chatbot hat die Künstliche Intelligenz (KI) damit auch Zugriff auf Gmail, Kalender und Google Home.Diese weite Verzweigung könnten sich Kriminelle zu Nutze machen, wie Forscher von SafeBreach im Rahmen von Experimenten…
-
Android-Adware: Was ist das und wie gefährlich ist sie?
Ihr Smartphone oder Tablet zeigt gefühlt nur noch Werbung an und das Gerät wird immer langsamer? Dann haben Sie sich wahrscheinlich eine Adware eingefangen. ESET zeigt, wie Sie nun vorgehen sollten. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/tipps-ratgeber/android-adware-was-ist-das-und-wie-gefahrlich-ist-sie/
-
CalyxOSStopp: Privacy-Android stoppt Patches Nutzer im Sicherheits-Vakuum
CalyxOS-Update-Stopp: Privacy-Android legt Sicherheitsupdates für bis zu sechs Monate auf Eis nach Abgang zweier Schlüsselfiguren. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/calyxos-update-stopp-privacy-android-stoppt-patches-nutzer-im-sicherheits-vakuum-319316.html

