Tag: android
-
UXSS Vulnerability in DuckDuckGo Browser’s AutoConsent JS Bridge Allows Cross-Origin Attacks
A critical vulnerability was recently discovered in the DuckDuckGo browser for Android, exposing users to Universal Cross-Site Scripting (UXSS) attacks. This flaw, found in the browser’s AutoConsent JS bridge, allows malicious code from an untrusted source to run on a trusted webpage. Security researcher Dhiraj Mishra reported the vulnerability via HackerOne. It has since been…
-
Millions at Risk as Android Mental Health Apps Expose Sensitive Data
Oversecured flagged 1,575 flaws in 10 Android health apps with 14.7M installs, putting chats, CBT notes, and mood logs at risk, per BleepingComputer. The post Millions at Risk as Android Mental Health Apps Expose Sensitive Data appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-android-mental-health-apps-14-7-million-installs/
-
Android 17 second beta expands privacy controls for contacts, SMS and local networks
Google’s second beta of Android 17 continues updates to platform behavior and introduces new APIs focused on protecting sensitive data. Protecting contact and local network … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/27/android-17-beta-privacy-updates/
-
Android app uses Bluetooth signals to detect nearby smart glasses
Smart glasses with built-in cameras are showing up in more public spaces, and a growing number of people want a way to know when one is nearby. An Android app called Nearby … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/27/nearby-glasses-android-app-detect-smart-glasses/
-
Hide from Meta’s spyglasses with this new Android app
Tags: androidAcademic urges users not to harass those suspected of snooping with (sp)eyewear First seen on theregister.com Jump to article: www.theregister.com/2026/02/25/meta_smart_glasses_android_app/
-
Rogue devs of sideloaded Android apps beg for freedom from Google’s verification regime
37 groups urge the company to drop ID checks for apps distributed outside Play First seen on theregister.com Jump to article: www.theregister.com/2026/02/24/google_android_developer_verification_plan/
-
ResidentBat Android Malware Grants Belarusian KGB Ongoing Mobile Access
ResidentBat is a custom Android spyware implant used by the Belarusian KGB to turn seized smartphones into long”‘lived surveillance platforms against journalists and civil society targets. Operating outside the Play Store ecosystem and requiring hands”‘on installation, it combines deep data collection with remote control features, including the ability to wipe a device on demand. RSF’s…
-
ResidentBat Android Malware Grants Belarusian KGB Ongoing Mobile Access
ResidentBat is a custom Android spyware implant used by the Belarusian KGB to turn seized smartphones into long”‘lived surveillance platforms against journalists and civil society targets. Operating outside the Play Store ecosystem and requiring hands”‘on installation, it combines deep data collection with remote control features, including the ability to wipe a device on demand. RSF’s…
-
New $300 Android RAT Boasts Automated Permission Bypass and Hidden Remote Control
Every so often, a new piece of malware emerges that truly shifts the threat landscape. Oblivion, a newly discovered Android Remote Access Trojan (RAT), appears to be one such moment. Unlike recycled or buggy Remote Access Trojan (RATs) seen across underground markets, Oblivion is promoted as a ground”‘up build, tested for months before public release. The…
-
Steaelite RAT combines data theft and ransomware management capability in one tool
Tags: access, android, attack, authentication, awareness, business, corporate, credentials, crypto, cybercrime, data, ddos, defense, encryption, endpoint, extortion, infection, infosec, malware, mobile, monitoring, password, phishing, ransomware, rat, remote-code-execution, theft, threat, tool, training, windowsCSO that this isn’t the most sophisticated RAT he’s seen. “The novel aspect here,” he said, “is the convergence. Steaelite bundles remote access, credential harvesting, data exfiltration, and ransomware (currently in development) in a single package.” Traditionally, he explained, these capabilities have occupied different parts of the cybercrime toolchain, but Steaelite unifies the functions, giving…
-
Developer creates app to detect nearby smart glasses
Tags: androidA developer created an Android app that looks for nearby smart glasses. It’s not perfect, but it can help people in certian circumstances. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/developer-creates-app-to-detect-nearby-smart-glasses/
-
$300 a Month Android Malware ‘Oblivion’ Uses Fake Updates to Hijack Phones
Cybersecurity researchers at Certo reveal Oblivion, a new Android Trojan targeting major brands like Samsung and Xiaomi. It bypasses security to steal passwords and bank codes. First seen on hackread.com Jump to article: hackread.com/android-malware-oblivion-fake-updates-hijack-phones/
-
Android RAT SURXRAT Grants Hackers Full Device Control and Data Exfiltration
SURXRAT is an actively developed Android Remote Access Trojan (RAT) sold as a commercial malware-as-a-service (MaaS) on Telegram, giving attackers full device control and powerful data”‘stealing capabilities. It combines large”‘scale affiliate distribution, cloud”‘hosted command”‘and”‘control, and even experimental AI modules, making it a serious and evolving threat for Android users. The Indonesian operator runs a channel…
-
SURXRAT, a Trojan’s LLM-Driven Expansion in Android Malware
SURXRAT, an Android Remote Access Trojan (RAT), has come out as a commercially structured malware operation. Distributed under the branding “SURXRAT V5,” the malware is sold through a Telegram-based malware-as-a-service (MaaS) network that enables affiliates to generate customized builds while the core operator retains centralized infrastructure and oversight. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/surxrat-arsinkrat-llm-android-rat-analysis/
-
New ZeroDayRAT Malware Claims Full Monitoring of Android and iOS Devices
Meet ZeroDayRAT, a newly advertised malware targeting Android and iOS devices with surveillance, location tracking, and crypto theft tools sold via Telegram as a MaaS service. First seen on hackread.com Jump to article: hackread.com/zerodayrat-malware-monitoring-android-ios-devices/
-
ZeroDayRAT Targets Android and iOS Devices for Surveillance and Financial Data Theft
ZeroDayRAT targets Android and iOS devices, combining real-time surveillance with direct financial theft within a single browser panel. The Malware-as-a-Service (MaaS) ecosystem is entering a new phase, blending mobile surveillance and financial crime into one seamless platform. Active promotions for this RAT (Remote Access Trojan) began on Telegram channels on February 2, 2026, highlighting its dual purpose: real-time spying and direct financial…
-
Android mental health apps with 14.7M installs filled with security flaws
Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users’ sensitive medical information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/android-mental-health-apps-with-147m-installs-filled-with-security-flaws/
-
WhatsApp is adding another lock to your account
Meta has released WhatsApp Beta for Android 2.26.7.8 through the Google Play Beta Program. The update includes references to password-protected accounts, indicating plans to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/23/whatsapp-account-password-feature-beta/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 85
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ninja Browser & Lumma Infostealer Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware Hudson Rock Identifies Real-World Infostealer Infection Targeting OpenClaw Configurations Divide and conquer: how the new Keenadu backdoor exposed links…
-
Week in review: Firmware-level Android backdoor found on tablets, Dell zero-day exploited since 2024
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Security at AI speed: The new CISO reality The CISO role has changed … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/22/week-in-review-firmware-level-android-backdoor-found-on-tablets-dell-zero-day-exploited-since-2024/
-
Neue Android-Malware nutzt Gemini als Gehirn
Sicherheitsforscher des slowakischen IT-Unternehmens ESET haben eine neue Android-Schadsoftware entdeckt, die Google Gemini aktiv im laufenden Betrieb einsetzt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/neue-android-malware-nutzt-gemini-als-gehirn
-
Android Malware Taps Google Gemini at Runtime
Researchers Say PromptSpy Automates Persistence on Infected Devices. A newly discovered Android malware strain, PromptSpy, is using Google’s Gemini generative artificial intelligence model to automate part of its persistence mechanism, marking what researchers describe as the second known case of AI-driven mobile malware. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/android-malware-taps-google-gemini-at-runtime-a-30819
-
Google Blocked 1.75M Harmful Apps From Play Store in 2025
Google used AI-driven review systems to block 1.75 million policy-violating apps and ban 80,000 developer accounts in 2025, expanding Play Store and Android security enforcement. The post Google Blocked 1.75M Harmful Apps From Play Store in 2025 appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-ai-blocked-1-75-million-apps-2025/
-
Google Blocks 1.75 Million Malicious Apps from Entering Play Store
Google has revealed that it blocked more than 1.75 million malicious or policy”‘violating Android apps from reaching users through the Play Store in 2025, highlighting a major AI”‘driven push to secure the mobile ecosystem against malware, fraud, and privacy abuse. More than 80,000 “bad” developer accounts were also banned, cutting off repeat offenders who tried…
-
Android Malware Hijacks Google Gemini to Stay Hidden
A new Android malware implant using Google Gemini to perform persistence tasks was discovered on VirusTotal and analyzed by ESET First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/android-malware-hijacks-google/
-
PromptSpy läutet mit GenAI die Ära der Android-Bedrohungen ein
ESET-Forscher entdecken PromptSpy, die erste bekannte Android-Malware, die generative KI in ihrem Ausführungsablauf nutzt. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/promptspy-lautet-mit-genai-die-ara-der-android-bedrohungen-ein/
-
PromptSpy abuses Gemini AI to gain persistent access on Android
PromptSpy is the first Android malware to abuse Google’s Gemini AI, enabling persistence and advanced spying features. Security researchers at ESET have uncovered PromptSpy, the first known Android malware to exploit Google’s Gemini AI to maintain persistence. The malware can capture lockscreen data, block uninstallation attempts, collect device information, take screenshots, and record screen activity…
-
PromptSpy: First Android AI Malware Leverages Google’s Gemini for Decision-Making
PromptSpy is a newly discovered Android malware family that abuses Google’s Gemini generative AI model to make real”‘time decisions on how to manipulate the user interface and stay active on infected devices. PromptSpy’s AI”‘assisted functionality is focused on persistence rather than initial infection or data theft. Instead of relying on hardcoded tap coordinates or fragile…