#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Android Malware | Breaking Cybersecurity News | The Hacker News

Xiaomi Can Silently Install Any App On Your Android Phone Using A Backdoor

Xiaomi Can Silently Install Any App On Your Android Phone Using A Backdoor

Sep 15, 2016
Note — Don't miss an important update at the bottom of this article, which includes an official statement from Xiaomi . Do you own an Android Smartphone from Xiaomi, HTC, Samsung, or OnePlus? If yes, then you must be aware that almost all smartphone manufacturers provide custom ROMs like CyanogenMod, Paranoid Android, MIUI and others with some pre-loaded themes and applications to increase the device's performance. But do you have any idea about the pre-installed apps and services your manufacturer has installed on your device?, What are their purposes? And, Do they pose any threat to your security or privacy? With the same curiosity to find answers to these questions, a Computer Science student and security enthusiast from Netherlands who own a Xiaomi Mi4 smartphone started an investigation to know the purpose of a mysterious pre-installed app, dubbed AnalyticsCore.apk , that runs 24x7 in the background and reappeared even if you delete it. Xiaomi is one of the
Warning! Over 900 Million Android Phones Vulnerable to New 'QuadRooter' Attack

Warning! Over 900 Million Android Phones Vulnerable to New 'QuadRooter' Attack

Aug 08, 2016
Android has Fallen! Yet another set of Android security vulnerabilities has been discovered in Qualcomm chipsets that affect more than 900 Million Android smartphones and tablets worldwide. What's even worse: Most of those affected Android devices will probably never be patched. Dubbed " Quadrooter ," the set of four vulnerabilities discovered in devices running Android Marshmallow and earlier that ship with Qualcomm chip could allow an attacker to gain root-level access to any Qualcomm device. The chip, according to the latest statistics, is found in more than 900 Million Android tablets and smartphones. That's a very big number. The vulnerabilities have been disclosed by a team of Check Point researchers at the DEF CON 24 security conference in Las Vegas. Critical Quadrooter Vulnerabilities: The four security vulnerabilities are: CVE-2016-2503 discovered in Qualcomm's GPU driver and fixed in Google's Android Security Bulletin for July
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Chinese Ad Firm Infected 85 Million Android Users to Get More Clicks

Chinese Ad Firm Infected 85 Million Android Users to Get More Clicks

Jul 05, 2016
An Android-based malware campaign has been found to control as many as 85 million Android devices globally and is making its gang an estimated $300,000 per month in fraudulent ad revenue. A Chinese advertising company called Yingmob is responsible for distributing the malware on a massive scale and would appear to be the same firm behind Yispecter iOS malware , cybersecurity company Check Point revealed. Yingmob, based in Chongqing, China, markets itself as an advertising firm, claiming to provide easy-to-deploy ads support (text, pictures and video ads), without affecting the user experience. The service offers pop-up, sidebar, and in-app ads. However, Check Point researchers claim that the company's "Development Team for Overseas Platform" is responsible for two of the biggest waves of malware: HummingBad for Android and Yispecter for iOS. "Yingmob runs alongside a legitimate Chinese advertising analytics company, sharing its resources and technolog
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
This Android Hacking Group is making $500,000 per day

This Android Hacking Group is making $500,000 per day

Jul 02, 2016
Own an Android smartphone? Hackers can secretly install malicious apps, games, and pop-up adverts on your smartphone remotely in order to make large sums of money. Security researchers at Cheetah Mobile have uncovered one of the world's largest and most prolific Trojan families, infecting millions of Android devices around the world. Dubbed Hummer , the notorious mobile trojan stealthily installs malicious apps, games, or even porn apps onto victim's phones and yields its creators more than $500,000 (£375,252) on a daily basis. First discovered in 2014 by Cheetah Mobile, Hummer gained traction in early 2016 when the Trojan family was infecting "nearly 1.4 Million devices daily at its peak" with 63,000 infections occurring daily in China, according to researchers at Cheetah Mobile Security Research Lab. "This Trojan continually pops up ads on victims' phones, which is extremely annoying," researchers wrote in a blog post. "It also pushe
Dozens of Malicious Apps on Play Store can Root & Hack 90% of Android Devices

Dozens of Malicious Apps on Play Store can Root & Hack 90% of Android Devices

Jun 25, 2016
It's not at all surprising that the Google Play Store is surrounded by a large number of malicious apps that has the ability to gain users' attention into falling victim for one, but this time, it is even worse than most people realize. Researchers at Trend Micro have detected a family of malicious apps, dubbed ' Godless ,' that has the capability of secretly rooting almost 90 percent of all Android phones. Well, that's slightly terrifying. The malicious apps are distributed via different methods and variety of app stores, including Google Play Store, which is usually considered as a safe option for downloading apps. Also Read:   Crazy hacker implants NFC Chip in his hand to hack Android phones . The malicious apps packed with Godless contain a collection of open-source or leaked Android rooting exploits that works on any device running Android 5.1 Lollipop or earlier. 90% Android Devices are Vulnerable to Godless Rooting Malware Since Android eco
GM Bot (Android Malware) Source Code Leaked Online

GM Bot (Android Malware) Source Code Leaked Online

Feb 22, 2016
The source code of a recently discovered Android banking Trojan that has the capability to gain administrator access on your smartphone and completely erase your phone's storage has been LEAKED online. The banking Trojan family is known by several names; Security researchers from FireEye dubbed it SlemBunk, Symantec dubbed it Bankosy, and last week when Heimdal Security uncovered it, they dubbed it MazarBot . All the above wave of Android banking Trojans originated from a common threat family, dubbed GM Bot, which IBM has been tracking since 2014. GM Bot emerged on the Russian cybercrime underground forums, sold for $500 / €450, but it appears someone who bought the code leaked it on a forum in December 2015, the IBM X-Force team reported. What is GM Bot and Why Should You Worry about it? The recent version of GM Bot ( dubbed MazarBOT ) has the capability to display phishing pages on the top of mobile banking applications in an effort to trick Android users
This Android Malware Can Root Your Device And Erase Everything

This Android Malware Can Root Your Device And Erase Everything

Feb 15, 2016
A new Android malware has been making waves recently that have the capability to gain root access on your smartphone and completely erase your phone's storag e. Dubbed Mazar BOT , the serious malware program is loaded with so many hidden capabilities that security researchers are calling it a dangerous malware that can turn your smartphone into a zombie inside hacker's botnet. Mazar BOT was discovered by Heimdal Security while the researchers at the firm were analyzing an SMS message sent to random mobile numbers and locations. How Mazar BOT Works Despite other Android malware that distributes itself by tricking users into installing an app from third-party app stores, Mazar spreads via a spam SMS or MMS messages that carry a link to a malicious APK (Android app file). Once the user clicks the given link, he/she'll be ending up downloading the APK file on their Android devices, which when run, prompts the user to install a new application. This
This Malware Can Secretly Auto-Install any Android App to Your Phone

This Malware Can Secretly Auto-Install any Android App to Your Phone

Nov 20, 2015
Own an Android Smartphone? Hackers can install any malicious third-party app on your smartphone remotely even if you have clearly tapped a reject button of the app. Security researchers have uncovered a trojanized adware family that has the capability to automatically install any app on an Android device by abusing the operating system's accessibility features. Michael Bentley , head of response at mobile security firm Lookout, warned in a blog post published Thursday that the team has found three adware families: Shedun (GhostPush) Kemoge (ShiftyBug) Shuanet Also Read:  Android Malware Can Spy On You Even When Your Mobile Is Off All the three adware families root-infect Android devices in order to prevent their removal and give attackers unrestricted access to the devices. But, it seems that the Shedun adware family has capabilities that go beyond the reach of other adware families. The Malware Doesn't Exploit Any Vulnerability It is
Backdoor in Baidu Android SDK Puts 100 Million Devices at Risk

Backdoor in Baidu Android SDK Puts 100 Million Devices at Risk

Nov 03, 2015
The China's Google-like Search Engine Baidu is offering a software development kit (SDK) that contains functionality that can be abused to give backdoor-like access to a user's device, potentially exposing around 100 Million Android users to malicious hackers . The SDK in question is Moplus , which may not be directly available to the public but has already made its way into more than 14,000 Android apps, of which around 4,000 are actually created by Baidu. Overall, more than 100 Million Android users, who have downloaded these apps on their smartphones, are in danger. Security researchers from Trend Micro have discovered a vulnerability in the Moplus SDK, called Wormhole , that allows attackers to launch an unsecured and unauthenticated HTTP server connection on affected devices, which works silently in the background, without the user's knowledge. Also Read:   More than 26 Android Phone Models Shipped with Pre-Installed Spyware This unsecured serv
How Some Chinese Hackers Started Making Big Money

How Some Chinese Hackers Started Making Big Money

Oct 13, 2015
We know that Hackers hack for a variety of reasons: ...some hack to test their skills, …some hack to gain recognition, ...some hack to make money, ...some hack to support their Nation-State strategy, ...and, some hack alone, and some hack in Groups. And Chinese Hackers are the ones who are infamous for their dedication towards Hacking. Chinese hacking groups are better known for attacking and stealing information, organized cyber crimes, theft of intellectual property and state-sponsored cyber espionage attacks. But it seems that several Chinese hacker groups have now shifted their motive of hacking towards ' making money '. How much Money Hackers Actually Make? It is a known fact that hacking makes money, but how much? Answer: At least $4,500,000/year   from one malware campaign. How? We often observe mobile and desktop applications bundled with Ad-displaying programs, called Adware, to generate revenue. Just last week we reported abou
Kemoge: Latest Android Malware that Can Root Your Smartphone

Kemoge: Latest Android Malware that Can Root Your Smartphone

Oct 08, 2015
Google Android has been a primary concern of the attackers. Counting from a simple text message that could hack an Android phone remotely to the Stagefright bug making Billion users vulnerable. Now, the latest is the ' Kemoge Malware ' that has made its debut as an Adware on the Android mobile phones, allowing third-party app stores to fetch your device's information and take full control of it. Security researchers from FireEye Labs have discovered that Kemoge malicious adware family is spreading in 20 countries around the globe. Also, the origin of the Adware's attack is suspected from China. What is Kemoge? The name given to the malicious Adware family is because of its command and control (C2) domain: aps.kemoge.net. Kemoge is an Adware in the disguise of popular Apps; it has circulated in such numbers because it takes the name of popular apps and repackages them with the malicious code and make them available to the user. They even use
26 Android Phone Models Shipped with Pre-Installed Spyware

26 Android Phone Models Shipped with Pre-Installed Spyware

Sep 03, 2015
Bought a brand new Android Smartphone? Don't expect it to be a clean slate. A new report claims that some rogue retailers are selling brand-new Android smartphones loaded with pre-installed software. Security firm G Data has uncovered more than two dozens of Android smartphones from popular smartphone manufacturers — including Xiaomi , Huawei and Lenovo — that have pre-installed spyware in the firmware. G Data is a German security firm that disclosed last year the Star N9500 Smartphone's capability to spy on users, thereby comprising their personal data and conversations without any restrictions and users knowledge. Removal of Spyware Not Possible The pre-installed spyware, disguised in popular Android apps such as Facebook and Google Drive , can not be removed without unlocking the phone since it resides inside the phone's firmware. "Over the past year, we have seen a significant [growth] in devices that are equipped with firmware-level [m
Malicious Gaming App Infects More than 1 Million Android Users

Malicious Gaming App Infects More than 1 Million Android Users

Jul 12, 2015
It's not at all surprising that the Google Play Store is surrounded by a number of malicious applications that may gain users' attention to fall victim for one, but this time it might be even worse than you thought. Threat researchers from security firm ESET have discovered a malicious Facebook-Credentials-Stealing Trojan masquerading as an Android game that has been downloaded by more than a Million Android users. Malicious Android Apps downloaded 50,000-1,000,000 times The Android game, dubbed " Cowboy Adventure ," and another malicious game, dubbed " Jump Chess " – downloaded up to 50,000 times, have since been removed from Google Play Store. However, before taking them off from the app store, the creepy game apps may have compromised an unknown number of victims' Facebook credentials . Both the games were created by the same software developer, Tinker Studio and both were used to gather social media credentials from unsuspec
Google Now Manually Reviews Play Store Android App Submissions

Google Now Manually Reviews Play Store Android App Submissions

Mar 18, 2015
Google has changed the way it managed apps on the Google Play Store . After years of depending on the automated app check process, the company just made some changes to its Play Store policies  that will successfully weed out malicious and undesirable apps from Google Play store. Google has introduced an update for developers and users that's sure to make some parents happy and some developers sad. The new features are — Better App Review Process Age-Based Rating System BETTER APP REVIEW PROCESS The search engine giant announced on Tuesday that it has started employing humans to review apps before they go live on the Google Play Store , a move intended to " better protect the community " and " improve the app catalog ." The new approach would definitely affect app developers, as they'll have to wait for their apps to be approved by Google after they submit them to the Play Store. But, it would keep users safe from harmful malware or offensive content.
Android Malware Can Spy On You Even When Your Mobile Is Off

Android Malware Can Spy On You Even When Your Mobile Is Off

Feb 20, 2015
Security researchers have unearthed a new Android Trojan that tricks victims into believing they have switched their device off while it continues " spying " on the users' activities in the background. So, next time be very sure while you turn off your Android smartphones. The new Android malware threat, dubbed PowerOffHijack , has been spotted and analyzed by the researchers at the security firm AVG. PowerOffHijack because the nasty malware has a very unique feature - it hijacks the shutdown process of user's mobile phone. MALWARE WORKS AFTER SWITCHING OFF MOBILES When users presses the power button on their device, a fake dialog box is shown. The malware mimics the shutdown animation and the device appears to be off, but actually remains on, giving the malicious program freedom to move around on the device and steal data. "After pressing the power button, you will see the real shutdown animation, and the phone appears off. Although the screen is bl
Adware Android Apps Found in Google Play With Millions of Downloads

Adware Android Apps Found in Google Play With Millions of Downloads

Feb 04, 2015
With the rise in mobile market, last year we have seen sharp growth in malicious ' adware ' — the most prevalent mobile threat in the world. And now, security researchers have once again found Google Play Store offering malicious apps that are infecting millions of Android users with adware . It's not at all surprising that the Android operating system is surrounded by a number of unwanted intrusions that may gain users' attention to fall victim for one, but this issue might be even worse than we thought. WHAT IS ADWARE ? For those not familiar with adware, adware is a software that automatically displays or downloads advertising material like banners or pop-ups when a user is online. Doesn't sound dangerous, Right? But adware could result in a serious threat to users. Android Adware can pose a major threat to users' privacy, since some ad networks gather personal information like phone number, email address, and many more. Depending on where the ad netwo
Cybersecurity Resources