Android Malware | Breaking Cybersecurity News | The Hacker News

Security researchers have discovered a massive continuously growing malware campaign that has already infected nearly 5 million mobile devices worldwide. Dubbed RottenSys , the malware that disguised as a 'System Wi-Fi service' app came pre-installed on millions of brand new smartphones manufactured by Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung and GIONEE—added somewhere along the supply chain. All these affected devices were shipped through Tian Pai, a Hangzhou-based mobile phone distributor, but researchers are not sure if the company has direct involvement in this campaign. According to Check Point Mobile Security Team, who uncovered this campaign, RottenSys is an advanced piece of malware that doesn't provide any secure Wi-Fi related service but takes almost all sensitive Android permissions to enable its malicious activities. "According to our findings, the RottenSys malware began propagating in September 2016. By March 12, 2018, 4,964,460 devices were

Due to the recent surge in cryptocurrency prices, threat actors are increasingly targeting every platform, including IoT, Android, and Windows, with malware that leverages the CPU power of victims' devices to mine cryptocurrency. Just last month, Kaspersky researchers spotted fake antivirus and porn Android apps infected with malware that mines Monero cryptocurrency, launches DDoS attacks, and performs several other malicious tasks, causing the phone's battery to bulge out of its cover. Now, security researchers at Chinese IT security firm Qihoo 360 Netlab discovered a new piece of wormable Android malware, dubbed ADB.Miner , that scans wide-range of IP addresses to find vulnerable devices and infect them to mine digital cryptocurrency. According to the researchers, ADB.Miner is the first Android worm to reuse the scanning code programmed in Mirai —the infamous IoT botnet malware that knocked major Internet companies offline last year by launching massive DDoS attac

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

A global mobile espionage campaign collecting a trove of sensitive personal information from victims since at least 2012 has accidentally revealed itself—thanks to an exposed server on the open internet. It's one of the first known examples of a successful large-scale hacking operation of mobile phones rather than computers. The advanced persistent threat (APT) group, dubbed Dark Caracal , has claimed to have stolen hundreds of gigabytes of data, including personally identifiable information and intellectual property, from thousands of victims in more than 21 different countries, according to a new report from the Electronic Frontier Foundation (EFF) and security firm Lookout. After mistakenly leaking some of its files to the internet, the shadowy hacking group is traced back to a building owned by the Lebanese General Directorate of General Security (GDGS), one of the country's intelligence agencies, in Beirut. "Based on the available evidence, it's likely

Even after many efforts made by Google last year, malicious apps always somehow manage to make their ways into Google app store. Security researchers have now discovered a new piece of malware, dubbed GhostTeam , in at least 56 applications on Google Play Store that is designed to steal Facebook login credentials and aggressively display pop-up advertisements to users. Discovered independently by two cybersecurity firms, Trend Micro and Avast , the malicious apps disguise as various utility (such as the flashlight, QR code scanner, and compass), performance-boosting (like file-transfer and cleaner), entertainment, lifestyle and video downloader apps. Like most malware apps, these Android apps themselves don't contain any malicious code, which is why they managed to end up on Google's official Play Store. Once installed, it first confirms if the device is not an emulator or a virtual environment and then accordingly downloads the malware payload, which prompts the victim to

Security researchers have unveiled one of the most powerful and highly advanced Android spyware tools that give hackers full control of infected devices remotely. Dubbed Skygofree , the Android spyware has been designed for targeted surveillance, and it is believed to have been targeting a large number of users for the past four years. Since 2014, the Skygofree implant has gained several novel features previously unseen in the wild, according to a new report published by Russian cybersecurity firm Kaspersky Labs. The 'remarkable new features' include location-based audio recording using device's microphone, the use of Android Accessibility Services to steal WhatsApp messages, and the ability to connect infected devices to malicious Wi-Fi networks controlled by attackers. Skygofree is being distributed through fake web pages mimicking leading mobile network operators, most of which have been registered by the attackers since 2015—the year when the distribution ca

Due to the recent surge in cryptocurrency prices, not only hackers but also legitimate website administrators are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of your PC to mine Bitcoin or other cryptocurrencies. Just last week, researchers from AdGuard discovered that some popular video streaming and ripper sites including openload, Streamango, Rapidvideo, and OnlineVideoConverter hijacks CPU cycles from their over hundreds of millions of visitors for mining Monero cryptocurrency. Now, researchers from Moscow-based cyber security firm Kaspersky Lab have uncovered a new strain of Android malware lurking in fake anti-virus and porn applications, which is capable of performing a plethora of nefarious activities—from mining cryptocurrencies to launching Distributed Denial of Service (DDoS) attacks. Dubbed Loapi , the new Android Trojan can perform so many more malicious activities at a time that can exploit a handset to the e

Even after so many efforts by Google for making its Play Store away from malware, shady apps somehow managed to fool its anti-malware protections and infect people with malicious software. A team of researchers from several security firms has uncovered two new malware campaigns targeting Google Play Store users, of which one spreads a new version of BankBot , a persistent family of banking Trojan that imitates real banking applications in efforts to steal users' login details. BankBot has been designed to display fake overlays on legitimate bank apps from major banks around the world, including Citibank, WellsFargo, Chase, and DiBa, to steal sensitive information, including logins and credit card details. With its primary purpose of displaying fake overlays, BankBot has the ability to perform a broad range of tasks, such as sending and intercepting SMS messages, making calls, tracking infected devices, and stealing contacts. Google removed at least four previous versions

Cybercriminals are known to take advantage of everything that's popular among people in order to spread malware, and Google's official Play Store has always proved no less than an excellent place for hackers to get their job done. Yesterday some users spotted a fake version of the most popular WhatsApp messaging app for Android on the official Google Play Store that has already tricked more than one million users into downloading it. Dubbed Update WhatsApp Messenger , came from an app developer who pretended to be the actual WhatsApp service with the developer title "WhatsApp Inc."—the same title the actual WhatsApp messenger uses on Google Play. You might be wondering how the sneaky app developer was able to use the same title as the legitimate Facebook-owned maker of the messaging client—thanks to a Unicode character space. The app maker added a Unicode character space after the actual WhatsApp Inc. name, which in computer code reads WhatsApp+Inc%C2%A0 .

Nearly a year after the disclosure of the Dirty COW vulnerability that affected the Linux kernel, cybercriminals have started exploiting the vulnerability against Android users, researchers have warned. Publicly disclosed last year in October, Dirty COW was present in a section of the Linux kernel—a part of virtually every Linux distribution, including Red Hat, Debian, and Ubuntu—for years and was actively exploited in the wild. The vulnerability allows an unprivileged local attacker to gain root access through a race condition issue, gain access to read-only root-owned executable files, and permit remote attacks. However, security researchers from Trend Micro published a blog post on Monday disclosing that the privilege escalation vulnerability (CVE-2016-5195), known as Dirty COW, has now been actively exploited by a malware sample of ZNIU, detected as AndroidOS_ZNIU. This is the first time we have seen a malware sample to contain an exploit for the vulnerability designed

Even after so many efforts by Google, malicious apps somehow managed to fool its Play Store's anti-malware protections and infect people with malicious software. The same happened once again when at least 50 apps managed to make its way onto Google Play Store and were successfully downloaded as many as 4.2 million times—one of the biggest malware outbreaks. Security firm Check Point on Thursday published a blog post revealing at least 50 Android apps that were free to download on official Play Store and were downloaded between 1 million and 4.2 million times before Google removed them. These Android apps come with hidden malware payload that secretly registers victims for paid online services, sends fraudulent premium text messages from victims' smartphones and leaves them to pay the bill—all without the knowledge or permission of users. Dubbed ExpensiveWall by Check Point researchers because it was found in the Lovely Wallpaper app, the malware comes hidden in fre

Do you believe that just because you have downloaded an app from the official app store, you're safe from malware? Think twice before believing it. A team of security researchers from several security firms have uncovered a new, widespread botnet that consists of tens of thousands of hacked Android smartphones. Dubbed WireX, detected as "Android Clicker," the botnet network primarily includes infected Android devices running one of the hundreds of malicious apps installed from Google Play Store and is designed to conduct massive application layer DDoS attacks. Researchers from different Internet technology and security companies—which includes Akamai, CloudFlare , Flashpoint, Google, Oracle Dyn, RiskIQ, Team Cymru—spotted a series of cyber attacks earlier this month, and they collaborated to combat it. Although Android malware campaigns are quite common these days and this newly discovered campaign is also not that much sophisticated, I am quite impressed wit

Over 500 different Android apps that have been downloaded more than 100 million times from the official Google Play Store found to be infected with a malicious ad library that secretly distributes spyware to users and can perform dangerous operations. Since 90 per cent of Android apps is free to download from Google Play Store, advertising is a key revenue source for app developers. For this, they integrate Android SDK Ads library in their apps, which usually does not affect an app's core functionality. But security researchers at mobile security firm Lookout have discovered a software development kit (SDK), dubbed Igexin, that has been found delivering spyware on Android devices. Developed by a Chinese company to offer targeted advertising services to app developers, the rogue 'Igexin' advertising software was spotted in more than 500 apps on Google's official marketplace, most of which included: Games targeted at teens with as many as 100 million download

The infamous mobile banking trojan that recently added ransomware features to steal sensitive data and lock user files at the same time has now been modified to steal credentials from Uber and other booking apps as well. Security researchers at Kaspersky Lab have discovered a new variant of the Android banking Trojan called Faketoken that now has capabilities to detect and record an infected device's calls and display overlays on top of taxi booking apps to steal banking information. Dubbed Faketoken.q , the new variant of mobile banking trojan is being distributed using bulk SMS messages as their attack vector, prompting users to download an image file that actually downloads the malware. Malware Spy On Telephonic Conversations Once downloaded, the malware installs the necessary modules and the main payload, which hides its shortcut icon and begins monitoring everything—from every calls to launched apps—that happens on the infected Android device. When calls are m

Cyber criminals are becoming more adept, innovative, and stealthy with each passing day. They have now shifted from traditional to more clandestine techniques that come with limitless attack vectors and are harder to detect. Security researchers have discovered that one of the most dangerous Android banking Trojan families has now been modified to add a keylogger to its recent strain, giving attackers yet another way to steal victims sensitive data. Kaspersky Lab's Senior malware analyst Roman Unuchek spotted a new variant of the well-known Android banking Trojan, dubbed Svpeng , in the mid of last month with a new keylogger feature, which takes advantage of Android's Accessibility Services. Trojan Exploits 'Accessibility Services' to Add Keylogger Yes, the keylogger added in the new version of Svpeng takes advantage of Accessibility Services — an Android feature that provides users alternative ways to interact with their smartphone devices. This change makes

Security researchers at Google have discovered a new family of deceptive Android spyware that can steal a whole lot of information on users, including text messages, emails, voice calls, photos, location data, and other files, and spy on them. Dubbed Lipizzan , the Android spyware appears to be developed by Equus Technologies, an Israeli startup that Google referred to as a 'cyber arms' seller in a blog post published Wednesday. With the help of Google Play Protect , the Android security team has found Lipizzan spyware on at least 20 apps in Play Store, which infected fewer than 100 Android smartphones in total. Google has quickly blocked and removed all of those Lipizzan apps and the developers from its Android ecosystem, and Google Play Protect has notified all affected victims. For those unaware, Google Play Protect is part of the Google Play Store app and uses machine learning and app usage analysis to weed out the dangerous and malicious apps. Lipizzan: Soph