#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

Android Malware | Breaking Cybersecurity News | The Hacker News

Category — Android Malware
42 Adware Apps with 8 Million Downloads Traced Back to Vietnamese Student

42 Adware Apps with 8 Million Downloads Traced Back to Vietnamese Student

Oct 24, 2019
First of all, if you have any of the below-listed apps installed on your Android device, you are advised to uninstall it immediately. Cybersecurity researchers have identified 42 apps on the Google Play Store with a total of more than 8 million downloads, which were initially distributed as legitimate applications but later updated to maliciously display full-screen advertisements to their users. Discovered by ESET security researcher Lukas Stefanko, these adware Android applications were developed by a Vietnamese university student, who easily got tracked likely because he never bothered to hide his identity. The publicly available registration details of a domain associated with the adware apps helped find the identity of the rogue developer, including his real name, address, and phone number, which eventually led the researcher to his personal accounts on Facebook, GitHub, and YouTube. "Seeing that the developer did not take any measures to protect his identity, it ...
WARNING — Malware Found in CamScanner Android App With 100+ Million Users

WARNING — Malware Found in CamScanner Android App With 100+ Million Users

Aug 27, 2019
Beware! Attackers can remotely hijack your Android device and steal data stored on it, if you are using free version of  CamScanner , a highly-popular Phone PDF creator app with more than 100 million downloads on Google Play Store. So, to be safe, just uninstall the CamScanner app from your Android device now, as Google has already removed the app from its official Play Store. Unfortunately, CamScanner has recently gone rogue as researchers found a hidden Trojan Dropper module within the app that could allow remote attackers to secretly download and install malicious program on users' Android devices without their knowledge. However, the malicious module doesn't actually reside in the code of CamScanner Android app itself; instead, it is part of a 3rd-party advertising library that recently was introduced in the PDF creator app. Discovered by Kaspersky security researchers, the issue came to light after many CamScanner users spotted suspicious behavior and posted neg...
New Android Spyware Created by Russian Defense Contractor Found in the Wild

New Android Spyware Created by Russian Defense Contractor Found in the Wild

Jul 25, 2019
Cybersecurity researchers have uncovered a new piece of mobile surveillance malware believed to be developed by a Russian defense contractor that has been sanctioned for interfering with the 2016 U.S. presidential election. Dubbed Monokle , the mobile remote-access trojan has been actively targeting Android phones since at least March 2016 and is primarily being used in highly targeted attacks on a limited number of people. According to security researchers at Lookout, Monokle possesses a wide range of spying functionalities and uses advanced data exfiltration techniques, even without requiring root access to a targeted device. How Bad is Monokle Surveillance Malware In particular, the malware abuses Android accessibility services to exfiltrate data from a large number of popular third-party applications, including Google Docs, Facebook messenger, Whatsapp, WeChat, and Snapchat, by reading text displayed on a device's screen at any point in time. The malware also extracts...
cyber security

10 Best Practices for Building a Resilient, Always-On Compliance Program

websiteXM CyberCyber Resilience / Compliance
Download XM Cyber's handbook to learn 10 essential best practices for creating a robust, always-on compliance program.
cyber security

Maximize the Security Tools You Already Have

websitePrelude SecuritySecurity Control Validation
Hone your EDR, identity, vuln, and email platforms against the threats that matter with a 14-day trial.
New Malware Replaced Legit Android Apps With Fake Ones On 25 Million Devices

New Malware Replaced Legit Android Apps With Fake Ones On 25 Million Devices

Jul 11, 2019
Are you sure the WhatsApp app you are using on your Android device is legitimate, even if it's working perfectly as intended? ...Or the JioTV, AppLock, HotStar, Flipkart, Opera Mini or Truecaller app—if you have installed any of these? I'm asking this because cybersecurity researchers just yesterday revealed eye-opening details about a widespread Android malware campaign wherein attackers silently replaced installed legitimate apps with their malicious versions on nearly 25 million mobile phones. Now the important question here is how they're doing it and why? According to researchers at Check Point, attackers are distributing a new kind of Android malware that disguises itself as innocent-looking photo editing, adult entertainment, or gaming apps and available through widely used third-party app stores. Dubbed Agent Smith , the malware takes advantage of multiple Android vulnerabilities, such as the  Janus flaw and the Man-in-the-Disk flaw , and injects malic...
China's Border Guards Secretly Installing Spyware App on Tourists' Phones

China's Border Guards Secretly Installing Spyware App on Tourists' Phones

Jul 03, 2019
Chinese authorities are secretly installing surveillance apps on smartphones of foreigners at border crossings in the Xinjiang region who are entering from neighboring Kyrgyzstan, an international investigation revealed. Xinjiang (XUAR) is an autonomous territory and home to many Muslim ethnic minority groups where China is known to be conducting massive surveillance operations, especially on the activities of Uighurs, a Muslim Turkic minority group of about 8 million people. The Chinese government has blamed the Muslim Turkic minority group for Islamic extremism and deadly attacks on Chinese targets. According to a joint investigation by New York Times , the Guardian, Süddeutsche Zeitung and more, the surveillance app has been designed to instantly extract emails, texts, calendar entries, call records, contacts and insecurely uploads them to a local server set-up at the check-point only. This suggests that the spyware app has not been designed to continuously and remote...
'Legit Apps Turned into Spyware' Targeting Android Users in Middle East

'Legit Apps Turned into Spyware' Targeting Android Users in Middle East

Jun 26, 2019
Cybersecurity researchers are warning about an ongoing Android malware campaign that has been active since 2016 and was first publicly reported in August 2018. Dubbed " ViceLeaker " by researchers at Kaspersky, the campaign has recently been found targeting Israeli citizens and some other middle eastern countries with a powerful surveillance malware designed to steal almost all accessible information, including call recordings, text messages, photos, videos, and location data—all without users' knowledge. Besides these traditional spying functionalities, the malware also has backdoor capabilities including upload, download, and delete files, record surrounding audio, takeover camera, and make calls or send messages to specific numbers. The malware used in these campaigns was named " Triout " in a report published by Bitdefender in 2018, which is sort of a malware framework that attackers are using to turn legitimate applications into spyware by inject...
Google Makes it Tough for Rogue App Developers Get Back on Android Play Store

Google Makes it Tough for Rogue App Developers Get Back on Android Play Store

Apr 16, 2019
Even after Google's security oversight over its already-huge Android ecosystem has evolved over the years, malware apps still keep coming back to Google Play Store. Sometimes just reposting an already detected malware app from a newly created Play Store account, or using other developers' existing accounts, is enough for 'bad-faith' developers to trick the Play Store into distributing unsafe apps to Android users. Since the mobile device platform is growing rapidly, every new effort Google makes apparently comes with trade-offs. For example, Google recently made some changes in its Play Store policies and added new restriction in Android APIs that now makes it mandatory for every new app to undergo rigorous security testing and review process before appearing in the Google Play Store. These efforts also include: restricting developers from abusing Android accessibility services, restricting apps access to certain permissions like call logs and SMS permi...
Scranos: New Rapidly Evolving Rootkit-Enabled Spyware Discovered

Scranos: New Rapidly Evolving Rootkit-Enabled Spyware Discovered

Apr 16, 2019
A new powerful rootkit-enabled spyware operation has been discovered wherein hackers are distributing multifunctional malware disguised as cracked software or trojanized app posing as legitimate software like video players, drivers and even anti-virus products. While the rootkit malware—dubbed Scranos —which was first discovered late last year, still appears to be a work in progress, it is continuously evolving, testing new components and regularly making an improvement to old components, which makes it a significant threat. Scranos features a modular design that has already gained capabilities to steal login credentials and payment accounts from various popular services, exfiltrate browsing history and cookies, get YouTube subscribers, display ads, as well as download and execute any payload. According to a 48 page in-depth report Bitdefender shared with The Hacker News prior to its release, the malware gains persistence on infected machines by installing a digitally-signed ...
'Exodus' Surveillance Malware Found Targeting Apple iOS Users

'Exodus' Surveillance Malware Found Targeting Apple iOS Users

Apr 09, 2019
Cybersecurity researchers have discovered an iOS version of the powerful mobile phone surveillance app that was initially targeting Android devices through apps on the official Google Play Store. Dubbed Exodus , as the malware is called, the iOS version of the spyware was discovered by security researchers at LookOut during their analysis of its Android samples they had found last year. Unlike its Android variant, the iOS version of Exodus has been distributed outside of the official App Store, primarily through phishing websites that imitate Italian and Turkmenistani mobile carriers. Since Apple restricts direct installation of apps outside of its official app store, the iOS version of Exodus is abusing the Apple Developer Enterprise program, which allows enterprises to distribute their own in-house apps directly to their employees without needing to use the iOS App Store. "Each of the phishing sites contained links to a distribution manifest, which contained metadata...
First Android Clipboard Hijacking Crypto Malware Found On Google Play Store

First Android Clipboard Hijacking Crypto Malware Found On Google Play Store

Feb 11, 2019
A security researcher has discovered yet another cryptocurrency-stealing malware on the official Google Play Store that was designed to secretly steal bitcoin and cryptocurrency from unwitting users. The malware, described as a " Clipper ," masqueraded as a legitimate cryptocurrency app and worked by replacing cryptocurrency wallet addresses copied into the Android clipboard with one belonging to attackers, ESET researcher Lukas Stefanko explained in a blog post . Since cryptocurrency wallet addresses are made up of long strings of characters for security reasons, users usually prefer copying and pasting the wallet addresses using the clipboard over typing them out. The newly discovered clipper malware, dubbed Android/Clipper.C by ESET, took advantage of this behavior to steal users cryptocurrency. To do this, attackers first tricked users into installing the malicious app that impersonated a legitimate cryptocurrency service called MetaMask , claiming to let users...
Several Popular Beauty Camera Apps Caught Stealing Users' Photos

Several Popular Beauty Camera Apps Caught Stealing Users' Photos

Feb 04, 2019
Just because an app is available on Google Play Store doesn't mean that it is a legitimate app. Despite so many efforts by Google, some fake and malicious apps do sneak in and land millions of unaware users on the hunting ground of scammers and hackers. Cybersecurity firm Trend Micro uncovered at least 29 devious photo apps that managed to make its way onto Google Play Store and have been downloaded more than 4 million times before Google removed them from its app store. The mobile apps in question disguised as photo editing and beauty apps purporting to use your mobile phone's camera to take better pictures or beautify the snaps you shoot, but were found including code that performs malicious activities on their users' smartphone. Three of the rogue apps—Pro Camera Beauty, Cartoon Art Photo and Emoji Camera—have been downloaded more than a million times each, with Artistic Effect Filter being installed over 500,000 times and another seven apps in the list over 100...
New Android Malware Apps Use Motion Sensor to Evade Detection

New Android Malware Apps Use Motion Sensor to Evade Detection

Jan 18, 2019
Even after so many efforts by Google for preventing its Play Store from malware, shady apps somehow managed to fool its anti-malware protections and get into its service to infect Android users with malware. Two such Android apps have recently been spotted on the Google Play Store by security researchers with the Trend Micro malware research team, infecting thousands of Android users who have already downloaded them with banking malware. The apps in question masquerade as a currency exchange app called Currency Converter and battery saver app called BatterySaverMobi , and are using motion-sensor inputs of infected Android devices to monitor them before installing a dangerous banking Trojan called Anubis. The malicious Android apps, with a large number of fake five-star reviews, use this clever trick instead of traditional evasion techniques in order to avoid detection when researchers run emulators (which are less likely to use sensors) to detect such malicious apps. ...
8 Popular Android Apps Caught Up In Million-Dollar Ad Fraud Scheme

8 Popular Android Apps Caught Up In Million-Dollar Ad Fraud Scheme

Nov 27, 2018
Cheetah Mobile —a prominent Chinese app company, known for its popular utility apps like Clean Master and Battery Doctor—and one of its subsidiary Kika Tech have allegedly been caught up in an Android ad fraud scheme that stole millions of dollars from advertisers. According to app analytics firm Kochava , 7 Android apps developed by Cheetah Mobile and 1 from Kika Tech with a total 2 billion downloads on Google Play Store have been accused of falsely claiming the credits for driving the installation of new apps in order to claim a fee or bounty. Many mobile application developers generate revenue by promoting and recommending the installation of other apps inside their apps for a fee or a bounty that typically ranges from $0.50 to $3.00. To know which advertisement recommended the app and should get the credit, the newly installed app does a "lookback" immediately after it is opened for the first time to see from where the last click was originated and attribute the ...
Cybercriminals Hijack Router DNS to Distribute Android Banking Trojan

Cybercriminals Hijack Router DNS to Distribute Android Banking Trojan

Apr 16, 2018
Security researchers have been warning about an ongoing malware campaign hijacking Internet routers to distribute Android banking malware that steals users' sensitive information, login credentials and the secret code for two-factor authentication. In order to trick victims into installing the Android malware, dubbed Roaming Mantis , hackers have been hijacking DNS settings on vulnerable and poorly secured routers . DNS hijacking attack allows hackers to intercept traffic, inject rogue ads on web-pages and redirect users to phishing pages designed to trick them into sharing their sensitive information like login credentials, bank account details, and more. Hijacking routers' DNS for a malicious purpose is not new. Previously we reported about widespread DNSChanger and Switcher —both the malware worked by changing the DNS settings of the wireless routers to redirect traffic to malicious websites controlled by attackers. Discovered by security researchers at Kaspersk...
VirusTotal launches 'Droidy' sandbox to detect malicious Android apps

VirusTotal launches 'Droidy' sandbox to detect malicious Android apps

Apr 05, 2018
One of the biggest and most popular multi-antivirus scanning engine service has today launched a new Android sandbox service, dubbed VirusTotal Droidy , to help security researchers detect malicious apps based on behavioral analysis. VirusTotal, owned by Google, is a free online service that allows anyone to upload files to check them for viruses against dozens of antivirus engines simultaneously. Android Sandbox performs both static and dynamic analysis to automatically detect suspicious applications by executing and monitoring applications in a simulated Android OS environment. Behavioral reports for Android applications (APKs) is not new to VirusTotal, as the website already had service since 2013 that worked based on Cuckoo Sandbox , an open source automated malware analysis system. Replacing this existing system, VirusTotal Droidy has been integrated in the context of the multi-sandbox project and can extract "juicy" details, such as: Network communicatio...
New Android Malware Secretly Records Phone Calls and Steals Private Data

New Android Malware Secretly Records Phone Calls and Steals Private Data

Apr 03, 2018
Security researchers at Cisco Talos have uncovered variants of a new Android Trojan that are being distributed in the wild disguising as a fake anti-virus application, dubbed "Naver Defender." Dubbed KevDroid , the malware is a remote administration tool (RAT) designed to steal sensitive information from compromised Android devices, as well as capable of recording phone calls. Talos researchers published Monday technical details about two recent variants of KevDroid detected in the wild, following the initial discovery of the Trojan by South Korean cybersecurity firm ESTsecurity two weeks ago. Though researchers haven't attributed the malware to any hacking or state-sponsored group, South Korean media have linked KevDroid with North Korea state-sponsored cyber espionage hacking group " Group 123 ," primarily known for targeting South Korean targets. The most recent variant of KevDroid malware, detected in March this year, has the following capabilit...
Pre-Installed Malware Found On 5 Million Popular Android Phones

Pre-Installed Malware Found On 5 Million Popular Android Phones

Mar 15, 2018
Security researchers have discovered a massive continuously growing malware campaign that has already infected nearly 5 million mobile devices worldwide. Dubbed RottenSys , the malware that disguised as a 'System Wi-Fi service' app came pre-installed on millions of brand new smartphones manufactured by Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung and GIONEE—added somewhere along the supply chain. All these affected devices were shipped through Tian Pai, a Hangzhou-based mobile phone distributor, but researchers are not sure if the company has direct involvement in this campaign. According to Check Point Mobile Security Team, who uncovered this campaign, RottenSys is an advanced piece of malware that doesn't provide any secure Wi-Fi related service but takes almost all sensitive Android permissions to enable its malicious activities. "According to our findings, the RottenSys malware began propagating in September 2016. By March 12, 2018, 4,964,460 devices were...
Expert Insights Articles Videos
Cybersecurity Resources