The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Android hacking

Critical Chipset Bugs Open Millions of Android Devices to Remote Spying

Critical Chipset Bugs Open Millions of Android Devices to Remote Spying

April 21, 2022Ravie Lakshmanan
Three security vulnerabilities have been disclosed in the audio decoders of Qualcomm and MediaTek chips that, if left unresolved, could allow an adversary to remotely gain access to media and audio conversations from affected mobile devices. According to Israeli cybersecurity company Check Point , the issues could be used as a launchpad to carry out remote code execution (RCE) attacks simply by sending a specially crafted audio file. "The impact of an RCE vulnerability can range from malware execution to an attacker gaining control over a user's multimedia data, including streaming from a compromised machine's camera," the researchers said in a report shared with The Hacker News. "In addition, an unprivileged Android app could use these vulnerabilities to escalate its privileges and gain access to media data and user conversations." The vulnerabilities, dubbed ALHACK, are rooted in an audio coding format originally developed and open-sourced by Apple i
New Android Banking Trojan Spreading via Google Play Store Targets Europeans

New Android Banking Trojan Spreading via Google Play Store Targets Europeans

February 21, 2022Ravie Lakshmanan
A new Android banking trojan with over 50,000 installations has been observed distributed via the official Google Play Store with the goal of targeting 56 European banks and carrying out harvesting sensitive information from compromised devices. Dubbed  Xenomorph  by Dutch security firm ThreatFabric, the in-development malware is said to share overlaps with another banking trojan tracked under the moniker Alien while also being "radically different" from its predecessor in terms of the functionalities offered. "Despite being a work-in-progress, Xenomorph is already sporting effective overlays and being actively distributed on official app stores," ThreatFabric's founder and CEO, Han Sahin, said. "In addition, it features a very detailed and modular engine to abuse accessibility services, which in the future could power very advanced capabilities, like ATS." Alien, a remote access trojan (RAT) with notification sniffing and authenticator-based 2FA
4 Android Banking Trojan Campaigns Targeted Over 300,000 Devices in 2021

4 Android Banking Trojan Campaigns Targeted Over 300,000 Devices in 2021

November 29, 2021Ravie Lakshmanan
Four different Android banking trojans were spread via the official Google Play Store between August and November 2021, resulting in more than 300,000 infections through various dropper apps that posed as seemingly harmless utility apps to take full control of the infected devices. Designed to deliver Anatsa (aka TeaBot), Alien, ERMAC, and Hydra, cybersecurity firm ThreatFabric  said  the malware campaigns are not only more refined, but also engineered to have a small malicious footprint, effectively ensuring that the payloads are installed only on smartphones devices from specific regions and preventing the malware from being downloaded during the publishing process . Once installed, these banking trojans can surreptitiously siphon user passwords and SMS-based two-factor authentication codes, keystrokes, screenshots, and even deplete users' bank accounts without their knowledge by using a tool called Automatic Transfer System ( ATSs ). The apps have since been removed from the
FTC Bans Stalkerware App SpyFone; Orders Company to Erase Secretly Stolen Data

FTC Bans Stalkerware App SpyFone; Orders Company to Erase Secretly Stolen Data

September 01, 2021Ravie Lakshmanan
The U.S. Federal Trade Commission on Wednesday banned a stalkerware app company called SpyFone from the surveillance business over concerns that it stealthily harvested and shared data on people's physical movements, phone use, and online activities that were then used by stalkers and domestic abusers to monitor potential targets. "SpyFone is a brazen brand name for a surveillance business that helped stalkers steal private information,"  said  Samuel Levine, acting director of the FTC's Bureau of Consumer Protection, in a statement. "The stalkerware was hidden from device owners, but was fully exposed to hackers who exploited the company's slipshod security. This case is an important reminder that surveillance-based businesses pose a significant threat to our safety and security." Calling out the app developers for its lack of basic security practices, the agency has also ordered SpyFone to delete the illegally harvested information and notify devic
6 Unpatched Flaws Disclosed in Remote Mouse App for Android and iOS

6 Unpatched Flaws Disclosed in Remote Mouse App for Android and iOS

May 07, 2021Ravie Lakshmanan
As many as six zero-days have been uncovered in an application called Remote Mouse, allowing a remote attacker to achieve full code execution without any user interaction. The unpatched flaws, collectively named ' Mouse Trap, ' were disclosed on Wednesday by security researcher Axel Persinger, who said, "It's clear that this application is very vulnerable and puts users at risk with bad authentication mechanisms, lack of encryption, and poor default configuration." Remote Mouse is a remote control application for Android and iOS that turns mobile phones and tablets into a wireless mouse, keyboard, and trackpad for computers, with support for voice typing, adjusting computer volume, and switching between applications with the help of a Remote Mouse server installed on the machine. The Android app alone has been installed over 10 million times. In a nutshell, the issues, which were identified by analysing the packets sent from the Android app to its Windows ser
Facebook Busts Palestinian Hackers' Operation Spreading Mobile Spyware

Facebook Busts Palestinian Hackers' Operation Spreading Mobile Spyware

April 21, 2021Ravie Lakshmanan
Facebook on Wednesday said it took steps to dismantle malicious activities perpetrated by two state-sponsored hacking groups operating out of Palestine that abused its platform to distribute malware. The social media giant attributed the attacks to a network connected to the Preventive Security Service ( PSS ), the security apparatus of the State of Palestine, and another threat actor known as Arid Viper (aka Desert Falcon and APT-C-23), the latter of which is alleged to be connected to the cyber arm of Hamas. The two digital espionage campaigns, active in 2019 and 2020, exploited a range of devices and platforms, such as Android, iOS, and Windows, with the PSS cluster primarily targeting domestic audiences in Palestine. The other set of attacks went after users in the Palestinian territories and Syria and, to a lesser extent Turkey, Iraq, Lebanon, and Libya. Both the groups appear to have leveraged the platform as a springboard to launch a variety of social engineering attacks in
Major Instagram App Bug Could've Given Hackers Remote Access to Your Phone

Major Instagram App Bug Could've Given Hackers Remote Access to Your Phone

September 24, 2020Ravie Lakshmanan
Ever wonder how hackers can hack your smartphone remotely? In a report shared with The Hacker News today, Check Point researchers disclosed details about a  critical vulnerability  in Instagram's Android app that could have allowed remote attackers to take control over a targeted device just by sending victims a specially crafted image. What's more worrisome is that the flaw not only lets attackers perform actions on behalf of the user within the Instagram app—including spying on victim's private messages and even deleting or posting photos from their accounts—but also execute arbitrary code on the device. According to an  advisory  published by Facebook, the heap overflow security issue (tracked as CVE-2020-1895 , CVSS score: 7.8) impacts all versions of the Instagram app prior to 128.0.0.26.128, which was released on February 10 earlier this year. "This [flaw] turns the device into a tool for spying on targeted users without their knowledge, as well as enabling
New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps

New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps

May 26, 2020Mohit Kumar
Remember Strandhogg? A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into giving away sensitive information. Late last year, at the time of its public disclosure, researchers also confirmed that some attackers were already exploiting the flaw in the wild to steal users' banking and other login credentials, as well as to spy on their activities. The same team of Norwegian cybersecurity researchers today unveiled details of a new critical vulnerability (CVE-2020-0096) affecting the Android operating system that could allow attackers to carry out a much more sophisticated version of Strandhogg attack. Dubbed ' Strandhogg 2.0 ,' the new vulnerability affects all Android devices, except those running the latest version, Android Q / 10, of the mobile operating system—which, unfortunately, is running on only 15-20% of the total
TrickBot Mobile App Bypasses 2‐Factor Authentication for Net Banking Services

TrickBot Mobile App Bypasses 2‐Factor Authentication for Net Banking Services

March 25, 2020Ravie Lakshmanan
The malware authors behind TrickBot banking Trojan have developed a new Android app that can intercept one-time authorization codes sent to Internet banking customers via SMS or relatively more secure push notifications, and complete fraudulent transactions. The Android app, called " TrickMo " by IBM X-Force researchers, is under active development and has exclusively targeted German users whose desktops have been previously infected with the TrickBot malware. "Germany is one of the first attack turfs TrickBot spread to when it first emerged in 2016," IBM researchers said. "In 2020, it appears that TrickBot's vast bank fraud is an ongoing project that helps the gang monetize compromised accounts." The name TrickMo is a direct reference to a similar kind of Android banking malware called ZitMo that was developed by Zeus cybercriminal gang in 2011 to defeat SMS-based two-factor authentication. The development is the latest addition in the ars
Android Cookie-Stealing Malware Found Hijacking Facebook Accounts

Android Cookie-Stealing Malware Found Hijacking Facebook Accounts

March 13, 2020Ravie Lakshmanan
A new simple but dangerous strain of Android malware has been found in the wild that steals users' authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices. Dubbed " Cookiethief " by Kaspersky researchers, the Trojan works by acquiring superuser root rights on the target device, and subsequently, transfer stolen cookies to a remote command-and-control (C2) server operated by attackers. "This abuse technique is possible not because of a vulnerability in the Facebook app or browser itself," Kaspersky researchers said. "Malware could steal cookie files of any website from other apps in the same way and achieve similar results." Cookiethief: Hijacking Accounts Without Requiring Passwords Cookies are small pieces of information that's often used by websites to differentiate one user from another, offer continuity around the web, track browsing sessions across different
Mysterious malware that re-installs itself infected over 45,000 Android Phones

Mysterious malware that re-installs itself infected over 45,000 Android Phones

October 29, 2019Swati Khandelwal
Over the past few months, hundreds of Android users have been complaining online of a new piece of mysterious malware that hides on the infected devices and can reportedly reinstall itself even after users delete it, or factory reset their devices. Dubbed Xhelper , the malware has already infected more than 45,000 Android devices in just the last six months and is continuing to spread by infecting at least 2,400 devices on an average each month, according to the latest report published today by Symantec. Here below, I have collected excerpts from some comments that affected users shared on the online forums while asking for how to remove the Xhelper Android malware: "xhelper regularly reinstalls itself, almost every day!" "the 'install apps from unknown sources' setting turns itself on." "I rebooted my phone and also wiped my phone yet the app xhelper came back." "Xhelper came pre-installed on the phone from China."
1-Click iPhone and Android Exploits Target Tibetan Users via WhatsApp

1-Click iPhone and Android Exploits Target Tibetan Users via WhatsApp

September 24, 2019Mohit Kumar
A team of Canadian cybersecurity researchers has uncovered a sophisticated and targeted mobile hacking campaign that is targeting high-profile members of various Tibetan groups with one-click exploits for iOS and Android devices. Dubbed Poison Carp by University of Toronto's Citizen Lab, the hacking group behind this campaign sent tailored malicious web links to its targets over WhatsApp, which, when opened, exploited web browser and privilege escalation vulnerabilities to install spyware on iOS and Android devices stealthily. "Between November 2018 and May 2019, senior members of Tibetan groups received malicious links in individually tailored WhatsApp text exchanges with operators posing as NGO workers, journalists, and other fake personas," the researchers say . What's more? The researchers said they found "technical overlaps" of Poison Carp with two recently discovered campaigns against the Uyghur community in China—the iPhone hacking campaign
Learn Ethical Hacking Online – A to Z Training Bundle 2019

Learn Ethical Hacking Online – A to Z Training Bundle 2019

September 03, 2019The Hacker News
Good news for you is that this week's THN Deals brings Ethical Hacking A to Z Bundle that let you get started regardless of your experience level. The Ethical Hacking A to Z Bundle will walk you through the very basic skills you need to start your journey towards becoming a professional ethical hacker. The 45 hours of course that includes total 384 in-depth lectures, usually cost $1,273, but you can exclusively get this 8-in-1 online training course for just $39 (after 96% discount) at the THN Deals Store. 8-in-1 Online Hacking Training: Here's What You Will Learn Ethical Hacking A to Z Bundle will provide you access to the following eight courses: 1. Ethical Hacker Boot Camp for 2017 This course will teach you all about passive and active reconnaissance, scanning and enumeration, social engineering basics, network mapping, and with live hacking demonstrations using tools like Maltego, FOCA, Harvester, Recon-ng, Nmap, and masscan. By the end of this course,
New Flaws in Qualcomm Chips Expose Millions of Android Devices to Hacking

New Flaws in Qualcomm Chips Expose Millions of Android Devices to Hacking

August 06, 2019Mohit Kumar
A series of critical vulnerabilities have been discovered in Qualcomm chipsets that could allow hackers to compromise Android devices remotely just by sending malicious packets over-the-air with no user interaction. Discovered by security researchers from Tencent's Blade team, the vulnerabilities, collectively known as QualPwn , reside in the WLAN and modem firmware of Qualcomm chipsets that powers hundreds of millions of Android smartphones and tablets. According to researchers, there are primarily two critical vulnerabilities in Qualcomm chipsets and one in the Qualcomm's Linux kernel driver for Android which if chained together could allow attackers to take complete control over targeted Android devices within their Wi-Fi range. "One of the vulnerabilities allows attackers to compromise the WLAN and Modem over-the-air. The other allows attackers to compromise the Android Kernel from the WLAN chip. The full exploit chain allows attackers to compromise the Andr
New Malware Replaced Legit Android Apps With Fake Ones On 25 Million Devices

New Malware Replaced Legit Android Apps With Fake Ones On 25 Million Devices

July 11, 2019Swati Khandelwal
Are you sure the WhatsApp app you are using on your Android device is legitimate, even if it's working perfectly as intended? ...Or the JioTV, AppLock, HotStar, Flipkart, Opera Mini or Truecaller app—if you have installed any of these? I'm asking this because cybersecurity researchers just yesterday revealed eye-opening details about a widespread Android malware campaign wherein attackers silently replaced installed legitimate apps with their malicious versions on nearly 25 million mobile phones. Now the important question here is how they're doing it and why? According to researchers at Check Point, attackers are distributing a new kind of Android malware that disguises itself as innocent-looking photo editing, adult entertainment, or gaming apps and available through widely used third-party app stores. Dubbed Agent Smith , the malware takes advantage of multiple Android vulnerabilities, such as the  Janus flaw and the Man-in-the-Disk flaw , and injects malic
Hackers Used WhatsApp 0-Day Flaw to Secretly Install Spyware On Phones

Hackers Used WhatsApp 0-Day Flaw to Secretly Install Spyware On Phones

May 13, 2019Swati Khandelwal
Whatsapp has recently patched a severe vulnerability that was being exploited by attackers to remotely install surveillance malware on a few "selected" smartphones by simply calling the targeted phone numbers over Whatsapp audio call. Discovered, weaponized and then sold by the Israeli company NSO Group that produces the most advanced mobile spyware on the planet, the WhatsApp exploit installs Pegasus spyware on to Android and iOS devices. According to an advisory published by Facebook, a buffer overflow vulnerability in WhatsApp VOIP stack allows remote attackers to execute arbitrary code on target phones by sending a specially crafted series of SRTCP packets. Apparently, the vulnerability, identified as CVE-2019-3568 , can successfully be exploited to install the spyware and steal data from a targeted Android phone or iPhone by merely placing a WhatsApp call, even when the call is not answered. Also, the victim would not be able to find out about the intrusion af
Severe Flaws in SHAREit Android App Let Hackers Steal Your Files

Severe Flaws in SHAREit Android App Let Hackers Steal Your Files

February 27, 2019Swati Khandelwal
Security researchers have discovered two high-severity vulnerabilities in the SHAREit Android app that could allow attackers to bypass device authentication mechanism and steal files containing sensitive from a victim's device. With over 1.5 billion users worldwide, SHAREit is a popular file sharing application for Android, iOS, Windows and Mac that has been designed to help people share video, music, files, and apps across various devices. With more than 500 million users, the SHAREit Android app was found vulnerable to a file transfer application's authentication bypass flaw and an arbitrary file download vulnerability, according to a blog post RedForce researchers shared with The Hacker News. The vulnerabilities were initially discovered over a year back in December 2017 and fixed in March 2018, but the researchers decided not to disclose their details until Monday "given the impact of the vulnerability, its big attack surface and ease of exploitation."
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.