The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Android hacking

Beware! Over 800 Android Apps on Google Play Store Contain 'Xavier' Malware

Beware! Over 800 Android Apps on Google Play Store Contain 'Xavier' Malware
June 13, 2017Mohit Kumar
Over 800 different Android apps that have been downloaded millions of times from Google Play Store found to be infected with malicious ad library that silently collects sensitive user data and can perform dangerous operations. Dubbed " Xavier ," the malicious ad library, initially emerged in September 2016, is a member of AdDown malware family, potentially posing a severe threat to millions of Android users. Since 90 percent of Android apps are free for anyone to download, advertising on them is a key revenue source for their developers. For this, they integrate Android SDK Ads Library in their apps, which usually doesn't affect an app's core functionality. According to security researchers at Trend Micro , the malicious ad library comes pre-installed on a wide range of Android applications, including photo editors, wallpapers and ringtone changers, Phone tracking, Volume Booster, Ram Optimizer and music-video player. Features of Xavier Info-Stealing Malware

Google Patches 6 Critical Android Mediaserver Bugs in May Security Update

Google Patches 6 Critical Android Mediaserver Bugs in May Security Update
May 03, 2017Swati Khandelwal
In Brief Google has released its monthly security patches for Android this week, addressing 17 critical vulnerabilities, 6 of which affect Android Mediaserver component that could be used to execute malicious code remotely. Besides patches for Mediaserver, Google also fixed 4 critical vulnerabilities related to Qualcomm components discovered in Android handsets, including Google's Nexus 6P, Pixel XL, and Nexus 9 devices. According to the Google security bulletin for Android  published Monday, this month's security update is one of the largest security fixes the company ever compiled in a single month. Google has split Android's monthly security bulletin into security "patch levels": Partial security patch level (2017-05-01) covers patches for vulnerabilities that are common to all Android devices. Complete security patch level (2017-05-05) includes additional fixes for hardware drivers as well as kernel components that are present only in some d

Android Trojan Targeting Over 420 Banking Apps Worldwide Found On Google Play Store

Android Trojan Targeting Over 420 Banking Apps Worldwide Found On Google Play Store
April 13, 2017Wang Wei
Do you like watching funny videos online? I am not kind of a funny person, but I love watching funny videos clips online, and this is one of the best things that people can do in their spare time. But, beware if you have installed a funny video app from Google Play Store. A security researcher has discovered a new variant of the infamous Android banking Trojan hiding in apps under different names, such as Funny Videos 2017 , on Google Play Store. Niels Croese, the security researcher at Securify B.V firm, analyzed the Funny Videos app that has 1,000 to 5,000 installs and found that the app acts like any of the regular video applications on Play Store, but in the background, it targets victims from banks around the world. This newly discovered banking Trojan works like any other banking malware, but two things that makes it different from others are — its capability to target victims and use of DexProtector tool to obfuscate the app's code. Dubbed BankBot , the banking

Google just discovered a dangerous Android Spyware that went undetected for 3 Years

Google just discovered a dangerous Android Spyware that went undetected for 3 Years
April 04, 2017Swati Khandelwal
An Android version of one of the most sophisticated mobile spyware has been discovered that remained undetected for at least three years due to its smart self-destruction capabilities. Dubbed Chrysaor , the Android spyware has been used in targeted attacks against activists and journalists mostly in Israel, but also in Georgia, Turkey, Mexico, the UAE and other countries. Chrysaor espionage malware, uncovered by researchers at Lookout and Google, is believed to be created by the same Israeli surveillance firm NSO Group Technologies, who was behind the Pegasus iOS spyware initially detected in targeted attacks against human rights activists in the United Arab Emirates last year. NSO Group Technologies is believed to produce the most advanced mobile spyware on the planet and sold them to governments, law enforcement agencies worldwide, as well as dictatorial regimes. The newly discovered Chrysaor spyware has been found installed on fewer than three-dozen Android devices, al

Beware! Pre-Installed Android Malware Found On 36 High-end Smartphones

Beware! Pre-Installed Android Malware Found On 36 High-end Smartphones
March 11, 2017Wang Wei
Bought a brand new Android Smartphone? Do not expect it to be a clean slate. At least 36 high-end smartphone models belonging to popular manufacturing companies such as Samsung, LG, Xiaomi, Asus, Nexus, Oppo, and Lenovo, which are being distributed by two unidentified companies have been found pre-loaded with malware programs. These malware infected devices were identified after a Check Point malware scan was performed on Android devices. Two malware families were detected on the infected devices: Loki and SLocker. According to a blog post published Friday by Check Point researchers, these malicious software apps were not part of the official ROM firmware supplied by the smartphone manufacturers but were installed later somewhere along the supply chain, before the handsets arrived at the two companies from the manufacturer's factory. First seen in February 2016, Loki Trojan inject devices right inside core Android operating system processes to gain powerful root privi

More Firmware Backdoor Found In Cheap Android Phones

More Firmware Backdoor Found In Cheap Android Phones
December 13, 2016Swati Khandelwal
Here's some bad news for Android users again. Certain low-cost Android smartphones and tablets are shipped with malicious firmware, which covertly gathers data about the infected devices, displays advertisements on top of running applications and downloads unwanted APK files on the victim's devices. Security researchers from Russian antivirus vendor Dr.Web have discovered two types of downloader Trojans that have been incorporated in the firmware of a large number of popular Android devices operating on the MediaTek platform, which are mostly marketed in Russia. The Trojans, detected as Android.DownLoader.473.origin and Android.Sprovider.7 , are capable of collecting data about the infected devices, contacting their command-and-control servers, automatically updating themselves, covertly downloading and installing other apps based on the instructions it receives from their server, and running each time the device is restarted or turned on. The list of Android devic

Pre-installed Backdoor On 700 Million Android Phones Sending Users' Data To China

Pre-installed Backdoor On 700 Million Android Phones Sending Users' Data To China
November 15, 2016Swati Khandelwal
Do you own an Android smartphone? You could be one of those 700 Million users whose phone is secretly sending text messages to China every 72 hours. You heard that right. Over 700 Million Android smartphones contain a secret 'backdoor' that surreptitiously sends all your text messages, call log, contact list, location history, and app data to China every 72 hours. Security researchers from Kryptowire discovered the alleged backdoor hidden in the firmware of many budget Android smartphones sold in the United States, which covertly gathers data on phone owners and sends it to a Chinese server without users knowing. First reported on by the New York Times on Tuesday, the backdoored firmware software is developed by China-based company Shanghai AdUps Technology, which claims that its software runs updates for more than 700 Million devices worldwide. Infected Android Smartphone WorldWide Moreover, it is worth noting that AdUps provides its software to much larger ha

Google Pixel Phone and Microsoft Edge Hacked at PwnFest 2016

Google Pixel Phone and Microsoft Edge Hacked at PwnFest 2016
November 11, 2016Wang Wei
The brand new Android smartphone launched by Google just a few months back has been hacked by Chinese hackers just in less than a minute. Yes, the Google's latest Pixel smartphone has been hacked by a team white-hat hackers from Qihoo 360, besides at the 2016 PwnFest hacking competition in Seoul. The Qihoo 360 team demonstrated a proof-of-concept exploit that used a zero-day vulnerability in order to achieve remote code execution (RCE) on the target smartphone. The exploit then launched the Google Play Store on the Pixel smartphone before opening Google Chrome and displaying a web page that read "Pwned By 360 Alpha Team," the Reg media reports . Qihoo 360 won $120,000 cash prize for hacking the Pixel. Google will now work to patch the vulnerability. Besides the Google Pixel, Microsoft Edge running under Windows 10 was also hacked in PwnFest hacking competition. The Qihoo 360 team also hacked Adobe Flash with a combination of a decade-old, use-after-free

How to Crack Android Full Disk Encryption on Qualcomm Devices

How to Crack Android Full Disk Encryption on Qualcomm Devices
July 01, 2016Mohit Kumar
The heated battle between Apple and the FBI provoked a lot of talk about Encryption – the technology that has been used to keep all your bits and bytes as safe as possible. We can not say a lot about Apple's users, but Android users are at severe risk when it comes to encryption of their personal and sensitive data. Android's full-disk encryption can be cracked much more easily than expected with brute force attack and some patience, affecting potentially hundreds of millions of mobile devices. And the worst part: There may not be a full fix available for current Android handsets in the market. Google started implementing Full Disk Encryption on Android by default with Android 5.0 Lollipop. Full disk encryption (FDE) can prevent both hackers and even powerful law enforcement agencies from gaining unauthorized access to device's data. Android's disk encryption, in short, is the process of encoding all user's data on an Android device before ever wri

Warning: 18,000 Android Apps Contains Code that Spy on Your Text Messages

Warning: 18,000 Android Apps Contains Code that Spy on Your Text Messages
October 28, 2015Khyati Jain
A large number of third-party Android apps have reportedly been discovered grabbing copies of all text messages received or sent to infected devices and sending them to the attackers' server. More than 63,000 Android applications use Taomike SDK – one of the biggest mobile advertisement solutions in China – to help developers display ads in their mobile apps and generate revenue. However, around 18,000 of these Android apps contains a malicious code that spy on users text messages, according to researchers at Palo Alto Networks, who made the discovery . Taomike provides a Software Development Toolkit (SDK) and services to the Android app developers using which they can: Displaying advertisements to users Offer in-app purchases (IAPs) Android Apps Stealing SMS Messages Focussing on distributing the app and techniques for building revenue, "Not all apps that use the Taomike library steal SMS messages," security researchers said. The security

New Android Vulnerable Lets Hackers Take Over Your Phone

New Android Vulnerable Lets Hackers Take Over Your Phone
August 24, 2015Khyati Jain
This time Everything is Affected! Yet another potentially dangerous vulnerability has reportedly been disclosed in the Google's mobile operating system platform – Android . Android has been hit by a number of security flaws this month, including:   Stagefright vulnerability that affects 950 Million Android devices worldwide A critical mediaserver vulnerability that threatened to crash more than 55 percent of Android devices Another critical flaw (CVE-2015-3842) discovered last week, affected almost all the versions of Android devices This time the issue resides in the multitasking capability of the Android phones, the ability to run more than one app at a time. The security flaw gives hacker ability to spy on Android smartphone owners, steal login credentials, install malware , and many more, according to the latest research conducted by the researchers at the Pennsylvania State University and FireEye . How the Attack Works? According to security

Another Critical Flaw Affecting Almost All Android Devices

Another Critical Flaw Affecting Almost All Android Devices
August 18, 2015Swati Khandelwal
Two weeks ago, we reported about a critical mediaserver vulnerability that threatened to crash more than 55 percent of Android devices, making them unresponsive and practically unusable to perform most essential tasks. Now, security researchers at Trend Micro have uncovered another flaw in the Android's mediaserver component that could be remotely exploited to install malware onto a target device by sending a specially crafted multimedia message. The vulnerability ( CVE-2015-3842 ) affects almost all the versions of Android devices from Android 2.3 Gingerbread to Android 5.1.1 Lollipop, potentially putting hundreds of Millions of Android devices open to hackers. Since Google has patched this issue, but hopefully the patch issued by Google this time isn't incomplete like its patch for the Stagefright vulnerability that affects 950 Million Android devices worldwide. How the Vulnerability Works? The security flaw involves a mediaserver component called Aud

New Android Vulnerability Could Crash your Phones Badly

New Android Vulnerability Could Crash your Phones Badly
July 30, 2015Wang Wei
Bad week for Android. Just days after a critical Stagefright vulnerability was revealed in the widely popular mobile platform, another new vulnerability threatens to make most Android devices unresponsive and practically unusable to essential tasks. Security researchers at Trend Micro have developed an attack technique that could ultimately crash more than 55 percent of Android phones , almost making them completely unresponsive and useless to perform very basic functions, including to make or receive calls. The dangerous security flaw affects any device running Android 4.3 Jelly Bean and later, including the latest Android 5.1.1 Lollipop , potentially putting hundreds of millions of Android users vulnerable to hackers. The flaw surfaced two days after Zimperium researchers warned that nearly 950 Million Android phones can be hijacked by sending a simple text message. Dubbed Stagefright , the vulnerability is more serious because it required no end-user interaction at

Simple Text Message to Hack Any Android Phone Remotely

Simple Text Message to Hack Any Android Phone Remotely
July 27, 2015Mohit Kumar
Own an Android phone? Beware, Your Android smartphones can be hacked by just a malformed text message. Security researchers have found that 95% of Android devices running version 2.2 to 5.1 of operating system, which includes Lollipop and KitKat, are vulnerable to a security bug, affecting more than 950 Million Android smartphones and tablets. Almost all Android smart devices available today are open to attack that could allow hackers to access the vulnerable device without the owners being aware of it, according to Joshua Drake, vice president of platform research and exploitation at security firm Zimperium. The vulnerability actually resides in a core Android component called " Stagefright ," a multimedia playback library used by Android to process, record and play multimedia files such as PDFs. A Text Message Received...Your Game is Over The sad news for most of the Android users is that the fix will not help Millions of Android users that owned o

Malicious Minecraft apps affect 600,000 Android Users

Malicious Minecraft apps affect 600,000 Android Users
May 26, 2015Mohit Kumar
So you love Minecraft ? You might want to be very careful before downloading the cheats for the popular Minecraft game from Google Play Store. Nearly 3 Million users have downloaded malicious Minecraft Android applications for their smartphone and tablets from the Google Play store, security researchers warned. The security researchers from IT security firm ESET have uncovered as many as 33 fake "scareware" applications that have been uploaded to the Google Play store in the course of the past 9 months, masquerading as Minecraft cheats and tip guides. These malicious applications have been downloaded between 660,000 and 2.8 million times. "All of the discovered apps were fake in that they did not contain any of the promised functionality and only displayed banners that tried to trick users into believing that their Android system is infected with a dangerous virus," ESET researcher Lukas Stefanko wrote in a blog post . Once downloaded, these mali

Android Malware Can Spy On You Even When Your Mobile Is Off

Android Malware Can Spy On You Even When Your Mobile Is Off
February 20, 2015Swati Khandelwal
Security researchers have unearthed a new Android Trojan that tricks victims into believing they have switched their device off while it continues " spying " on the users' activities in the background. So, next time be very sure while you turn off your Android smartphones. The new Android malware threat, dubbed PowerOffHijack , has been spotted and analyzed by the researchers at the security firm AVG. PowerOffHijack because the nasty malware has a very unique feature - it hijacks the shutdown process of user's mobile phone. MALWARE WORKS AFTER SWITCHING OFF MOBILES When users presses the power button on their device, a fake dialog box is shown. The malware mimics the shutdown animation and the device appears to be off, but actually remains on, giving the malicious program freedom to move around on the device and steal data. "After pressing the power button, you will see the real shutdown animation, and the phone appears off. Although the screen is bl

DroidStealth — Android Encryption Tool with Stealth Capabilities

DroidStealth — Android Encryption Tool with Stealth Capabilities
February 13, 2015Swati Khandelwal
We all have Internet-connected smartphones in our pockets, but it's very hard to find a place on Internet to feel secure and private. No doubt, there is data Encryption on cell phones, but what's the use if it is cracked by hackers or law enforcement? What if the encrypted files don't exist in the first place for law enforcement to decrypt it? That's the motive behind DroidStealth , a new Android encryption tool that not only protects sensitive data with obfuscation, but ​also hides its existence on your phone as if it has nothing to hide. DroidStealth Android app has been developed by security researchers from Delft University of Technology in the Netherlands and would come as a windfall to both the privacy lovers and the cyber criminals. STEALTH LOGIN MECHANISM DroidStealth Android encryption tool creates a hidden folder in your phone in which it stores your all encrypted files. The app itself can be opened by simply dialing a phone number of any length which is

Hackers Can Remotely Install Malware Apps to Your Android Device

Hackers Can Remotely Install Malware Apps to Your Android Device
February 12, 2015Wang Wei
Security researchers have warned of a pair of vulnerabilities in the Google Play Store that could allow cyber crooks to install and launch malicious applications remotely on Android devices. Tod Beardsley, technical lead for the Metasploit Framework at Rapid7 warns that an X-Frame-Options (XFO) vulnerability – when combined with a recent Android WebView (Jelly Bean) flaw – creates a way for hackers to quietly install any arbitrary app from the Play store onto victims' device even without the users consent. USERS AFFECTED The vulnerability affects users running Android version 4.3 Jelly Bean and earlier versions of Android that no longer receive official security updates from Android security team for WebView , a core component used to render web pages on an Android device . Also, users who have installed third party browsers are affected. According to the researcher, the web browser in Android 4.3 and prior that are vulnerable to a Universal Cross-Site Scripting (
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.