The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Android

Critical Flaw in Fortnite Android App Lets Hackers Install Malware

Critical Flaw in Fortnite Android App Lets Hackers Install Malware

August 27, 2018Swati Khandelwal
Security researchers from Google have publicly disclosed an extremely serious security flaw in the first Fortnite installer for Android that could allow other apps installed on the targeted devices to manipulate installation process and load malware, instead of the Fortnite APK. Earlier this month, Epic Games announced not to make its insanely popular game ' Fortnite for Android ' available through the Google Play Store, but via its own app. Many researchers warned the company that this approach could potentially put Android users at a greater risk, as downloading APKs outside of the Play Store is not recommended and requires users to disable some security features on Android devices as well. And it seems like those fears and concerns were true. Google developers discovered a dangerous security flaw as soon as the Fortnite game launched on Android. Fortnite Android Installer Vulnerable to Man-in-the-Disk Attack In a proof-of-concept video published by Google, r
Google Android P is officially called Android 9 Pie

Google Android P is officially called Android 9 Pie

August 06, 2018Swati Khandelwal
If you have bet on Peppermint, Pancake or Pastry for "P" in the next version of Google's mobile operating system, sorry guys you lose because Android P stands for Android Pie . Yes, the next version of sugary snack-themed Android and the successor to Android Oreo will now be known as Android 9.0 Pie , and it has officially arrived, Google revealed on Monday. Android 9 Pie — 5 Best New Features Google says Android Pie comes with a "heaping helping of artificial intelligence baked in to make your phone smarter, simpler, and more tailored to you." 1.) AI-Powered Adaptive Battery Despite Google has made its efforts since it brought a power saving mode called Doze in  Android 6.0 Marshmallow , Battery life has always been a big concern for people. Android 9 Pie introduces a new feature called "Adaptive Battery," which uses machine learning to learn which apps you use most and prioritize battery for them accordingly. "Android 9 int
EU Fines Google Record $5 Billion in Android Antitrust Case

EU Fines Google Record $5 Billion in Android Antitrust Case

July 18, 2018Swati Khandelwal
Google has been hit by a record-breaking $5 billion antitrust fine by the European Union regulators for abusing the dominance of its Android mobile operating system and thwarting competitors. That's the largest ever antitrust penalty. Though Android is an open-source and free operating system, device manufacturers still have to obtain a license, with certain conditions, from Google to integrate its Play Store service within their smartphones. The European Commission levied the fine Wednesday, saying that Google has broken the law by forcing Android smartphone manufacturers to pre-install its own mobile apps and services, like Google Search, Chrome, YouTube, and Gmail, as a condition for licensing. This tactic eventually gives Google's app and services an unfair preference over other rival services, preventing rivals from innovating and competing, which is "illegal under EU antitrust rules." Google's Android operating system runs on more than 80 percen
Google Solves Update Issue for Android Apps Installed from Unknown Sources

Google Solves Update Issue for Android Apps Installed from Unknown Sources

June 21, 2018Swati Khandelwal
If you are wondering how to receive latest updates for an Android app—installed via a 3rd party source or peer-to-peer app sharing—directly from Google Play Store. For security reasons, until now apps installed from third-party sources cannot be updated automatically over-the-air, as Google does not recognize them as Play Store apps and they do not show up in your Google account app list as well. Late last year, Google announced its plan to set up an automated mechanism to verify the authenticity of an app by adding a small amount of security metadata on top of each Android application package (in the APK Signing Block) distributed by its Play Store. This metadata is like a digital signature that would help your Android device to verify if the origin of an app you have installed from a third-party source is a Play Store app and have not been tempered, for example, a virus is not attached to it. From early 2018, Google has already started implementing this mechanism, which doesn
Thousands of Android Devices Running Insecure Remote ADB Service

Thousands of Android Devices Running Insecure Remote ADB Service

June 12, 2018Swati Khandelwal
Despite warnings about the threat of leaving insecure remote services enabled on Android devices, manufacturers continue to ship devices with open ADB debug port setups that leave Android-based devices exposed to hackers. Android Debug Bridge (ADB) is a command-line feature that generally uses for diagnostic and debugging purposes by helping app developers communicate with Android devices remotely to execute commands and, if necessary, completely control a device. Usually, developers connect to ADB service installed on Android devices using a USB cable, but it is also possible to use ADB wirelessly by enabling a daemon server at TCP port 5555 on the device. If left enabled, unauthorized remote attackers can scan the Internet to find a list of insecure Android devices running ADB debug interface over port 5555, remotely access them with highest "root" privileges, and then silently install malware without any authentication. Therefore, vendors are recommended to make
OnePlus 6 Flaw Allows to Boot Any Image Even With Locked Bootloader

OnePlus 6 Flaw Allows to Boot Any Image Even With Locked Bootloader

June 11, 2018Mohit Kumar
Have you recently bought a OnePlus 6? Don't leave your phone unattended. A serious vulnerability has been discovered in the OnePlus 6 bootloader that makes it possible for someone to boot arbitrary or modified images to take full admin control of your phone—even if the bootloader is locked. A bootloader is part of the phone's built-in firmware and locking it down stops users from replacing or modifying the phone's operating system with any uncertified third-party ROMs, ensuring the system boots into the right operating system. Discovered by security researcher Jason Donenfeld of Edge Security , the bootloader on OnePlus 6 is not entirely locked, allowing anyone to flash any modified boot image on to the handset and take full control of your phone. In a video demonstration, Donenfeld showed how it is possible for an attacker with physical access to OnePlus 6 to boot any malicious image using the ADB tool's fastboot command, giving the attacker complete control ove
Google Makes it Mandatory for OEMs to Roll Out Android Security Updates Regularly

Google Makes it Mandatory for OEMs to Roll Out Android Security Updates Regularly

May 11, 2018Mohit Kumar
Security of Android devices has been a nightmare since its inception, and the biggest reason being is that users don't receive latest security patch updates regularly. Precisely, it's your device manufacturer (Android OEMs) actually who takes time to roll out security patches for your devices and sometimes, even has been caught lying about security updates , telling customers that their smartphones are running the latest updates. Since Google did not have direct control over the OEM branded firmware running on billions of devices, it brought some significant changes to the Android system architecture last year with Project Treble gain more control over the update process. Although Google and device manufacturers have made some progress in the past year, the problem with the security update remains because of OEMs not delivering all patches regularly and on a timely basis, leaving parts of the Android ecosystem exposed to hackers. But here's good news—starting wi
Cybercriminals Hijack Router DNS to Distribute Android Banking Trojan

Cybercriminals Hijack Router DNS to Distribute Android Banking Trojan

April 16, 2018Swati Khandelwal
Security researchers have been warning about an ongoing malware campaign hijacking Internet routers to distribute Android banking malware that steals users' sensitive information, login credentials and the secret code for two-factor authentication. In order to trick victims into installing the Android malware, dubbed Roaming Mantis , hackers have been hijacking DNS settings on vulnerable and poorly secured routers . DNS hijacking attack allows hackers to intercept traffic, inject rogue ads on web-pages and redirect users to phishing pages designed to trick them into sharing their sensitive information like login credentials, bank account details, and more. Hijacking routers' DNS for a malicious purpose is not new. Previously we reported about widespread DNSChanger and Switcher —both the malware worked by changing the DNS settings of the wireless routers to redirect traffic to malicious websites controlled by attackers. Discovered by security researchers at Kaspersk
VirusTotal launches 'Droidy' sandbox to detect malicious Android apps

VirusTotal launches 'Droidy' sandbox to detect malicious Android apps

April 05, 2018Mohit Kumar
One of the biggest and most popular multi-antivirus scanning engine service has today launched a new Android sandbox service, dubbed VirusTotal Droidy , to help security researchers detect malicious apps based on behavioral analysis. VirusTotal, owned by Google, is a free online service that allows anyone to upload files to check them for viruses against dozens of antivirus engines simultaneously. Android Sandbox performs both static and dynamic analysis to automatically detect suspicious applications by executing and monitoring applications in a simulated Android OS environment. Behavioral reports for Android applications (APKs) is not new to VirusTotal, as the website already had service since 2013 that worked based on Cuckoo Sandbox , an open source automated malware analysis system. Replacing this existing system, VirusTotal Droidy has been integrated in the context of the multi-sandbox project and can extract "juicy" details, such as: Network communicatio
New Android Malware Secretly Records Phone Calls and Steals Private Data

New Android Malware Secretly Records Phone Calls and Steals Private Data

April 03, 2018Swati Khandelwal
Security researchers at Cisco Talos have uncovered variants of a new Android Trojan that are being distributed in the wild disguising as a fake anti-virus application, dubbed "Naver Defender." Dubbed KevDroid , the malware is a remote administration tool (RAT) designed to steal sensitive information from compromised Android devices, as well as capable of recording phone calls. Talos researchers published Monday technical details about two recent variants of KevDroid detected in the wild, following the initial discovery of the Trojan by South Korean cybersecurity firm ESTsecurity two weeks ago. Though researchers haven't attributed the malware to any hacking or state-sponsored group, South Korean media have linked KevDroid with North Korea state-sponsored cyber espionage hacking group " Group 123 ," primarily known for targeting South Korean targets. The most recent variant of KevDroid malware, detected in March this year, has the following capabilit
Facebook Collected Your Android Call History and SMS Data For Years

Facebook Collected Your Android Call History and SMS Data For Years

March 25, 2018Swati Khandelwal
Facebook knows a lot about you, your likes and dislikes—it's no surprise. But do you know, if you have installed Facebook Messenger app on your Android device, there are chances that the company had been collecting your contacts, SMS, and call history data at least until late last year. A tweet from Dylan McKay, a New Zealand-based programmer, which received more than 38,000 retweets (at the time of writing), showed how he found his year-old data—including complete logs of incoming and outgoing calls and SMS messages—in an archive he downloaded (as a ZIP file) from Facebook. Facebook was collecting this data on its users from last few years, which was even reported earlier in media, but the story did not get much attention at that time. Since Facebook had been embroiled into controversies over its data sharing practices after the Cambridge Analytica scandal last week, tweets from McKay went viral and has now fueled the never-ending privacy debate. A Facebook spokespe
Pre-Installed Malware Found On 5 Million Popular Android Phones

Pre-Installed Malware Found On 5 Million Popular Android Phones

March 15, 2018Swati Khandelwal
Security researchers have discovered a massive continuously growing malware campaign that has already infected nearly 5 million mobile devices worldwide. Dubbed RottenSys , the malware that disguised as a 'System Wi-Fi service' app came pre-installed on millions of brand new smartphones manufactured by Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung and GIONEE—added somewhere along the supply chain. All these affected devices were shipped through Tian Pai, a Hangzhou-based mobile phone distributor, but researchers are not sure if the company has direct involvement in this campaign. According to Check Point Mobile Security Team, who uncovered this campaign, RottenSys is an advanced piece of malware that doesn't provide any secure Wi-Fi related service but takes almost all sensitive Android permissions to enable its malicious activities. "According to our findings, the RottenSys malware began propagating in September 2016. By March 12, 2018, 4,964,460 devices were
Android P Will Block Background Apps from Accessing Your Camera, Microphone

Android P Will Block Background Apps from Accessing Your Camera, Microphone

February 26, 2018Mohit Kumar
Yes, your smartphone is spying on you. But, the real question is, should you care? We have published thousands of articles on The Hacker News, warning how any mobile app can turn your smartphone into a bugging device—' Facebook is listening to your conversations', ' Stealing Passwords Using SmartPhone Sensors', 'Your Headphones Can Spy On You' and 'Android Malware Found Spying Military Personnel' to name a few. All these stories have different objectives and targets but have one thing in common, i.e., apps running in the background covertly abuse ' permissions ' without notifying users. Installing a single malicious app unknowingly could allow remote attackers to covertly record audio, video, and taking photos in the background. But, not anymore! In a boost to user privacy, the next version of Google's mobile operating system, Android P, will apparently block apps idling in the background from accessing your smartphone's camera a
Facebook Password Stealing Apps Found on Android Play Store

Facebook Password Stealing Apps Found on Android Play Store

January 18, 2018Swati Khandelwal
Even after many efforts made by Google last year, malicious apps always somehow manage to make their ways into Google app store. Security researchers have now discovered a new piece of malware, dubbed GhostTeam , in at least 56 applications on Google Play Store that is designed to steal Facebook login credentials and aggressively display pop-up advertisements to users. Discovered independently by two cybersecurity firms, Trend Micro and Avast , the malicious apps disguise as various utility (such as the flashlight, QR code scanner, and compass), performance-boosting (like file-transfer and cleaner), entertainment, lifestyle and video downloader apps. Like most malware apps, these Android apps themselves don't contain any malicious code, which is why they managed to end up on Google's official Play Store. Once installed, it first confirms if the device is not an emulator or a virtual environment and then accordingly downloads the malware payload, which prompts the victim to
Skygofree — Powerful Android Spyware Discovered

Skygofree — Powerful Android Spyware Discovered

January 16, 2018Mohit Kumar
Security researchers have unveiled one of the most powerful and highly advanced Android spyware tools that give hackers full control of infected devices remotely. Dubbed Skygofree , the Android spyware has been designed for targeted surveillance, and it is believed to have been targeting a large number of users for the past four years. Since 2014, the Skygofree implant has gained several novel features previously unseen in the wild, according to a new report published by Russian cybersecurity firm Kaspersky Labs. The 'remarkable new features' include location-based audio recording using device's microphone, the use of Android Accessibility Services to steal WhatsApp messages, and the ability to connect infected devices to malicious Wi-Fi networks controlled by attackers. Skygofree is being distributed through fake web pages mimicking leading mobile network operators, most of which have been registered by the attackers since 2015—the year when the distribution ca
[Guide] How to Protect Your Devices Against Meltdown and Spectre Attacks

[Guide] How to Protect Your Devices Against Meltdown and Spectre Attacks

January 05, 2018Swati Khandelwal
Recently uncovered two huge processor vulnerabilities called Meltdown and Spectre have taken the whole world by storm, while vendors are rushing out to patch the vulnerabilities in its products. The issues apply to all modern processors and affect nearly all operating systems (Windows, Linux, Android, iOS, macOS, FreeBSD, and more), smartphones and other computing devices made in the past 20 years. What are Spectre and Meltdown? We have explained both , Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715), exploitation techniques in our previous article. In short, Spectre and Meltdown are the names of security vulnerabilities found in many processors from Intel, ARM and AMD that could allow attackers to steal your passwords, encryption keys and other private information. Both attacks abuse 'speculative execution' to access privileged memory—including those allocated for the kernel—from a low privileged user process like a malicious app running on a
Critical "Same Origin Policy" Bypass Flaw Found in Samsung Android Browser

Critical "Same Origin Policy" Bypass Flaw Found in Samsung Android Browser

December 29, 2017Mohit Kumar
A critical vulnerability has been discovered in the browser app comes pre-installed on hundreds of millions of Samsung Android devices that could allow an attacker to steal data from browser tabs if the user visits an attacker-controlled site. Identified as CVE-2017-17692 , the vulnerability is Same Origin Policy (SOP) bypass issue that resides in the popular Samsung Internet Browser version 5.4.02.3 and earlier. The Same Origin Policy or SOP is a security feature applied in modern browsers that is designed to make it possible for web pages from the same website to interact while preventing unrelated sites from interfering with each other. In other words, the SOP makes sure that the JavaScript code from one origin should not be able to access the properties of a website on another origin. The SOP bypass vulnerability in the Samsung Internet Browser, discovered by Dhiraj Mishra , could allow a malicious website to steal data, such as passwords or cookies, from the sites ope
This New Android Malware Can Physically Damage Your Phone

This New Android Malware Can Physically Damage Your Phone

December 19, 2017Mohit Kumar
Due to the recent surge in cryptocurrency prices, not only hackers but also legitimate website administrators are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of your PC to mine Bitcoin or other cryptocurrencies. Just last week, researchers from AdGuard discovered that some popular video streaming and ripper sites including openload, Streamango, Rapidvideo, and OnlineVideoConverter hijacks CPU cycles from their over hundreds of millions of visitors for mining Monero cryptocurrency. Now, researchers from Moscow-based cyber security firm Kaspersky Lab have uncovered a new strain of Android malware lurking in fake anti-virus and porn applications, which is capable of performing a plethora of nefarious activities—from mining cryptocurrencies to launching Distributed Denial of Service (DDoS) attacks. Dubbed Loapi , the new Android Trojan can perform so many more malicious activities at a time that can exploit a handset to the e
Password Stealing Apps With Over A Million Downloads Found On Google Play Store

Password Stealing Apps With Over A Million Downloads Found On Google Play Store

December 13, 2017Swati Khandelwal
Even after so many efforts by Google like launching bug bounty program and preventing apps from using Android accessibility services , malicious applications somehow manage to get into Play Store and infect people with malicious software. The same happened once again when security researchers discovered at least 85 applications in Google Play Store that were designed to steal credentials from users of Russian-based social network VK.com and were successfully downloaded millions of times. The most popular of all masqueraded as a gaming app with more than a million downloads. When this app was initially submitted in March 2017, it was just a gaming app without any malicious code, according to a blog post published Tuesday by Kaspersky Lab. However, after waiting for more than seven months, the malicious actors behind the app updated it with information-stealing capabilities in October 2017. Besides this gaming app, the Kaspersky researchers found 84 such apps on Google Play
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.