#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Malware apps | Breaking Cybersecurity News | The Hacker News

Category — Malware apps
New Android Malware Now Steals Passwords For Non-Banking Apps Too

New Android Malware Now Steals Passwords For Non-Banking Apps Too

Jul 16, 2020
Cybersecurity researchers today uncovered a new strain of banking malware that targets not only banking apps but also steals data and credentials from social networking, dating, and cryptocurrency apps—a total of 337 non-financial Android applications on its target list. Dubbed " BlackRock " by ThreatFabric researchers, which discovered the trojan in May, its source code is derived from a leaked version of Xerxes banking malware, which itself is a strain of the LokiBot Android banking trojan that was first observed during 2016-2017. Chief among its features are stealing user credentials, intercepting SMS messages, hijacking notifications, and even recording keystrokes from the targeted apps, in addition to being capable of hiding from antivirus software. "Not only did the [BlackRock] Trojan undergo changes in its code, but also comes with an increased target list and has been ongoing for a longer period," ThreatFabric said. "It contains an important nu...
Joker Malware Apps Once Again Bypass Google's Security to Spread via Play Store

Joker Malware Apps Once Again Bypass Google's Security to Spread via Play Store

Jul 09, 2020
Cybersecurity researchers took the wraps off yet another instance of Android malware hidden under the guise of legitimate applications to stealthily subscribe unsuspecting users for premium services without their knowledge. In a report published by Check Point research today, the malware — infamously called Joker (or Bread) — has found another trick to bypass Google's Play Store protections: obfuscate the malicious DEX executable inside the application as Base64 encoded strings, which are then decoded and loaded on the compromised device. Following responsible disclosure by Check Point researchers, the 11 apps ( list and hashes here ) in question were removed by Google from the Play Store on April 30, 2020. "The Joker malware is tricky to detect, despite Google's investment in adding Play Store protections," said Check Point 's Aviran Hazum, who identified the new modus operandi of Joker malware. "Although Google removed the malicious apps from the P...
Cyber Story Time: The Boy Who Cried "Secure!"

Cyber Story Time: The Boy Who Cried "Secure!"

Nov 21, 2024Threat Detection / Pentesting
As a relatively new security category, many security operators and executives I've met have asked us "What are these Automated Security Validation (ASV) tools?" We've covered that pretty extensively in the past, so today, instead of covering the " What is ASV?" I wanted to address the " Why ASV?" question. In this article, we'll cover some common use cases and misconceptions of how people misuse and misunderstand ASV tools daily (because that's a lot more fun). To kick things off, there's no place to start like the beginning. Automated security validation tools are designed to provide continuous, real-time assessment of an organization's cybersecurity defenses. These tools are continuous and use exploitation to validate defenses like EDR, NDR, and WAFs. They're more in-depth than vulnerability scanners because they use tactics and techniques that you'll see in manual penetration tests. Vulnerability scanners won't relay hashes or combine vulnerabilities to further attacks, whic
Hackers Used Local News Sites to Install Spyware On iPhones

Hackers Used Local News Sites to Install Spyware On iPhones

Mar 27, 2020
A newly discovered watering-hole campaign is targeting Apple iPhone users in Hong Kong by using malicious website links as a lure to install spyware on the devices. According to research published by Trend Micro and Kaspersky , the " Operation Poisoned News " attack leverages a remote iOS exploit chain to deploy a feature-rich implant called 'LightSpy' through links to local news websites, which when clicked, executes the malware payload and allows an interloper to exfiltrate sensitive data from the affected device and even take full control. Watering-hole attacks typically let a bad actor compromise a specific group of end-users by infecting websites that they are known to visit, with an intention to gain access to the victim's device and load it with malware. The APT group, dubbed "TwoSail Junk" by Kaspersky, is said to be leveraging vulnerabilities present in iOS 12.1 and 12.2 spanning all models from iPhone 6 to the iPhone X, with the attac...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
Watch Out: Android Apps in Google Play Store Capitalizing on Coronavirus Outbreak

Watch Out: Android Apps in Google Play Store Capitalizing on Coronavirus Outbreak

Mar 26, 2020
Preying on public fears, the ongoing coronavirus outbreak is proving to be a goldmine of opportunity for attackers to stage a variety of malware attacks, phishing campaigns, and create scam sites and malicious tracker apps. Now in a fresh twist, third-party Android app developers too have begun to take advantage of the situation to use coronavirus-related keywords in their app names, descriptions, or in the package names so as to drop malware, perpetrate financial theft and rank higher in Google Play Store searches related to the topic. "Most malicious apps found are bundle threats that range from ransomware to SMS-sending malware, and even spyware designed to clean out the contents of victims' devices for personal or financial data," Bitdefender researchers said in a telemetry analysis report shared with The Hacker News. The find by Bitdefender is the latest in an avalanche of digital threats piggybacking on the coronavirus pandemic. Using Coronavirus-Relat...
TrickBot Mobile App Bypasses 2‐Factor Authentication for Net Banking Services

TrickBot Mobile App Bypasses 2‐Factor Authentication for Net Banking Services

Mar 25, 2020
The malware authors behind TrickBot banking Trojan have developed a new Android app that can intercept one-time authorization codes sent to Internet banking customers via SMS or relatively more secure push notifications, and complete fraudulent transactions. The Android app, called " TrickMo " by IBM X-Force researchers, is under active development and has exclusively targeted German users whose desktops have been previously infected with the TrickBot malware. "Germany is one of the first attack turfs TrickBot spread to when it first emerged in 2016," IBM researchers said. "In 2020, it appears that TrickBot's vast bank fraud is an ongoing project that helps the gang monetize compromised accounts." The name TrickMo is a direct reference to a similar kind of Android banking malware called ZitMo that was developed by Zeus cybercriminal gang in 2011 to defeat SMS-based two-factor authentication. The development is the latest addition in the ars...
Mysterious malware that re-installs itself infected over 45,000 Android Phones

Mysterious malware that re-installs itself infected over 45,000 Android Phones

Oct 29, 2019
Over the past few months, hundreds of Android users have been complaining online of a new piece of mysterious malware that hides on the infected devices and can reportedly reinstall itself even after users delete it, or factory reset their devices. Dubbed Xhelper , the malware has already infected more than 45,000 Android devices in just the last six months and is continuing to spread by infecting at least 2,400 devices on an average each month, according to the latest report published today by Symantec. Here below, I have collected excerpts from some comments that affected users shared on the online forums while asking for how to remove the Xhelper Android malware: "xhelper regularly reinstalls itself, almost every day!" "the 'install apps from unknown sources' setting turns itself on." "I rebooted my phone and also wiped my phone yet the app xhelper came back." "Xhelper came pre-installed on the phone from China." ...
42 Adware Apps with 8 Million Downloads Traced Back to Vietnamese Student

42 Adware Apps with 8 Million Downloads Traced Back to Vietnamese Student

Oct 24, 2019
First of all, if you have any of the below-listed apps installed on your Android device, you are advised to uninstall it immediately. Cybersecurity researchers have identified 42 apps on the Google Play Store with a total of more than 8 million downloads, which were initially distributed as legitimate applications but later updated to maliciously display full-screen advertisements to their users. Discovered by ESET security researcher Lukas Stefanko, these adware Android applications were developed by a Vietnamese university student, who easily got tracked likely because he never bothered to hide his identity. The publicly available registration details of a domain associated with the adware apps helped find the identity of the rogue developer, including his real name, address, and phone number, which eventually led the researcher to his personal accounts on Facebook, GitHub, and YouTube. "Seeing that the developer did not take any measures to protect his identity, it ...
'Exodus' Surveillance Malware Found Targeting Apple iOS Users

'Exodus' Surveillance Malware Found Targeting Apple iOS Users

Apr 09, 2019
Cybersecurity researchers have discovered an iOS version of the powerful mobile phone surveillance app that was initially targeting Android devices through apps on the official Google Play Store. Dubbed Exodus , as the malware is called, the iOS version of the spyware was discovered by security researchers at LookOut during their analysis of its Android samples they had found last year. Unlike its Android variant, the iOS version of Exodus has been distributed outside of the official App Store, primarily through phishing websites that imitate Italian and Turkmenistani mobile carriers. Since Apple restricts direct installation of apps outside of its official app store, the iOS version of Exodus is abusing the Apple Developer Enterprise program, which allows enterprises to distribute their own in-house apps directly to their employees without needing to use the iOS App Store. "Each of the phishing sites contained links to a distribution manifest, which contained metadata...
Google Removes 85 Adware Apps That Infect 9 Million Android Users

Google Removes 85 Adware Apps That Infect 9 Million Android Users

Jan 09, 2019
Google has removed 85 apps from its Play Store after finding out that they were pushing aggressive, full-screen adware to Android users. With the rise in the mobile market, Adware has become one of the most prevalent mobile threats in the world. Adware has traditionally been used to aggressively push ads like banners or pop-ups on mobile screens to make money for its makers. The now-removed 85 apps in question disguised as games, streaming TV, and remote control simulator apps in the Google Play store and had collectively been installed by nine million users all over the world. Researchers from cyber security company Trend Micro spotted these apps which has the ability to bombard user devices with full-screen advertisements at regular intervals or when users unlock their device by monitoring their screen unlocking functionality. The apps can display ads even when you are not browsing the internet, hide themselves and run in the background on infected devices. The most popul...
More than 1,000 Spyware Apps Found On Android App Stores

More than 1,000 Spyware Apps Found On Android App Stores

Aug 11, 2017
If you think you are downloading apps from Google Play Store and you are secure, then watch out! Someone has managed to flood third-party app stores and Google Play Store with more than a thousand malicious apps, which can monitor almost anything a user does on their mobile device from silently recording calls to make outbound calls without the user's interaction. Dubbed SonicSpy , the spyware has been spreading aggressively across Android app stores since at least February and is being distributed by pretending itself to be a messaging app—and it actually offers a messaging service. SonicSpy Can Perform a Whole Lots of Malicious Tasks At the same time, the SonicSpy spyware apps perform various malicious tasks, including silently recording calls and audio from the microphone, hijacking the device's camera and snap photos, making outbound calls without the user's permission, and sending text messages to numbers chosen by the attacker. Besides this, the SonicSpy sp...
Google Detects Dangerous Spyware Apps On Android Play Store

Google Detects Dangerous Spyware Apps On Android Play Store

Jul 27, 2017
Security researchers at Google have discovered a new family of deceptive Android spyware that can steal a whole lot of information on users, including text messages, emails, voice calls, photos, location data, and other files, and spy on them. Dubbed Lipizzan , the Android spyware appears to be developed by Equus Technologies, an Israeli startup that Google referred to as a 'cyber arms' seller in a blog post published Wednesday. With the help of Google Play Protect , the Android security team has found Lipizzan spyware on at least 20 apps in Play Store, which infected fewer than 100 Android smartphones in total. Google has quickly blocked and removed all of those Lipizzan apps and the developers from its Android ecosystem, and Google Play Protect has notified all affected victims. For those unaware, Google Play Protect is part of the Google Play Store app and uses machine learning and app usage analysis to weed out the dangerous and malicious apps. Lipizzan: Soph...
Scammers Are Using Fake Apple In-App Subscriptions to Make Lot of Money

Scammers Are Using Fake Apple In-App Subscriptions to Make Lot of Money

Jun 13, 2017
In this year's annual event, Apple announced that the company had paid out $70 Billion to developers in the App Store's lifetime and that $21 Billion of the amount was paid in the last year alone. But has all this money gone to the legitimate app developers? Probably not, as app developer Johnny Lin last week analyzed the Apple's App Store and discovered that most of the trending apps on the app store are completely fake and are earning their makers hundreds of thousands of dollars through in-app purchases and subscriptions. Scammers Use 'Search Ads' Platform to Boost App Ranking Shady developers are abusing Apple's relatively new and immature App Store Search Ads, which was launched at last year's Worldwide Developers Conference (WWDC), to promote their app in the store by using a few strategically chosen search ads and a bit of SEO. "They're taking advantage of the fact that there's no filtering or approval process for ads, and ...
Dozens of Malicious Apps on Play Store can Root & Hack 90% of Android Devices

Dozens of Malicious Apps on Play Store can Root & Hack 90% of Android Devices

Jun 25, 2016
It's not at all surprising that the Google Play Store is surrounded by a large number of malicious apps that has the ability to gain users' attention into falling victim for one, but this time, it is even worse than most people realize. Researchers at Trend Micro have detected a family of malicious apps, dubbed ' Godless ,' that has the capability of secretly rooting almost 90 percent of all Android phones. Well, that's slightly terrifying. The malicious apps are distributed via different methods and variety of app stores, including Google Play Store, which is usually considered as a safe option for downloading apps. Also Read:   Crazy hacker implants NFC Chip in his hand to hack Android phones . The malicious apps packed with Godless contain a collection of open-source or leaked Android rooting exploits that works on any device running Android 5.1 Lollipop or earlier. 90% Android Devices are Vulnerable to Godless Rooting Malware Since Android eco...
Warning! Popular Apple Store Apps Infected with Data-Theft Malware

Warning! Popular Apple Store Apps Infected with Data-Theft Malware

Sep 21, 2015
Unlike Google Play Store, Apple App Store is well known for not allowing any malformed apps to enter its Apple ecosystem because of its tight security checks. But, not anymore. Hundreds of malicious apps managed to get hosted on Apple's official App store and subsequently downloaded by  several hundred Million iPad and iPhone owners . Out of them, Palo Alto Networks published a list of 39 malicious yet legitimate apps that made ways to the App Store.  First Major Malware Attack on Apple's App Store Yes, Apple App Store is targeted by a malware attack in which some versions of software used by software developers to build their apps for iOS and OS X were infected with malware, named XcodeGhost . XcodeGhost secretly sniffs off data from customer's device and uploads it to the attacker's servers without the user's knowledge, according to security firm Palo Alto Networks. Apps were infected after developers used a malicious version...
Expert Insights / Articles Videos
Cybersecurity Resources