The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: mobile hacking

Powerful FinSpy Spyware Found Targeting iOS and Android Users in Myanmar

Powerful FinSpy Spyware Found Targeting iOS and Android Users in Myanmar

July 10, 2019Swati Khandelwal
One of the most powerful, infamous, and advanced piece of government-grade commercial surveillance spyware dubbed FinSpy —also known as FinFisher —has been discovered in the wild targeting users in Myanmar. Created by German company Gamma International, FinSpy is spying software that can target various mobile platforms including iOS and Android, we well as desktop operating systems. Gamma Group reportedly sells its controversial FinSpy espionage tool exclusively to government agencies across the world, but also gained notoriety for targeting human rights activists in many countries. The FinSpy implant is capable of stealing an extensive amount of personal information from targeted mobile devices, such as SMS/MMS messages, phone call recordings, emails, contacts, pictures, files, and GPS location data. In its latest report published today, Kaspersky researchers revealed a cyber-espionage campaign that involves targeting Myanmar users with the latest versions of FinSpy impl
Insecure UC Browser 'Feature' Lets Hackers Hijack Android Phones Remotely

Insecure UC Browser 'Feature' Lets Hackers Hijack Android Phones Remotely

March 26, 2019Swati Khandelwal
Beware! If you are using UC Browser on your smartphones, you should consider uninstalling it immediately. Why? Because the China-made UC Browser contains a "questionable" ability that could be exploited by remote attackers to automatically download and execute code on your Android devices. Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically in China and India, with a massive user base of more than 500 million users worldwide. According to a new report published today by Dr. Web firm, since at least 2016, UC Browser for Android has a "hidden" feature that allows the company to anytime download new libraries and modules from its servers and install them on users' mobile devices. Pushing Malicious UC Browser Plug-ins Using MiTM Attack What's worrisome? It turns out that the reported feature downloads new plugins from the company server over insecure HTTP protocol instead of encrypted HTTPS proto
New Android Malware Apps Use Motion Sensor to Evade Detection

New Android Malware Apps Use Motion Sensor to Evade Detection

January 18, 2019Mohit Kumar
Even after so many efforts by Google for preventing its Play Store from malware, shady apps somehow managed to fool its anti-malware protections and get into its service to infect Android users with malware. Two such Android apps have recently been spotted on the Google Play Store by security researchers with the Trend Micro malware research team, infecting thousands of Android users who have already downloaded them with banking malware. The apps in question masquerade as a currency exchange app called Currency Converter and battery saver app called BatterySaverMobi , and are using motion-sensor inputs of infected Android devices to monitor them before installing a dangerous banking Trojan called Anubis. The malicious Android apps, with a large number of fake five-star reviews, use this clever trick instead of traditional evasion techniques in order to avoid detection when researchers run emulators (which are less likely to use sensors) to detect such malicious apps. &quo
Google Removes 85 Adware Apps That Infect 9 Million Android Users

Google Removes 85 Adware Apps That Infect 9 Million Android Users

January 09, 2019Swati Khandelwal
Google has removed 85 apps from its Play Store after finding out that they were pushing aggressive, full-screen adware to Android users. With the rise in the mobile market, Adware has become one of the most prevalent mobile threats in the world. Adware has traditionally been used to aggressively push ads like banners or pop-ups on mobile screens to make money for its makers. The now-removed 85 apps in question disguised as games, streaming TV, and remote control simulator apps in the Google Play store and had collectively been installed by nine million users all over the world. Researchers from cyber security company Trend Micro spotted these apps which has the ability to bombard user devices with full-screen advertisements at regular intervals or when users unlock their device by monitoring their screen unlocking functionality. The apps can display ads even when you are not browsing the internet, hide themselves and run in the background on infected devices. The most popul
0-Days Found in iPhone X, Samsung Galaxy S9, Xiaomi Mi6 Phones

0-Days Found in iPhone X, Samsung Galaxy S9, Xiaomi Mi6 Phones

November 15, 2018Swati Khandelwal
At Pwn2Own 2018 mobile hacking competition held in Tokyo on November 13-14, white hat hackers once again demonstrated that even the fully patched smartphones running the latest version of software from popular smartphone manufacturers can be hacked. Three major flagship smartphones—iPhone X, Samsung Galaxy S9, and Xiaomi Mi6—were among the devices that successfully got hacked at the annual mobile hacking contest organized by Trend Micro's Zero Day Initiative (ZDI), earning white hat hackers a total of $325,000 in reward. Teams of hackers participated from different countries or representing different cybersecurity companies disclosed a total of 18 zero-day vulnerabilities in mobile devices made by Apple, Samsung, and Xiaomi, as well as crafted exploits that allowed them to completely take over the targeted devices. Apple iPhone X Running iOS 12.1 — GOT HACKED! A team of two researchers, Richard Zhu and Amat Cama, who named themselves Fluoroacetate, discovered and managed to
A Company Offers $500,000 For Secure Messaging Apps Zero-Day Exploits

A Company Offers $500,000 For Secure Messaging Apps Zero-Day Exploits

August 24, 2017Swati Khandelwal
How much does your privacy cost? It will soon be sold for half a Million US dollars. A controversial company specialises in acquiring and reselling zero-day exploits is ready to pay up to US$500,000 for working zero-day vulnerabilities targeting popular secure messenger applications, such as Signal, Telegram and WhatsApp. Zerodium announced a new pricing structure on Wednesday, paying out $500,000 for fully functional remote code execution (RCE) and local privilege escalation (LPE) vulnerabilities in Signal, WhatsApp, iMessage, Viber, Facebook Messenger, WeChat, and Telegram. The payouts for all these secure messengers have been increased after tech companies introduced end-to-end encryption in their apps, making it more difficult for anyone to compromise their messaging platforms. The same payout is offered for remote code execution and local privilege escalation security flaws in default mobile email applications. Launched in 2015, Zerodium is a Washington, DC-based p
Android Trojan Now Targets Non-Banking Apps that Require Card Payments

Android Trojan Now Targets Non-Banking Apps that Require Card Payments

August 18, 2017Mohit Kumar
The infamous mobile banking trojan that recently added ransomware features to steal sensitive data and lock user files at the same time has now been modified to steal credentials from Uber and other booking apps as well. Security researchers at Kaspersky Lab have discovered a new variant of the Android banking Trojan called Faketoken that now has capabilities to detect and record an infected device's calls and display overlays on top of taxi booking apps to steal banking information. Dubbed Faketoken.q , the new variant of mobile banking trojan is being distributed using bulk SMS messages as their attack vector, prompting users to download an image file that actually downloads the malware. Malware Spy On Telephonic Conversations Once downloaded, the malware installs the necessary modules and the main payload, which hides its shortcut icon and begins monitoring everything—from every calls to launched apps—that happens on the infected Android device. When calls are m
Dangerous Mobile Banking Trojan Gets 'Keylogger' to Steal Everything

Dangerous Mobile Banking Trojan Gets 'Keylogger' to Steal Everything

August 01, 2017Swati Khandelwal
Cyber criminals are becoming more adept, innovative, and stealthy with each passing day. They have now shifted from traditional to more clandestine techniques that come with limitless attack vectors and are harder to detect. Security researchers have discovered that one of the most dangerous Android banking Trojan families has now been modified to add a keylogger to its recent strain, giving attackers yet another way to steal victims sensitive data. Kaspersky Lab's Senior malware analyst Roman Unuchek spotted a new variant of the well-known Android banking Trojan, dubbed Svpeng , in the mid of last month with a new keylogger feature, which takes advantage of Android's Accessibility Services. Trojan Exploits 'Accessibility Services' to Add Keylogger Yes, the keylogger added in the new version of Svpeng takes advantage of Accessibility Services — an Android feature that provides users alternative ways to interact with their smartphone devices. This change makes
Insecure Apps that Open Ports Leave Millions of Smartphones at Risk of Hacking

Insecure Apps that Open Ports Leave Millions of Smartphones at Risk of Hacking

April 29, 2017Mohit Kumar
A team of researchers from the University of Michigan discovered that hundreds of applications in Google Play Store have a security hole that could potentially allow hackers to steal data from and even implant malware on millions of Android smartphones. The University of Michigan team says that the actual issue lies within apps that create open ports — a known problem with computers — on smartphones. So, this issue has nothing to do with your device's operating system or the handset; instead, the origin of this so-called backdoor is due to insecure coding practices by various app developers. The team used its custom tool to scan over 100,000 Android applications and found 410 potentially vulnerable applications — many of which have been downloaded between 10 and 50 Million times and at least one app comes pre-installed on Android smartphones. Here I need you to stop and first let's understand exactly what ports do and what are the related threats. Ports can be eit
Phone-Hacking Firm Cellebrite Got Hacked; 900GB Of Data Stolen

Phone-Hacking Firm Cellebrite Got Hacked; 900GB Of Data Stolen

January 12, 2017Swati Khandelwal
The company that sells digital forensics and mobile hacking tools to others has itself been hacked. Israeli firm Cellebrite , the popular company that provides digital forensics tools and software to help law enforcement access mobile phones in investigations, has had 900 GB of its data stolen by an unknown hacker. But the hacker has not yet publicly released anything from the stolen data archive, which includes its customer information, user databases, and a massive amount of technical data regarding its hacking tools and products. Instead, attackers are looking for possible opportunities to sell the access to Cellebrite system and data on a few selected IRC chat rooms, the hacker told Joseph Cox, contributor at Motherboard , who was contacted by the hacker and received a copy of the stolen data. Meanwhile, Cellebrite also admitted that it recently experienced "unauthorized access to an external web server," and said that it is "conducting an investigation
More Firmware Backdoor Found In Cheap Android Phones

More Firmware Backdoor Found In Cheap Android Phones

December 13, 2016Swati Khandelwal
Here's some bad news for Android users again. Certain low-cost Android smartphones and tablets are shipped with malicious firmware, which covertly gathers data about the infected devices, displays advertisements on top of running applications and downloads unwanted APK files on the victim's devices. Security researchers from Russian antivirus vendor Dr.Web have discovered two types of downloader Trojans that have been incorporated in the firmware of a large number of popular Android devices operating on the MediaTek platform, which are mostly marketed in Russia. The Trojans, detected as Android.DownLoader.473.origin and Android.Sprovider.7 , are capable of collecting data about the infected devices, contacting their command-and-control servers, automatically updating themselves, covertly downloading and installing other apps based on the instructions it receives from their server, and running each time the device is restarted or turned on. The list of Android devic
Hacking Firmware from Mobile Phone Hacking Company Leaked Online

Hacking Firmware from Mobile Phone Hacking Company Leaked Online

October 26, 2016Swati Khandelwal
The Israeli firm Cellebrite , which provides digital forensics tools and software to help law enforcement access mobile phones in investigations, has had its firmware and software leaked online. Yes, you heard that right. Cellebrite's most sensitive in-house capabilities have been made public by one of its products' resellers, who is now distributing copies of Cellebrite's firmware and software for anyone to download. The apparent reseller is McSira Professional Solutions , which hosts software for various versions of Cellebrite's Universal Forensic Extraction Device (UFED). UFED is one of the company's key products that help investigators bypass the security mechanisms of mobile phones, especially iPhones, and extract all data and passwords from them. For the Cellebrite's hand on iOS devices, you can watch the 2015 YouTube video (below), which demonstrates one of the company's products that unlocked the iPhone device in few hours. Download  L
Tonight Mr. Robot is Going to Reveal ‘Dream Device For Hackers’

Tonight Mr. Robot is Going to Reveal 'Dream Device For Hackers'

September 01, 2016Mohit Kumar
Mr. Robot is the rare show that provides a realistic depiction of hacks and vulnerabilities that are at the forefront of cyber security. This is the reason it's been the most popular TV show of its kind. Throughout season 1 and season 2, we have seen that connected devices are the entry point of choice of Elliot and fsociety to breach networks and traditional security controls. Pwn Phone On Mr. Robot Show In this week's episode, Elliot uses a Pwnie Express Pwn Phone, which he describes as " a dream device for pentester ," to run a custom script he has written to take over someone else's phone. Security pros have long know about the Pwn Phone as a powerful mobile platform for penetration testing and security assessments, so it is not surprising to see it on Mr. Robot. The coolest part is that Pwnie Express is giving away a Pwn Phone , just like the one used in the show. The Pwn Phone is a mobile pentesting device that makes it incredibly easy to evaluate wired, wirel
Google has also been Ordered to Unlock 9 Android Phones

Google has also been Ordered to Unlock 9 Android Phones

March 30, 2016Swati Khandelwal
The legal battle between Apple and the FBI (Federal Bureau of Investigation) over a locked iPhone that belonged to one of the San Bernardino shooters may be over, but the Department of Justice (DoJ) are back in front of a judge with a similar request. The American Civil Liberties Union (ACLU) has discovered publicly available court documents that revealed the government has asked Google's assistance to help the Feds hack into at least nine locked Android smartphones citing the All Writs Act . Yes, Apple is not the only company facing government requests over privacy and security — Google is also in the list. The Google court documents released by the ACLU show that many federal agencies have been using the All Writs Act – the same ancient law the DoJ was invoking in the San Bernardino case to compel Apple to help the FBI in the terrorist investigation. Additionally, the ACLU also released 54 court cases in which the federal authorities asked Apple for assistance to help t
Today NSA has Stopped its Bulk Phone Surveillance Program

Today NSA has Stopped its Bulk Phone Surveillance Program

November 30, 2015Swati Khandelwal
Rejoice! From this morning, you can call freely to anyone, talk anything without any fear of being spied by the United States National Security Agency (NSA), as the agency is not allowed to collect bulk phone records . Until now we all are aware of the NSA's bulk phone surveillance program – thanks to former NSA employee Edward Snowden , who leaked the very first top secret documents of the agency in 2013. However, more than two years later of the first revelation, that bulk phone surveillance program has finally come to an end. End of Bulk Phone Surveillance Program The White House announced Friday evening on the intelligence community's official Tumblr that the NSA will officially be shutting down its bulk phone surveillance program by Sunday, November 29. Under this program, the US intelligence agency collected only the " metadata " that reveals data related to the called phone numbers (i.e. which numbers are calling and what time they
Backdoor in Baidu Android SDK Puts 100 Million Devices at Risk

Backdoor in Baidu Android SDK Puts 100 Million Devices at Risk

November 03, 2015Mohit Kumar
The China's Google-like Search Engine Baidu is offering a software development kit (SDK) that contains functionality that can be abused to give backdoor-like access to a user's device, potentially exposing around 100 Million Android users to malicious hackers . The SDK in question is Moplus , which may not be directly available to the public but has already made its way into more than 14,000 Android apps, of which around 4,000 are actually created by Baidu. Overall, more than 100 Million Android users, who have downloaded these apps on their smartphones, are in danger. Security researchers from Trend Micro have discovered a vulnerability in the Moplus SDK, called Wormhole , that allows attackers to launch an unsecured and unauthenticated HTTP server connection on affected devices, which works silently in the background, without the user's knowledge. Also Read:   More than 26 Android Phone Models Shipped with Pre-Installed Spyware This unsecured serv
Stagefright Bug 2.0 — One Billion Android SmartPhones Vulnerable to Hacking

Stagefright Bug 2.0 — One Billion Android SmartPhones Vulnerable to Hacking

October 01, 2015Mohit Kumar
Attention Android users! More than 1 Billion Android devices are vulnerable to hackers once again – Thanks to newly disclosed two new Android Stagefright vulnerabilities . Yes, Android Stagefright bug is Back… …and this time, the flaw allows an attacker to hack Android smartphones just by tricking users into visiting a website that contains a malicious multimedia file, either MP3 or MP4. In July, Joshua Drake, a Security researcher at Zimperium revealed the first Stagefright bug that allowed hackers to hijack Android smartphones with just a simple text message ( exploit code ). How Stagefright Bug 2.0 Works Both newly discovered vulnerabilities ( CVE-2015-6602 and CVE-2015-3876 ) also reside in the Android Media Playback Engine called ' Stagefright ' and affects all Android OS version from 1 to latest release 5.1.1. Reportedly, merely previewing a maliciously crafted song or video file would execute the Stagefright Bug 2.0 exploit , allowing h
iOS Sandbox Vulnerability Puts Enterprise Data at Risk

iOS Sandbox Vulnerability Puts Enterprise Data at Risk

August 26, 2015Khyati Jain
" Change is the only constant thing ," as it is known could be now modified as " Change is the only constant thing* ," where the * means Terms and conditions apply ! A change ( Mobile Device Management solutions-MDM , Bring Your Own Device-BYOD ) was brought to the organizations, (which later became necessities) for smooth workflow and management of an organization; where resides mobile and other computing devices in masses. The devices, as well as the MDM solutions, are at risk , as reported. Security researchers at Appthority Mobile Threat Team, have found a vulnerability in the sandbox app within the Apple's iOS versions prior to 8.4.1, which makes the configuration settings of managed applications to be openly accessed by anyone. QuickSand – Loophole in Sandbox The vulnerability is assigned CVE-2015-5749 and is named as ' QuickSand ' because of the loophole being present in the Sandbox. Mobile Device Management (MDM) refe
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.