mobile security | Breaking Cybersecurity News | The Hacker News

Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication and seize control of the devices. The approach, dubbed  BrutePrint , bypasses limits put in place to counter failed biometric authentication attempts by weaponizing two zero-day vulnerabilities in the smartphone fingerprint authentication (SFA) framework. The flaws, Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL), leverage logical defects in the authentication framework, which arises due to insufficient protection of fingerprint data on the Serial Peripheral Interface (SPI) of fingerprint sensors. The result is a "hardware approach to do man-in-the-middle (MitM) attacks for fingerprint image hijacking," researchers Yu Chen and Yiling He  said  in a research paper. "BrutePrint acts as a middleman between fingerprint sensor and  TEE  [Trusted Execution Environment]." The goal, at its core, is to be

A cybercrime enterprise known as  Lemon Group  is leveraging millions of pre-infected Android smartphones worldwide to carry out their malicious operations, posing significant supply chain risks. "The infection turns these devices into mobile proxies, tools for stealing and selling SMS messages, social media and online messaging accounts and monetization via advertisements and click fraud," cybersecurity firm Trend Micro  said . The activity encompasses no fewer than 8.9 million compromised Android devices, particularly budget phones, with the highest concentration of the infections discovered in the U.S., Mexico, Indonesia, Thailand, Russia, South Africa, India, Angola, the Philippines, and Argentina. The findings were  presented  by researchers Fyodor Yarochkin, Zhengyu Dong, Vladimir Kropotov, and Paul Pajares at the Black Hat Asia conference held in Singapore last week. Describing it as a  continuously evolving problem , the cybersecurity firm said the threat actors

Wing Security finds and ranks all SaaS applications completely for free, removing unnecessary risk.

A hacking group dubbed  OilAlpha  with suspected ties to Yemen's  Houthi movement  has been linked to a cyber espionage campaign targeting development, humanitarian, media, and non-governmental organizations in the Arabian peninsula. "OilAlpha used encrypted chat messengers like WhatsApp to launch social engineering attacks against its targets," cybersecurity company Recorded Future  said  in a technical report published Tuesday. "It has also used URL link shorteners. Per victimology assessment, it appears a majority of the targeted entities were Arabic-language speakers and operated Android devices." OilAlpha is the new cryptonym given by Recorded Future to two overlapping clusters previously tracked by the company under the names TAG-41 and TAG-62 since April 2022. TAG-XX (short for Threat Activity Group) is the temporary moniker assigned to emerging threat groups. The assessment that the adversary is acting in the interest of the Houthi movement is base

A new Android subscription malware named  Fleckpe  has been unearthed on the Google Play Store, amassing more than 620,000 downloads in total since 2022. Kaspersky, which identified 11 apps on the official app storefront, said the malware masqueraded as legitimate photo editing apps, camera, and smartphone wallpaper packs. The apps have since been taken down. The operation primarily targets users from Thailand, although telemetry data gathered by the Russian cybersecurity firm has revealed victims in Poland, Malaysia, Indonesia, and Singapore. The apps further offer the promised functionality to avoid raising red flags, but conceal their real purpose under the hood. The list of the offending apps is as follows - Beauty Camera Plus (com.beauty.camera.plus.photoeditor) Beauty Photo Camera (com.apps.camera.photos) Beauty Slimming Photo Editor (com.beauty.slimming.pro) Fingertip Graffiti (com.draw.graffiti) GIF Camera Editor (com.gif.camera.editor) HD 4K Wallpaper (com.hd.h4ks.

A new Android surveillanceware possibly used by the Iranian government has been used to spy on over 300 individuals belonging to minority groups. The malware, dubbed  BouldSpy , has been attributed with moderate confidence to the Law Enforcement Command of the Islamic Republic of Iran ( FARAJA ). Targeted victims include Iranian Kurds, Baluchis, Azeris, and Armenian Christian groups. "The spyware may also have been used in efforts to counter and monitor illegal trafficking activity related to arms, drugs, and alcohol," Lookout  said , based on exfiltrated data that contained photos of drugs, firearms, and official documents issued by FARAJA.  BouldSpy, like other Android malware families, abuses its access to Android's accessibility services and other intrusive permissions to harvest sensitive data such as web browser history, photos, contact lists, SMS logs, keystrokes, screenshots, clipboard content, microphone audio, and video call recordings. It's worth poin

A new Android malware strain named  Goldoson  has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads. An additional eight million installations have been tracked through ONE store, a leading third-party app storefront in South Korea. The rogue component is part of a third-party software library used by the apps in question and is capable of gathering information about installed apps, Wi-Fi and Bluetooth-connected devices, and GPS locations. "Moreover, the library is armed with the functionality to perform ad fraud by clicking advertisements in the background without the user's consent," McAfee security researcher SangRyol Ryu  said  in a report published last week. What's more, it includes the ability to stealthily load web pages, a feature that could be abused to load ads for financial profit. It achieves this by loading HTML code in a hidden  WebView  and driving traffic to th

Popular instant messaging app WhatsApp on Thursday announced a new account verification feature that ensures that malware running on a user's mobile device doesn't impact their account. "Mobile device malware is one of the biggest threats to people's privacy and security today because it can take advantage of your phone without your permission and use your WhatsApp to send unwanted messages," the Meta-owned company said in an announcement. Called  Device Verification , the security measure is designed to help prevent account takeover (ATO) attacks by blocking the threat actor's connection and allowing targets of the malware infection to use the app without any interruption. In other words, the goal is to deter attackers' use of malware to steal WhatsApp authentication keys and hijack victim accounts, and subsequently impersonate them to distribute spam and phishing links to other contacts. This, in turn, is achieved by introducing a security-token th

As technology advances, cyberattacks are becoming more sophisticated. With the increasing use of technology in our daily lives, cybercrime is on the rise, as evidenced by the fact that cyberattacks caused  92% of all data breaches  in the first quarter of 2022. Staying current with cybersecurity trends and laws is crucial to combat these threats, which can significantly impact business development.  In 2023, the cybersecurity market is expected to see new trends, and businesses must be adequately prepared for any developments. Andrey Slastenov, Head of Web Security at Gcore, shares his insights on these trends in this article. 1 —  Application security As businesses shifted online to stay afloat during the pandemic, the forecast for application security spending is projected to surpass $7.5 billion, according to  Statista . Source However, every application might be susceptible to hacking, zero-day attacks, and identity theft. Ensuring application security demands professionals w

Google is enacting a new data deletion policy for Android apps that allow account creation to also offer users with a setting to delete their accounts in an attempt to provide more transparency and control over their data. "For apps that enable app account creation, developers will soon need to provide an option to initiate account and data deletion from within the app and online," Bethel Otuteye, senior director of product management for Android App Safety,  said . "This web requirement, which you will link in your  Data safety form , is especially important so that a user can request account and data deletion without having to reinstall an app." The goal, the search behemoth said, is to have a "readily discoverable option" to initiate an app account deletion process from both within an app and outside of it. To that end, developers are to provide users with an in-app path as well as a web link resource to request app account deletion and associated

Google is calling attention to a set of severe security flaws in Samsung's Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction. The 18 zero-day vulnerabilities affect a wide range of Android smartphones from Samsung, Vivo, Google, wearables using the Exynos W920 chipset, and vehicles equipped with the Exynos Auto T5123 chipset. Four of the 18 flaws make it possible for a threat actor to achieve internet-to-Samsung, Vivo, and Google, as well as wearables using the Exynos W920 chipset and vehicleses in late 2022 and early 2023, said. "[The] four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number," Tim Willis, head of Google Project Zero,  said . In doing so, a threat actor could gain entrenched access to cellular information passing in and out of the targeted devi

Google said it's working with ecosystem partners to harden the security of firmware that interacts with Android. While the Android operating system runs on what's called the application processor (AP), it's just one of the many processors of a system-on-chip ( SoC ) that cater to various tasks like cellular communications and multimedia processing. "Securing the Android Platform requires going beyond the confines of the Application Processor," the Android team  said . "Android's defense-in-depth strategy also applies to the firmware running on  bare-metal environments  in these microcontrollers, as they are a critical part of the attack surface of a device." The tech giant said the goal is to bolster the security of software running on these secondary processors (i.e., firmware) and make it harder to exploit vulnerabilities over the air to achieve remote code execution within the Wi-Fi SoC or the cellular baseband. To that end, Google noted tha

A previously undocumented Android malware campaign has been observed leveraging money-lending apps to blackmail victims into paying up with personal information stolen from their devices. Mobile security company Zimperium dubbed the activity  MoneyMonger , pointing out the use of the  cross-platform Flutter framework  to develop the apps. MoneyMonger "takes advantage of Flutter's framework to obfuscate malicious features and complicate the detection of malicious activity by static analysis," Zimperium researchers Fernando Sanchez, Alex Calleja , Matteo Favaro, and Gianluca Braga  said  in a report shared with The Hacker news. "Due to the nature of Flutter, the malicious code and activity now hide behind a framework outside the static analysis capabilities of legacy mobile security products." The campaign, believed to be active since May 2022, is part of a broader effort previously  disclosed  by Indian cybersecurity firm K7 Security Labs. None of the 33 ap

A China-based financially motivated group is leveraging the trust associated with popular international brands to orchestrate a large-scale phishing campaign dating back as far as 2019. The threat actor, dubbed Fangxiao by Cyjax, is said to have registered over  42,000 imposter domains , with initial activity observed in 2017. "It targets businesses in multiple verticals including retail, banking, travel, and energy," researchers Emily Dennison and Alana Witten  said . "Promised financial or physical incentives are used to trick victims into further spreading the campaign via WhatsApp." Users clicking on a link sent through the messaging app are directed to an actor-controlled site, which, in turn, sends them to a landing domain impersonating a well-known brand, from where the victims are once again taken to sites distributing fraudulent apps and bogus rewards. These sites prompt the visitors to complete a survey to claim cash prizes, in exchange for which the

The notorious Android banking trojan known as  SharkBot  has once again made an appearance on the Google Play Store by masquerading as antivirus and cleaner apps. "This new dropper doesn't rely on Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware," NCC Group's Fox-IT  said  in a report. "Instead, this new version asks the victim to install the malware as a fake update for the antivirus to stay protected against threats." The apps in question, Mister Phone Cleaner and Kylhavy Mobile Security, have over 60,000 installations between them and are designed to target users in Spain, Australia, Poland, Germany, the U.S., and Austria - Mister Phone Cleaner (com.mbkristine8.cleanmaster, 50,000+ downloads) Kylhavy Mobile Security (com.kylhavy.antivirus, 10,000+ downloads) The  droppers  are designed to drop a new version of SharkBot,  dubbed V2  by Dutch security firm ThreatFabric, which features an updated co

Researchers have identified 1,859 apps across Android and iOS containing hard-coded Amazon Web Services (AWS) credentials, posing a major security risk. "Over three-quarters (77%) of the apps contained valid AWS access tokens allowing access to private AWS cloud services," Symantec's Threat Hunter team, a part of Broadcom Software, said in a  report  shared with The Hacker News. Interestingly, a little more than 50% of the apps were found using the same AWS tokens found in other apps maintained by other developers and companies, highlighting a supply chain issue with serious implications. "The AWS access tokens could be traced to a shared library, third-party SDK, or other shared component used in developing the apps," the researchers said. These credentials are typically used for downloading appropriate resources necessary for the app's functions as well as accessing configuration files and authenticating to other cloud services. To make matters wors

As many as 30 malicious Android apps with cumulative downloads of nearly 10 million have been found on the Google Play Store distributing adware. "All of them were built into various programs, including image-editing software, virtual keyboards, system tools and utilities, calling apps, wallpaper collection apps, and others," Dr.Web  said  in a Tuesday write-up. While masquerading as innocuous apps, their primary goal is to request permissions to show windows over other apps and run in the background in order to serve intrusive ads. To make it difficult for the victims to detect and uninstall the apps, the adware trojans hide their icons from the list of installed apps in the home screen or replace the icons with others that are likely to be less noticed (e.g., SIM Toolkit). Some of these apps also offer the advertised features, as observed in the case of two apps: "Water Reminder- Tracker & Reminder" and "Yoga- For Beginner to Advanced." However

Your smartphone is your daily companion. The chances are that most of our activities rely on them, from ordering food to booking medical appointments. However, the threat landscape always reminds us how vulnerable smartphones can be.  Consider the recent  discovery by Oversecured , a security startup. These experts observed the dynamic code loading and its potential dangers. Why is this a problem? Well, the Google app uses code that does not come integrated with the app itself. Okay, this might sound confusing, but it all works in favor of optimizing certain processes. Thus, Google exploits code libraries pre-installed on Android phones to reduce their download size. In fact, many Android apps use this trick to optimize the storage space needed to run.  As revealed by Oversecured, perpetrators could compromise this retrieval of code from libraries. Instead of Google obtaining code from a reliable source, it could be tricked into taking code from malicious apps operating on the devic