Search results for hacker app | Breaking Cybersecurity News | The Hacker News

Mitron (means "friends" in Hindi), you have been fooled again! Mitron is not really a 'Made in India' product, and the viral app contains a highly critical, unpatched vulnerability that could allow anyone to hack into any user account without requiring interaction from the targeted users or their passwords. I am sure many of you already know what TikTok is, and those still unaware, it's a highly popular video social platform where people upload short videos of themselves doing things like lip-syncing and dancing. The wrath faced by Chinese-owned TikTok from all directions—mostly due to data security and ethnopolitical reasons—gave birth to new alternatives in the market, one of which is the Mitron app for Android. Mitron video social platform recently caught headlines when the Android app crazily gained over 5 million installations and 250,000 5-star ratings in just 48 days after being released on the Google Play Store. Popped out of nowhere, Mitron i...

Following vulnerability disclosure in the Mitron app , another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content, and even upload unauthorized videos. The Indian video sharing app, called Chingari, is available for Android and iOS smartphones through official app stores, designed to let users record short-form videos, catch up on the news, and connect with other users via a direct message feature. Originally launched in November 2018, Chingari has witnessed a huge surge in popularity over the past few days in the wake of India's ban on Chinese-owned apps late last month, crossing 10 million downloads on the Google Play Store in under a month. The Indian government recently banned 59 apps and services , including ByteDance's TikTok, Alibaba Group's UC Browser and UC News, and Tencent's WeChat over priv...

FaceApp—the AI-powered photo-morphing app that recently gone viral for its age filter but hit the headlines for its controversial privacy policy—has been found collecting the list of your Facebook friends for no reason. The Russian-made FaceApp has been around since the spring of 2017 but taken social media by storm over the course of the past few weeks as millions of people downloaded the app to see how they would look when they are older or younger, or swap genders. The app also contains a feature that allows users to download and edit photos from their Facebook accounts, which only works when a user enables FaceApp to access the social media account via the 'Login with Facebook' option. As you can see in the screenshot above, besides requesting for access to your basic profile information and photos, FaceApp also fetches the list of your Facebook friends "who also use and have shared their friends' lists with FaceApp." Have you yet asked yourself why...

Do you like watching funny videos online? I am not kind of a funny person, but I love watching funny videos clips online, and this is one of the best things that people can do in their spare time. But, beware if you have installed a funny video app from Google Play Store. A security researcher has discovered a new variant of the infamous Android banking Trojan hiding in apps under different names, such as Funny Videos 2017 , on Google Play Store. Niels Croese, the security researcher at Securify B.V firm, analyzed the Funny Videos app that has 1,000 to 5,000 installs and found that the app acts like any of the regular video applications on Play Store, but in the background, it targets victims from banks around the world. This newly discovered banking Trojan works like any other banking malware, but two things that makes it different from others are — its capability to target victims and use of DexProtector tool to obfuscate the app's code. Dubbed BankBot , the ba...

If your smart devices are smart enough to make your life easier, then their smart behaviour could also be exploited by hackers to invade your privacy or spy on you, if not secured properly. Recent research conducted by security researchers at threat prevention firm Check Point highlights privacy concern surrounding smart home devices manufactured by LG. Check Point researchers discovered a security vulnerability in LG SmartThinQ smart home devices that allowed them to hijack internet-connected devices like refrigerators, ovens, dishwashers, air conditioners, dryers, and washing machines manufactured by LG. ...and what's worse? Hackers could even remotely take control of LG's Hom-Bot, a camera-equipped robotic vacuum cleaner, and access the live video feed to spy on anything in the device's vicinity. This hack doesn't even require hacker and targeted device to be on the same network. Dubbed HomeHack , the vulnerability resides in the mobile app and cloud app...

If you think you are downloading apps from Google Play Store and you are secure, then watch out! Someone has managed to flood third-party app stores and Google Play Store with more than a thousand malicious apps, which can monitor almost anything a user does on their mobile device from silently recording calls to make outbound calls without the user's interaction. Dubbed SonicSpy , the spyware has been spreading aggressively across Android app stores since at least February and is being distributed by pretending itself to be a messaging app—and it actually offers a messaging service. SonicSpy Can Perform a Whole Lots of Malicious Tasks At the same time, the SonicSpy spyware apps perform various malicious tasks, including silently recording calls and audio from the microphone, hijacking the device's camera and snap photos, making outbound calls without the user's permission, and sending text messages to numbers chosen by the attacker. Besides this, the SonicSpy sp...

People are still getting over the most controversial data scandal of the year, i.e., Cambridge Analytica scandal , and Facebook is under fire yet again after it emerges that a popular quiz app on the social media platform exposed the private data of up to 120 million users for years. Facebook was in controversies earlier this year over a quiz app that sold data of 87 million users to a political consultancy firm, who reportedly helped Donald Trump win the US presidency in 2016. Now, a different third-party quiz app, called NameTests, found exposing data of up to 120 million Facebook users to anyone who happened to find it, an ethical hacker revealed. NameTests[.]com, the website behind popular social quizzes, like "Which Disney Princess Are You?" that has around 120 million monthly users, uses Facebook's app platform to offer a fast way to sign up. Just like any other Facebook app, signing up on the NameTests website using their app allows the company to fetch neces...

The threat actor known as Arid Viper has been attributed to a mobile espionage campaign that leverages trojanized Android apps to deliver a spyware strain dubbed AridSpy. "The malware is distributed through dedicated websites impersonating various messaging apps, a job opportunity app, and a Palestinian Civil Registry app," ESET researcher Lukáš Štefanko said in a report published today. "Often these are existing applications that had been trojanized by the addition of AridSpy's malicious code." The activity is said to have spanned as many as five campaigns since 2022, with prior variants of AridSpy documented by Zimperium and 360 Beacon Labs . Three out of the five campaigns are still active. Arid Viper, a suspected Hamas-affiliated actor which is also called APT-C-23, Desert Falcon, Grey Karkadann, Mantis, and Two-tailed Scorpion, has a long track record of using mobile malware since its emergence in 2017. "Arid Viper has historically targeted mil...

A large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be used to stage nefarious attacks and deliver various kinds of malware. The issue manifests in the form of a pre-installed Android app called "Showcase.apk" that comes with excessive system privileges, including the ability to remotely execute code and install arbitrary packages on the device, according to mobile security firm iVerify. "The application downloads a configuration file over an unsecure connection and can be manipulated to execute code at the system level," it said in an analysis published jointly with Palantir Technologies and Trail of Bits. "The application retrieves the configuration file from a single U.S.-based, AWS-hosted domain over unsecured HTTP, which leaves the configuration vulnerable and can make the device vulnerable." The app in question is called Verizon Retail Demo Mode ("com.customermob...

Last Weekend Google Play Store was crashed twice by a Turkish hacker when he tried to test vulnerability he discovered on the Android  apps  publishing system, known as Google's Developer Console . Turkish hacker ' Ibrahim Balic ' claimed responsibility for the Google Play Store attack and told ' The Hacker News ', he found a flaw in the Android operating system while working with Android tools i.e. Compiler, debugger on his Emulators, that was crashing again and again.  ' I successfully confirmed that it affects Android 4.2.2 , 4.3 and 2.3 ' he said. Then he created an Android app to exploit the vulnerability, ' causes a possible memory corruption '  and uploaded it to the Google's Developer Console. Unfortunately, OR Luckily the malformed Android app crashed whole Google's Developer Console, and he didn't expect that the app will knock everyone offline from Play Store. He was not sure about the outage caused by him or not,...

It appears that Facebook at the center of yet another issue involving privacy. Reportedly, multiple iPhone users have come forward on social media complaining that the Facebook app secretly activates their smartphone's camera in the background while they scroll through their Facebook feeds or looking at the photos on the social network. As shown in the Twitter videos below, when users click on an image or video on the social media to full screen and then return it back to normal, an issue with the Facebook app for iOS slightly shifts the app to the right. It opens a space on the left from where users can see the iPhone's camera activated in the background. However, at this moment, it's not clear if it's just an UI bug where Facebook app incorrectly but only accesses the camera interface, or if it also records or uploads something, which, if proven right, would be the most disastrous moment in Facebook's history. Found a @facebook #security & #pri...

In earlier posts, our Facebook hacker ' Nir Goldshlager ' exposed two serious Facebook oAuth Flaws. One, Hacking a Facebook account even without the user installing an application on their account and second, various ways to bypassing the regex protection in Facebook OAuth. This time, Nir illustrated a scenario attack  " what happens when a application is installed on the victim's account and how an attacker can manipulate it so easily " According to hacker, if the victim has an installed application like Skype or Dropbox, still hacker is able to take control over their accounts.  For this, an attacker required only a url redirection or cross site scripting  vulnerability on the Facebook owner app domain i.e in this scenario we are talking about skype facebook app. In many bug bounty programs URL redirection is not considered as an valid vulnerability for reward i.e Google Bug bounty Program. Nir also demonstrated...

If you have a "private" blog with WordPress.com and are using its official iOS app to create or edit posts and pages, the secret authentication token for your admin account might have accidentally been leaked to third-party websites. WordPress has recently patched a severe vulnerability in its iOS application that apparently leaked secret authorization tokens for users whose blogs were using images hosted on third-party sites, a spokesperson for Automattic confirmed The Hacker News in an email. Discovered by the team of WordPress engineers, the vulnerability resided in the way WordPress iOS application was fetching images used by private blogs but hosted outside of WordPress.com, for example, Imgur or Flickr. That means, if an image were hosted on Imgur and then when the WordPress iOS app attempted to fetch the image, it would send along a WordPress.com authorization token to Imgur, leaving a copy of the token in the access logs of the Imgur's web server. It sh...

Note — Don't miss an important update at the bottom of this article, which includes an official statement from Xiaomi . Do you own an Android Smartphone from Xiaomi, HTC, Samsung, or OnePlus? If yes, then you must be aware that almost all smartphone manufacturers provide custom ROMs like CyanogenMod, Paranoid Android, MIUI and others with some pre-loaded themes and applications to increase the device's performance. But do you have any idea about the pre-installed apps and services your manufacturer has installed on your device?, What are their purposes? And, Do they pose any threat to your security or privacy? With the same curiosity to find answers to these questions, a Computer Science student and security enthusiast from Netherlands who own a Xiaomi Mi4 smartphone started an investigation to know the purpose of a mysterious pre-installed app, dubbed AnalyticsCore.apk , that runs 24x7 in the background and reappeared even if you delete it. Xiaomi is one of the ...

GO SMS Pro, a popular messaging app for Android with over 100 million installs, has been found to have an unpatched security flaw that publicly exposes media transferred between users, including private voice messages, photos, and videos. "This means any sensitive media shared between users of this messenger app is at risk of being compromised by an unauthenticated attacker or curious user," Trustwave Senior Security Consultant Richard Tan said in a report shared with The Hacker News. According to Trustwave SpiderLabs, the shortcoming was spotted in version 7.91 of the app, which was released on the Google Play Store on February 18, 2020. The cybersecurity firm said it attempted to contact the app makers multiple times since August 18, 2020, without receiving a response. But checking the app's changelog, GO SMS Pro received an update (v7.92) on September 29, followed by another subsequent update, which was published yesterday. The latest updates to the app, however...