Category: Mobile security

April 25, 2023

Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) to the cloud. “This change means […]

April 18, 2023

A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads. An additional eight million installations have been tracked through ONE store, […]

April 14, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The two flaws are listed below – CVE-2023-20963 (CVSS score: 7.8) – Android Framework Privilege […]

April 11, 2023

Malicious loader programs capable of trojanizing Android applications are being traded on the criminal underground for up to $20,000 as a way to evade Google Play Store defenses. “The most popular application categories to hide malware and unwanted software include […]

March 24, 2023

Brivo expands its mobile credential options by introducing support for employee badges in Apple Wallet. Brivo corporate customers can enable employees to add their employee badge to Apple Wallet and simply hold their iPhone or Apple Watch near a reader […]

February 27, 2023

Figures of the year In 2022, Kaspersky mobile products and technology detected: 1,661,743 malicious installers 196,476 new mobile banking Trojans 10,543 new mobile ransomware Trojans Trends of the year Mobile attacks leveled off after decreasing in the second half of […]

February 24, 2023

An investigation into data safety labels for Android apps available on the Google Play Store has uncovered “serious loopholes” that allow apps to provide misleading or outright false information. The study, conducted by the Mozilla Foundation as part of its […]

February 20, 2023

It’s not uncommon for sophisticated threat actors to target users with exploits that can be triggered without any interaction from the victim. As an example, Samsung described a scenario where a hacker sends the targeted user a specially crafted image […]

January 30, 2023

The Google Play Store has been home to a growing number of suspicious activities in recent months, new research has found. A study by Dr.Web found a large number of fake apps and trojans designed to subscribe victims to paid […]

January 23, 2023

Researchers have uncovered a huge network of fake apps running fake ads, mainly on iOS devices. The operation was named ‘Vastflux’ in reference to its use of the Video Ad Serving Template specification, as well as the fast-flux technique to […]

January 23, 2023

Two security flaws have been disclosed in Samsung’s Galaxy Store app for Android that could be exploited by a local attacker to stealthily install arbitrary apps or direct prospective victims to fraudulent landing pages on the web. The issues, tracked […]

January 17, 2023

CloudSEK launched the BeVigil app to provide users with detailed information about the security and privacy practices of their mobile apps. With the BeVigil App, users can search for apps by name and view detailed information about the app’s security […]

January 10, 2023

The advanced persistent threat (APT) group known as StrongPity has targeted Android users with a trojanized version of the Telegram app through a fake website that impersonates a video chat service called Shagle. “A copycat website, mimicking the Shagle service, […]

January 3, 2023

Huawei smartphones and other devices ran Android until 2019, when the US government barred American companies from selling software and technology to the Chinese firm. Later that year, Huawei unveiled its new HarmonyOS operating system, which works on a wide […]

December 15, 2022

A previously undocumented Android malware campaign has been observed leveraging money-lending apps to blackmail victims into paying up with personal information stolen from their devices. Mobile security company Zimperium dubbed the activity MoneyMonger, pointing out the use of the cross-platform […]

December 14, 2022

Apple announced on November 30 that an advisory for iOS 16.1.2 would be released in the coming days. The advisory was published two weeks later, on Patch Tuesday, and it’s unclear why the tech giant waited for so long to […]

December 8, 2022

Apple has announced new features aimed at improving the cybersecurity protections for its customers, both consumers and businesses, including Security Keys, an ability to use third-party physical keys to protect data sitting in the iCloud platform. “For users who opt […]

December 1, 2022

More than 300,000 users across 71 countries have been victimized by a new Android threat campaign called the Schoolyard Bully Trojan. Mainly designed to steal Facebook credentials, the malware is camouflaged as legitimate education-themed applications to lure unsuspecting users into […]

November 30, 2022

A malicious Android SMS application found on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp. The app, named Symoo […]

November 28, 2022

An advanced persistent threat (APT) actor focused on cyberespionage, Bahamut was initially detailed in 2017, but continues to be active, leveraging a fake online empire of social media personas, websites, and applications, which has allowed it to fly under the […]