Tag

Android Malware

All articles tagged with #android malware

security7 days ago•15 min saved

PromptSpy uses GenAI to persist on Android via AI-guided UI manipulation

ESET researchers uncovered PromptSpy, the first known Android malware to use generative AI (Google Gemini) to drive UI-level actions for persistence. By feeding Gemini an XML snapshot of the current screen, the AI returns step-by-step tap instructions to keep the app in the recent apps list, while a built-in VNC module provides remote access. The malware also exploits Accessibility Services, overlays to hinder uninstallation, and can capture lockscreen data and screen video. Distribution appears tied to Argentina via a banking/phishing site; no Google Play presence. This example shows how AI can make Android threats more adaptive and harder to defeat.

via WeLiveSecurity|

#android-malware #generative-ai #persistence

technology9 days ago•7 min saved

Keenadu: A firmware-level Android tablet backdoor hidden in signed OTA updates

A new Android backdoor named Keenadu is embedded in tablet firmware and distributed via signed OTA updates, enabling attackers to remotely control devices, hijack browsers, monetize app installs, and exfiltrate data through a multi-stage loader that operates across all apps. It also spreads via trojanized apps on Google Play, with Google removing three related apps and Play Protect offering protection. About 13,700 users have been affected worldwide, with clusters in Russia, Japan, Germany, Brazil, and the Netherlands. Keenadu targets core Android components (libandroid_runtime.so, Zygote, system_server) to bypass sandboxing, allowing payloads to be delivered per targeted app and enabling broad control over the device.

via The Hacker News|

#android-malware #firmware-backdoor #kaspersky

technology3 months ago•4 min saved

Android Malware Steals Card Details and Drains Bank Accounts

A new Android malware called NGate has been discovered that can steal debit card details and PINs via NFC technology, allowing hackers to make ATM withdrawals without physical card theft. The malware is spread through social engineering tactics like phishing and fake apps, emphasizing the importance of downloading apps only from trusted sources and being cautious with personal information. Protecting devices with antivirus software and staying vigilant against scams are crucial to prevent such attacks.

via Tom's Guide|

#android-malware #banking-security #cybersecurity

technology4 months ago•3 min saved

Android malware mimics human typing to evade detection and steal money

A new Android malware called Herodotus is designed to steal banking credentials by mimicking human typing and overlaying fake login screens, with active campaigns in Italy and Brazil, and is sold as a service on underground forums. It uses sophisticated techniques to evade detection, including random delays in keystrokes, and can hijack input and steal sensitive data, posing a significant threat to mobile banking security.

via theregister.com|

#android-malware #banking-credentials #cybersecurity

cybersecurity4 months ago•3 min saved

Herodotus Android Malware Evades Detection by Mimicking Human Typing

Researchers have uncovered a new Android banking trojan called Herodotus that can mimic human typing to evade detection, conduct device takeover attacks, and target financial institutions and cryptocurrency platforms, highlighting evolving malware techniques and active campaigns in Italy, Brazil, and beyond.

via The Hacker News|

#android-malware #banking-trojan #behavior-mimicry

cybersecurity5 months ago•3 min saved

Android Malware Evolves: From Banking Trojans to Advanced Spyware and Crypto-Stealers

Cybersecurity researchers report a shift in Android malware, with dropper apps now delivering SMS stealers and spyware instead of just banking trojans, using sophisticated methods to evade Google Play Protect and targeting users in Asia and Europe through malicious apps and ads, highlighting ongoing challenges in mobile security.

via The Hacker News|

#android-malware #cybersecurity #dropper-apps

technology6 months ago•2 min saved

Cybercriminals Exploit Fake Ads to Infect Android Devices with Malware and Spyware

Cybercriminals are using fake TradingView ads on Meta's platform to distribute Brokewell malware for Android, which can steal sensitive data, monitor devices remotely, and hijack device controls, targeting cryptocurrency users since July 2023.

via BleepingComputer|

#ad-fraud #android-malware #brokewell

technology8 months ago•4 min saved

FBI Warns of BADBOX 2.0 Android Malware Impacting Millions

The FBI warns that the BADBOX 2.0 malware has infected over 1 million consumer IoT devices, mainly Android-based smart TVs and streaming devices, turning them into residential proxies for malicious activities like ad fraud and credential stuffing. Despite disruptions, the botnet continues to grow globally, with devices from China shipped worldwide, and consumers are advised to monitor their devices and avoid unofficial app stores.

via BleepingComputer|

#android-malware #badbox-20 #botnet

mobile-security-financial-fraud1 year ago•2 min saved

FakeCall Malware Exploits Androids for Banking Scams

A new variant of the FakeCall Android malware has been discovered, using voice phishing techniques to deceive users into divulging personal information. This sophisticated malware can intercept and hijack calls, redirecting them to fraudulent numbers controlled by attackers, while mimicking legitimate banking interfaces. It exploits accessibility services to gain control over devices, capturing sensitive data and performing unauthorized actions. The malware's evolution highlights ongoing challenges in mobile security, despite efforts to enhance defenses against such threats.

via The Hacker News|

#android-malware #banking-fraud #cybersecurity

technology1 year ago•3 min saved

"New Evasion Tactics: PixPirate Android Malware Targets Samsung, Google Pixel, and WhatsApp Users"

The PixPirate Android malware has evolved to hide on phones by not using an icon and employing a new tactic to remain active even after its dropper app is removed. It utilizes two apps, with the second one being the encrypted banking malware, and can launch and control itself based on different device events. The malware targets the Brazilian instant payment platform Pix to divert funds to attackers and has the capability to automate fraudulent transactions without users' knowledge. Google Play Protect is currently able to protect against known versions of this malware.

via BleepingComputer|

#android-malware #banking-trojan #google-play-protect

cybersecurity2 years ago•3 min saved

"Anatsa Android Malware Spreads to Millions of Samsung Galaxy Users via Google Play"

The Anatsa banking trojan has infected at least 150,000 Android devices in Europe through dropper apps hosted on Google Play, targeting specific geographic regions and using tactics to bypass security measures. The malware has evolved to abuse Android’s Accessibility Service and employs a multi-staged infection process. Google has removed most Anatsa dropper apps from the store, but the total number of downloads is expected to increase. Android users are advised to scrutinize app permissions and avoid downloading apps from unfamiliar publishers to protect against potential malware threats.

via BleepingComputer|

#accessibility-service #anatsa #android-malware

mobile-security-cyber-threat2 years ago•2 min saved

"Evolved Android Malware: Auto-Execution Threat for Users"

A new variant of Android malware called MoqHao has been discovered, which automatically executes on infected devices without user interaction, targeting users in France, Germany, India, Japan, and South Korea. This malware is associated with a Chinese financially motivated cluster and is distributed via smishing techniques, with the latest iteration running automatically upon installation and prompting victims to grant risky permissions. Additionally, a previously unknown cybercrime syndicate named Bigpanzi has been linked to compromising Android-based smart TVs and set-top boxes for conducting distributed denial-of-service attacks, posing a significant threat to social order and stability.

via The Hacker News|

#android-malware #bigpanzi #cyber-threat

technology2 years ago•5 min saved

"Protecting Your Photos and Texts from Stealthy Android Malware"

A new variant of the XLoader Android malware has been discovered, capable of launching on infected smartphones without user interaction, extracting sensitive data such as photos and text messages. It is distributed via malicious links in text messages and can impersonate Google Chrome to gain permissions. To stay safe, users should avoid sideloading apps, be cautious with permissions, limit app installations, use reputable developers, enable Google Play Protect, and consider installing Android antivirus apps.

via Tom's Guide|

#android-malware #cybersecurity #google-play-protect

cybersecurity2 years ago•2 min saved

"Android XLoader Malware Gains Auto-Execution Capability"

A new version of the XLoader Android malware, operated by the financially motivated threat actor 'Roaming Mantis,' can now automatically execute on infected devices without user interaction. It spreads through SMS texts containing URLs to deliver malicious APK installation files, and it disguises itself as legitimate software, notably the Chrome web browser. The malware requests risky permissions, such as accessing SMS content and running in the background, and can perform custom phishing attacks, extract sensitive information, and execute various commands received from its command and control server. McAfee advises using security products to detect and remove these threats.

via BleepingComputer|

#android-malware #cybersecurity #mcafee

cybersecurity2 years ago•1 min saved

"FjordPhantom Android Malware: Evading Detection and Targeting Southeast Asian Banking Apps"

FjordPhantom, a new Android malware, has been discovered using virtualization to run malicious code in a container and evade detection. The malware spreads through emails, SMS, and messaging apps, targeting banking apps in Southeast Asian countries. FjordPhantom tricks victims into downloading seemingly legitimate banking apps that contain malicious code running in a virtual environment. It aims to steal online bank account credentials and manipulate transactions. By incorporating a virtualization solution, the malware breaks the Android Sandbox security concept and can inject its code into trusted processes. This sneaky attack method bypasses code tampering detection and hampers root-related security checks. The malware's active development raises concerns about its potential expansion to other countries.

via BleepingComputer|

#android-malware #banking-apps #cybersecurity