HackDig : Dig high-quality web security articles for hackers

New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa

By Ecular Xu and Joseph C. Chen While tracking Earth Empura, also known as POISON CARP/Evil Eye, we identified an undocumented Android spyware we have named ActionSpy (detected by Trend Micro as AndroidOS_ActionSpy.HRX). During the first quarter of 2020, we observed Earth Empusa’s activity targeting users in Tibet and Turkey before they extended their scope
Publish At:2020-06-12 03:29 | Read:137 | Comments:0 | Tags:Malware Mobile ActionSpy android Earth Empusa Ekran Uyghur

Barcode Reader Apps on Google Play Found Using New Ad Fraud Technique

By Jessie Huang (Mobile Threats Analyst) We recently saw two barcode reader apps in Google Play, together downloaded more than a million times, that started showing unusual behavior (Trend Micro detects these as AndroidOS_HiddenAd.HRXJA). This includes behavior that can be seen even when the user is not actively using the phones; the video below shows an exa
Publish At:2020-06-04 20:20 | Read:326 | Comments:0 | Tags:Malware Mobile android barcode reader

Top Mobile Finance Apps Consistently Failing Security and Data Privacy Tests

iOS and Android apps fail coding best practices, are susceptible to reverse engineering, and share sensitive user data  Executive Summary Top banks and mobile payment providers are putting their customers at risk for security and privacy by failing to adhere to coding best practices and continuing to share sensitive customer data with advertisers. According
Publish At:2020-06-03 10:09 | Read:203 | Comments:0 | Tags:App Security Android apps banking apps iOS zDefend zScan zSh

A new COVID-19-themed campaign targets Italian users

Security researchers uncovered a new COVID-19-themed campaign targeting users of the National Institute for Social Security (INPS). Security experts from D3Lab have uncovered a new COVID-19-themed phishing campaign that is targeting the users of the Italian National Institute for Social Security (INPS). Like a previous campaign observed in early Apri
Publish At:2020-05-30 16:45 | Read:235 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Mobile Android cor

Google sued by Arizona for tracking users’ locations in spite of settings

byLisa VaasArizona has filed suit against Google over tracking users’ locations even after they’ve turned tracking off, claiming that the advertising-fueled tech titan has a “complex web of settings and purported ‘consents'” that enable it to furtively milk us for sweet, sweet ad dollars.On Wednesday, State Attorney General Mark
Publish At:2020-05-29 06:41 | Read:254 | Comments:0 | Tags:Android Google Law & order Mobile Privacy Uncategorized Ariz

Android ‘StrandHogg 2.0’ flaw lets malware assume identity of any app

byJohn E DunnResearchers have publicised a critical security flaw in Android which could be used by attackers to “assume the identity” of legitimate apps in order to carry out on-device phishing attacks.Discovered by Norwegian company Promon, the bug is called ‘StrandHogg 2.0’, the name denoting that this is an “evil twin” follow up to a similar flaw of the
Publish At:2020-05-28 07:31 | Read:136 | Comments:0 | Tags:Malware Phishing Vulnerability Android promon StrandHogg 2.0

StrandHogg 2.0 Android flaw affects over 1 Billion devices

Researchers disclosed a new critical vulnerability (CVE-2020-0096, aka StrandHogg 2.0) affecting the Android operating system that could allow attackers to carry out a sophisticated version of Strandhogg attack. A group of Norwegian researchers disclosed a critical flaw, tracked as CVE-2020-0096, affecting Android OS that could allow attackers to carry o
Publish At:2020-05-26 20:06 | Read:205 | Comments:0 | Tags:Breaking News Hacking Malware Mobile Android information sec

CVE-2020-0022 an Android 8.0-9.0 Bluetooth Zero-Click RCE – BlueFrag

Nowadays, Bluetooth is an integral part of mobile devices. Smartphones interconnect with smartwatches and wireless headphones. By default, most devices are configured to accept Bluetooth connections from any nearby unauthenticated device. Bluetooth packets are processed by the Bluetooth chip (also called a controller), and then passed to the host (Android, L
Publish At:2020-05-03 08:57 | Read:475 | Comments:0 | Tags:Breaking Android BlueFrag Bluetooth exploit

Newly-discovered Android malware steals banking passwords and 2FA codes

Security researchers at Cybereason are warning of a new mobile banking trojan that steals details from financial apps and intercepts SMS messages to bypass two-factor authentication mechanisms.According to experts who have examined the code of the malware, known as EventBot, it differs substantially from previously known Android malware – suggesting th
Publish At:2020-05-03 08:04 | Read:381 | Comments:0 | Tags:Featured Articles IT Security and Data Protection Android ba

New Android Banking Trojan Targets Spanish, Portuguese Speaking Users

IBM X-Force research recently analyzed a new Android banking Trojan that appears to be targeting users in countries that speak Spanish or Portuguese, namely Spain, Portugal, Brazil and other parts of Latin America. This Trojan, which was created atop an existing, simpler SMSstealer.BR, was supplemented with more elaborate overlay capabilities. That portion o
Publish At:2020-04-21 06:45 | Read:569 | Comments:0 | Tags:Malware Mobile Security Android Android Malware Banking Malw

A week in security (April 13 – 19)

Last week on Malwarebytes Labs, we looked at how to avoid Zoom bombing, weighed the risks of surveillance versus pandemics, and dug into a spot of WiFi credential theft. Other cybersecurity news: Malware creeps back into the home: With a pandemic forcing much of the workforce into remote positions, it’s worth noting that a study found malware on 45 percent
Publish At:2020-04-20 14:01 | Read:456 | Comments:0 | Tags:A week in security adware Android coronavirus malware phish

Hacker claims to have stolen 39 million Aptoide app store users

Hacker claims to have breached the Aptoide app store users early this month and now leaked 20 million records out of 39 million Aptoide user records. A hacker has leaked this week details of 20 million users of the Aptoide app store, the claims to have breached the store early this months and to be in possession of 39 million Aptoids user records. The
Publish At:2020-04-18 13:20 | Read:436 | Comments:0 | Tags:Breaking News Data Breach Hacking Mobile Android Aptoide dat

Syria-linked APT group SEA targets Android users with COVID19 lures

Syrian-linked APT group SEA recently used COVID-19-themed lures as part of a long-running surveillance campaign, security researchers warn. Syrian hackers are behind a long-running campaign that has been active since January 2018 and that targets Arabic-speaking Android users. The campaign aimed at users in Syria and surrounding regions was spotted by
Publish At:2020-04-17 03:55 | Read:489 | Comments:0 | Tags:Breaking News Cyber warfare Hacking Malware Mobile Android A

Hackers are again attacking Portuguese banking organizations via Android Trojan-Banker

Hackers are again attacking Portuguese banking organizations via Android Trojan-Banker. The threat is not new, hackers are again attacking clients of Portuguese banking organizations via a specially crafted Android Trojan-Banker from phishing campaigns launched from Brazil. The last occurrence this line was recorded on March 13rd, 2020, where a similar
Publish At:2020-04-16 07:17 | Read:1057 | Comments:0 | Tags:Breaking News Cyber Crime Malware Mobile Android Android tro

Coronavirus Update App Leads to Project Spy Android and iOS Spyware

By Tony Bao and Junzhi Lu We discovered a potential cyberespionage campaign, which we have named Project Spy, that infects Android and iOS devices with spyware (detected by Trend Micro as AndroidOS_ProjectSpy.HRX and IOS_ProjectSpy.A, respectively). Project Spy uses the ongoing coronavirus pandemic as a lure, posing as an app called Coronavirus Updates. We a
Publish At:2020-04-15 07:25 | Read:553 | Comments:0 | Tags:Malware Mobile android campaign cyberespionage iOS Project S


Share high-quality web security related articles with you:)