byPaul DucklinLast September, we wrote about “fleeceware“, a term we coined to describe apps that charge huge amounts but give you very little in return.Technically, the apps themselves aren’t malware, because the code in the app doesn’t do anything illegal, dangerous, sneaky, snoopy, subversive or surreptitious.The treachery lies in

A United States–funded mobile carrier that offers phones via the Lifeline Assistance program is selling a mobile device pre-installed with not one, but two malicious applications. Assurance Wireless by Virgin Mobile offers the UMX U686CL phone as their most budget conscious option. At only $35 under the government-funded program, it’s an attractive offering.

Unfortunately for TikTok, 2020 isn’t starting off well. The video-sharing social networking service that was under fire by U.S. legislatures in 2019, is being banned by the U.S. Army, prohibiting soldiers from using it on government-owned devices, citing a potential security risk. Army spokeswoman Lt. Col. Robin Ochoa told Military.com the Chinese social me

The bevy of mobile device sensors in modern smartphones and tablets make them more akin to pocket-sized laboratories and media studios than mere communication devices. Cameras, microphones, accelerometers, and gyroscopes give incredible flexibility to app developers and utility to mobile device users. But the variety of inputs also give clever hackers new me

byLisa Vaas“Fragile?” “Handle with care?”“Meh! Looks like a football to me,” workers for the UK parcel delivery company Yodel must have said around the time – 2016 – they were caught on video, apparently tossing packages around.Have they grown more tender? Dunno, but FWIW, a year after the football exposé, they made it to the top of the country&#

byJohn E DunnFor anyone lucky enough to get them, Android’s December 2019 updates arrived this week, patching a small list of system and Qualcomm flaws across the operating system’s two patch levels.In Google’s estimation, at the top of the urgent list on the 2019-12-01 patch level (see below for explanation) is CVE-2019-2232, a critical flaw affecting Andro

We found a new spyware family disguised as chat apps on a phishing website. We believe that the apps, which exhibit many cyberespionage behaviors, are initially used for a targeted attack campaign. We first came across the threat in May on the site http://gooogle[.]press/, which was advertising a chat app called “Chatrious.” Users can download the malicious

Update your Android OS because hackers might be accessing your camera and photos A camera security threat for Android devices might have affected hundreds of millions of smartphone and tablet users. The chilling revelation made by researchers exposed a system vulnerability in Android devices that was allowing unauthorized remote use and access to the device’

Just in time for Black Friday, Cyber Monday and the holiday shopping season, we investigated the most recent versions* of 30 of the leading, well-known mobile shopping applications to see how the application providers protect users from security and privacy risks.  The results based on our Advanced Application Analysis z3A technology are alarming: 100% of

Since its discovery less than a month ago, a new Trojan malware for Android we detect as Android/Trojan.FakeAdsBlock has already been seen on over 500 devices, and it’s on the rise. This nasty piece of mobile malware cleverly hides itself on Android devices while serving up a host of advertisements: full-page ads, ads delivered when opening the default brows

Several news outlets over the last few days are talking about how TikTok, the viral short video app where millions of teens post comedy skits set to music, is under fire from U.S. lawmakers.   CNN reports US lawmakers on both sides of the aisle warn that the app could pose a national security risk, and are calling on regulators and intelligence agencies to

We are thrilled to announce Google has selected us to help ensure the safety of the millions of apps in the Google Play Store through its App Defense Alliance.    As a member of the App Defense Alliance, Google will provide us access to mobile apps as they are being queued to publish in the Google Play Store. Through our advanced machine learning-based z9 t

Last week on Malwarebytes Labs, we celebrated the birth of the Internet 50 years ago, highlighted reports about the US Federal Trade Commission (FTC) filing a case against stalkerware developer Retina-X, issued a PSI on disaster donation scams, looked at the top cybersecurity challenged SMBs face, and provided guidance to journalists on how they can defend t

No matter how destructive or invasive, Android malware can usually be removed from an infected device. But a new variant is causing problems for users. Known as xHelper, this new malware is causing a number of problems – not least the fact that it cannot be easily uninstalled. Normally deleting affected apps is enough to stop the infection, but not so with x

By Song Wang (Mobile Threat Analyst) At the start of the year, Google updated its permission requests in Android applications, and in particular, restricted access to SMS and CALL Log permissions. Google also added requirements for non-default applications (or those that don’t provide critical core features), allowing them to prompt and ask users for permiss