A recently identified malvertising campaign targeting mobile and other connected devices users makes heavy use of obfuscation and cloaking to avoid detection.Dubbed LuckyBoy, the multi-stage, tag-based campaign is focused on iOS, Android, and Xbox users. Since December 2020, it penetrated over 10 Demand Side Platforms (DSP), primarily Europe-based, with obse

The ongoing controversies surrounding TikTok hit a new gear on Thursday with a bombshell report accusing the Chinese company of spying on millions of Android users using a technique banned by Google.According to a Wall Street Journal report, TikTok used a banned tactic to bypass the privacy safeguard in Android to collect unique identifiers from millions of

Experts discovered an Android Remote Access Trojan, dubbed Rogue, that can allow to take over infected devices and steal user data. Rogue is a new mobile RAT discovered by researchers from Check Point while investigating the activity of the darknet threat actors known as Triangulum and HeXaGoN Dev. Both actors are Android malware authors that are offering

Project Zero, Google's 0day bug-hunting team, revealed a hacking campaign coordinated by "a highly sophisticated actor" and targeting Windows and Android users with zero-day and n-day exploits.The Project Zero team, in collaboration with the Google Threat Analysis Group (TAG), discovered a watering hole attack using two exploit servers in early 2020, each of

A recently discovered Mobile Remote Access Trojan (MRAT) can take control of the infected Android devices and exfiltrate a trove of user data, Check Point security researchers warn.Dubbed Rogue, the Trojan is the work of Triangulum and HeXaGoN Dev, known Android malware authors that have been selling their malicious products on underground markets for severa

Google Project Zero researchers uncovered a sophisticated hacking campaign that targeted Windows and Android users. The Google Project Zero team has recently launched an initiative aimed at devising new techniques to detect 0-day exploits employed in attacks in the wild. While partnering with the Google Threat Analysis Group (TAG), the experts discovered

Google released an Android security update that addressed tens of flaws, including a critical Android remote code execution vulnerability. Google released an Android security update that addresses 43 flaws, including a critical remote code execution vulnerability in the Android System component tracked as CVE-2021-0316. Google addressed the flaws with th

Google this week announced the January 2021 security updates for Android devices, which address 42 vulnerabilities, including four rated critical severity.Addressed as part of the 2021-01-01 security patch level and tracked as CVE-2021-0316, the most important of these flaws is a critical security bug in System that could be exploited to achieve code executi

@import url('https://themes.googleusercontent.com/fonts/css?kit=lhDjYqiy3mZ0x6ROQEUoUw');ol.lst-kix_m7n4vga7agj0-8.start{counter-reset:lst-ctn-kix_m7n4vga7agj0-8 0}ol.lst-kix_s7qtkfn3qfov-6.start{counter-reset:lst-ctn-kix_s7qtkfn3qfov-6 0}.lst-kix_2atftb74ca0r-5>li{counter-increment:lst-ctn-kix_2atftb74ca0r-5}ol.lst-kix_lgfdoxi035fa-6.start{counter-r

Video and POC here : https://www.youtube.com/watch?v=hAPkSGxh9H0When you open a project in android studio, if gradle-wrapper.properties setdistributionUrl=https://services.gradle.org/distributions/gradle-2.6-all.zip<https://www.google.com/url?q=http://services.gradle.org/distributions/gradle-2.6-all.zip&sa=D&usg=AFQjCNHSuog_mDHXLFUDcfXdMkVSqzfLug&

Google this week announced an extended support period for Android 11 and later devices launching with Qualcomm System-on-Chip (SoC) models.Currently, devices receive support for a period of three years, which includes security patches, but moving forth users will enjoy one additional year of operating system and security updates.The move, the Internet search

Security experts spotted a new malware strain, named Goontact, that allows its operators to spy on both Android and iOS users. Security researchers from Lookout have discovered new spyware, dubbed Goontcat, that could target both Android and iOS users. Goontact implement common spyware features, including the ability to gather data from the infected de

This week Samsung has started rolling out Android's December security updates to mobile devices to patch critical security vulnerabilities in the operating system and related components.This comes after Android had published their December 2020 security updates bulletin, which includes patches for critical vulnerabilities impacting the latest devic

Researchers explore fingerprint-jacking, a user interface-based attack that targets fingerprints scanned into Android apps.Many modern smartphones have a fingerprint scanner to authorize device access and enable account login, payment authorization, and other operations. The scanner is meant for secure authentication, but researchers are finding new ways to

A total of 46 vulnerabilities were addressed this week with the release of the December 2020 security updates for Android.The vulnerability fixes are split into two patch levels, with the first of them addressing 13 bugs, including a critical flaw in Media Framework. All of the remaining 12 issues resolved by the 2020-12-01 security patch level are high sev