Zombinder is a third-party service on darknet used to embed malicious payloads in legitimate Android applications. While investigating a new malware campaign targeting Android and Windows systems, researchers at Threat Fabric discovered a darknet service, dubbed Zombinder, used to embed malicious payloads in legitimate Android apps. The campaign involv

Google has disclosed more technical details about how Private Compute Core (PCC) on Android works and keeps sensitive user data processed locally on protected devices.Introduced in Android 12, PCC is a secure, isolated, and trusted environment within the operating system where data from sensors, GPS, microphone, camera, and screen are stored and processed to

You may well have changed your social media site of choice recently, but that doesn’t mean the security implications of less familiar sites and services can be ignored. For the sites themselves, coping with an influx of new users can be nothing short of a large headache. And even the more established entities like Mastodon—which is expe

The Android app Web Explorer – Fast Internet left an open instance, exposing a trove of sensitive data that malicious actors could use to check specific users’ browsing history. Original post at https://cybernews.com/security/android-app-leaked-user-browsing-history/ A browsing app for Android devices, Web Explorer – Fast Internet, left open its Fireba

The Pwn2Own Toronto 2022 hacking competition has begun, this is the 10th anniversary of the consumer-focused version of the contest. The news of the Samsung Galaxy S22 hack on the first day of Pwn2Own Toronto 2022 made the headlines. White hat hackers that participated in the competition hacked the Samsung Galaxy S22 smartphone twice during the first day

Google has released the December 2022 security update for Android, fixing four critical-severity vulnerabilities, including a remote code execution flaw exploitable via Bluetooth.This month’s update addresses 45 vulnerabilities in core Android components with patch level 2022-12-01, and another 36 vulnerabilities impacting third-party components addres

Resecurity has identified a new underground marketplace in the Dark Web oriented towards mobile malware developers and operators. “In the Box” dark web marketplace is leveraged by cybercriminals to attack over 300 financial institutions (FIs), payment systems, social media and online-retailers in 43 countries Resecurity, the California-base

A new set of Android malware, phishing, and adware apps have infiltrated the Google Play store, tricking over two million people into installing them.The apps were discovered by Dr. Web antivirus and pretend to be useful utilities and system optimizers but, in reality, are the sources of performance hiccups, ads, and user experience degradatio

Experts found multiple flaws in three Android Keyboard apps that can be exploited by remote attackers to compromise a mobile phone. Researchers at the Synopsys Cybersecurity Research Center (CyRC) warn of three Android keyboard apps with cumulatively two million installs that are affected by multiple flaws (CVE-2022-45477, CVE-2022-45478, CVE-2022-45479,

​Multiple platform certificates used by Android OEM device vendors to digitally sign core system applications were utilized by threat actors to sign apps containing malware.OEM Android device manufacturers use platform certificates, or platform keys, to sign devices' core ROM images containing the Android operating system and associated apps.If apps, e

An Android malware campaign masquerading as reading and education apps has been underway since 2018, attempting to steal Facebook account credentials from infected devices.According to a new report by Zimperium, the campaign has infected at least 300,000 devices across 71 countries, primarily focusing on Vietnam.Map of victims (Zimperium)Some apps used

Vulnerabilities in mobile apps exposed Hyundai and Genesis car models after 2012 to remote attacks that allowed unlocking and even starting the vehicles.Security researchers at Yuga Labs found the issues and explored similar attack surfaces in the SiriusXM "smart vehicle" platform used in cars from other makers (Toyota, Honda, FCA, Nissan, Acura, and In

Over 280 Android and iOS apps on the Google Play and the Apple App stores trapped users in loan schemes with misleading terms and employed various methods to extort and harass borrowers.To fuel the operation's extortion attempts, the apps stole excessive amounts of data from mobile phones not usually required to offer loans.In a new report by cybersecurity f

​A fake Android SMS application, with 100,000 downloads on the Google Play store, has been discovered to secretly act as an SMS relay for an account creation service for sites like Microsoft, Google, Instagram, Telegram, and Facebook.A researcher says the infected devices are then rented out as "virtual numbers" for relaying a one-time passcode used to

Mobile device threats are menaces over your mobile device that can manifest at the network level, can be application-based, system-based vulnerabilities, or even physical. These risks are wide spreading now, as we use these devices for sensitive business.Smartphones and tablets bring a plus in your and your company’s life: they are reliable when you need to