byDanny BradburyJailbreaking iPhones has become a lot harder with each new version of the hardware, but this weekend saw two new announcements that enable people to install apps on their phones. One of them is a traditional jailbreak, while the other is an alternative app store that uses a loophole in Apple’s code-signing process.Jailbreaking is a form

By Todd Han and Junzhi Lu (Mobile Threats Analysts) Google Play and iOS App store are no strangers to fake apps trying to trick users into downloading ad- or malware-ridden versions. We have previously reported on fake Android voice apps on Google Play, which were observed to be impostor apps for voice messenger platforms. Recently, we also uncovered counter

Last week  on the Labs blog, we looked at free VPN offerings, how malware can hinder vital emergency services, and explored how the Heartbleed vulnerability is still causing problems. We also talked about a large FTC settlement involving Google, and how to keep an eye out for leaky AWS buckets. Other cybersecurity news The Cobalt Dickens group has returned

It’s hard to imagine a world without cellphones. Whether it be a smartphone or a flip phone, these devices have truly shaped the late 20th century and will continue to do so for the foreseeable future. But while users have become accustomed to having almost everything they could ever want at fingertips length, cybercriminals were busy setting up shop. To tri

By Feike Hacquebord, Robert McArdle, Fernando Mercês, and David Sancho As more industries adapt to cater to the increasingly mobile market, the financial industry is the latest to experience a shake-up. The Revised Payment Service Directive (PSD2) – also known as Open Banking – is a new set of rules for the European Union (EU) that’s expected to affect

A fake WhatsApp version deployed on the Play Store was downloaded by over a million users, a failure for the automated checks implemented by Google. Once again crooks exploited the official Google’s Play Store as a repository for malicious apps. This time a fake WhatsApp version was used to infect over a million users that downloaded it. The fake Whats

by Lilang Wu, Ju Zhu, and Moony Li We covered iXintpwn/YJSNPI in a previous blog post and looked into how it renders an iOS device unresponsive by overflowing it with icons. This threat comes in the form of an unsigned profile that crashes the standard application that manages the iOS home screen when installed. The malicious profile also exploits certain fe

Let’s see what has happened at Mobile Pwn2Own 2017 competition organized by Trend Micro’s Zero Day Initiative (ZDI) at the PacSec conference in Tokyo. Here we are discussing once again of the Mobile Pwn2Own competition organized by Trend Micro’s Zero Day Initiative (ZDI) at the PacSec conference in Tokyo. White hat hackers earned more than half a milli

By Jason Gu, Veo Zhang, Seven Shen The efficacy of mobile devices to actually produce cryptocurrency in any meaningful amount is still doubtful. However, the effects on users of affected devices are clear: increased device wear and tear, reduced battery life, comparably slower performance. Recently, we found that apps with malicious cryptocurrency mining cap

The source code of a new Android Remote Administration Tool is available on GitHub, it is dubbed AhMyth Android RAT. You just have to download and test it. The source code of a new Android Remote Administration Tool is available on GitHub, it is dubbed AhMyth Android RAT. The malicious code is still in beta version, the AhMyth Android RAT consists of two par

Google has launched Google Play Security Reward, the bug bounty program that will pay $1,000 rewards for flaws in popular apps. Google has officially launched a bug bounty program for Android apps on Google Play Store, a measure that aims to improve the security of Android apps. The initiative, called Google Play Security Reward, will involve the security c

Mobile security firm Appthority published an interesting report that revealed which Android and iOS applications are most frequently blacklisted by enterprises. The company Appthority has published an interesting report that reveals which mobile apps, both Android and iOS, are most frequently blacklisted by enterprises. “The mobile ecosystem in an ente

Developer discovered that iOS apps can read metadata revealing users’ locations and much more, a serious threat to our privacy. The developer Felix Krause, founder of Fastlane.Tools, has discovered that iOS apps can access image metadata revealing users’ location history. Krause published a detailed analysis on the Open Radar community, he explai

Open Whisper Systems announced that it’s working on a new private contact discovery service for its popular communications app Signal. Signal is considered the most secure instant messaging app, searching for it on the Internet it is possible to read the Edward Snowden’ testimony: “Use anything by Open Whisper Systems” Snowden says. The Cryptographer and Pr

Google disclosed details and a proof-of-concept exploit for iPhone Wi-Fi firmware vulnerability affecting Broadcom chipsets in iOS 10 and earlier. This week Google disclosed details and a proof-of-concept exploit for a Wi-Fi firmware vulnerability affecting Broadcom chipsets in iOS 10 and earlier. The flaw that was patched this week could be exploited by att