A hacker Thursday afternoon published what he claims to be the decryption key for Apple iOS’ Secure Enclave Processor (SEP) firmware. The Apple Secure Enclave is an ARM-based coprocessor that enhances iOS security, but on Thursday a hacker published what he says is the decryption key for Apple iOS’ Secure Enclave Processor (SEP) firmware. According to Apple 

Kaspersky discovered a news strain of the mobile banking Trojan Faketoken that displays overlays on top of taxi booking apps to steal banking information. Security experts from Kaspersky have discovered a news strain of the infamous mobile banking trojan Faketoken that implements capabilities to detect and record an infected device’s calls and display

The Trojan-Banker.AndroidOS.Faketoken malware has been known about for already more than a year. Throughout the time of its existence, it has worked its way up from a primitive Trojan intercepting mTAN codes to an encrypter. The authors of its newer modifications continue to upgrade the malware, while its geographical spread is growing. Some of these modifi

By Echo Duan and Roland Sun We’ve uncovered a pervasive auto-clicking adware from as much as 340 apps from Google Play, one of which, named “Aladdin’s Adventure’s World”, was downloaded 5 million times. These adware-embedded applications include recreational games, device performance utilities like cleaners and boosters, and file managers, QR and barcode sc

To fight phishing attacks, Google has introduced a security measure for its Gmail app for iOS that will help users identify and delete phishing emails. Phishing continues to be one of the most dangerous threats, crooks continue to devise new techniques to trick victims into providing sensitive information. The technique is still the privileged attack vector

by Stephen Hilt, Mayra Rosario Fuentes, and Robert McArdle and (Senior Threat Researchers)  People are increasingly taking to online dating to find relationships—but can they be used to attack a business? The kind (and amount) of information divulged—about the users themselves, the places they work, visit or live—are not only useful for people looking for a

August’s Android Security Bulletin includes three file system vulnerabilities (CVE-2017-10663, CVE-2017-10662, and CVE-2017-0750) that were discovered by Trend Micro researchers. These vulnerabilities could cause memory corruption on the affected devices, leading to code execution in the kernel context. This would allow for more data to be accessed and contr

by Lorin Wu Trend Micro researchers detected a new SLocker variant that mimics the GUI of the WannaCry crypto-ransomware on the Android platform. Detected as ANDROIDOS_SLOCKER.OPSCB, this new SLocker mobile ransomware variant features new routines that utilize features of the Chinese social network QQ, along with persistent screen-locking capabilities. SLock

Security experts at Kaspersky discovered the dreaded Svpeng Trojan has been recently modified to implement keylogger features. Cyber criminals are becoming even more aggressive and are using new stealth techniques. Security experts at Kaspersky have discovered that one of the most dangerous Android banking Trojan, Svpeng, has been recently modified to imple

by Ford Qin While mobile ransomware such as the recent SLocker focuses on encrypting files on the victim’s devices, a new mobile ransomware named LeakerLocker taps into its victims’ worst fears by allegedly threatening to send personal data on a remote server and expose its contents to everyone on their contact lists. The LeakerLocker ransomware is bei

In mid-July 2017, we found a new modification of the well-known mobile banking malware family Svpeng – Trojan-Banker.AndroidOS.Svpeng.ae. In this modification, the cybercriminals have added new functionality: it now also works as a keylogger, stealing entered text through the use of accessibility services. Accessibility services generally provide user interf

Malware researchers at the Russian anti-virus firm Dr.Web have spotted the Triada Trojan in the firmware of several low-cost Android smartphones. Another case of pre-installed malware make the headlines, malware researchers at the Russian anti-virus firm Dr.Web have spotted the Triada Trojan in the firmware of several low-cost Android smartphones, including

Google has identified a new strain of Android malware, the Lipizzan spyware, that could be used as a powerful surveillance tool. Malware researchers at Google have spotted a new strain of Android spyware dubbed Lipizzan that could exfiltrate any kind of data from mobile devices and use them as surveillance tools. The Lipizzan spyware is a project developed

A flashlight app, fake videos or a fake gaming app? Any one of those could be malicious and harboring a mobile malware app, right there in a trusted official app store. In an ongoing trend, IBM X-Force noted that malicious apps manage to circumvent controls and infiltrate legitimate stores. And this is not about the plethora of adware apps infecting users in

The SLocker source code leaked online, it is one of the oldest mobile lock screen and file-encrypting ransomware. The source code of the SLocker Android malware, one of the most popular Android ransomware families, has been leaked online for free, allowing crooks to develop their own variant of the threat. SLocker was first spotted in 2015, it is the first