HackDig : Dig high-quality web security articles for hacker

Joker malware still able to bypass Google Play Store checks

The infamous Joker malware has found a way to bypass the security checks to be published in the official Play Store, new clicker was found by experts. The fight to the Joker malware (aka Bread) begun in September 2019 when security experts at Google removed from the official Play Store 24 apps because they were infected with a new spyware tracked as “the
Publish At:2020-02-22 15:20 | Read:68 | Comments:0 | Tags:Breaking News Cyber Crime Malware Mobile Hacking it security

Google removed nearly 600 apps from the Play Store for ad policy violation

Google announced to have removed nearly 600 Android apps in the official Play Store that were violating two ad-related policies. Google removed from the official Play Store nearly 600 Android apps that were violating two ad-related policies, it also banned the same apps from Google AdMob and Google Ad Manager. “As part of our ongoing efforts —
Publish At:2020-02-22 08:56 | Read:135 | Comments:0 | Tags:Mobile Security Android hacking news information security ne

IDF soldiers tricked into installing malicious apps by Hamas operatives posing as attractive women

Israeli Force (IDF) announced it has thwarted an attempt by the Hamas militant group to hack soldiers’ phones by posing as attractive women on social media. Israeli Defence Force (IDF) announced it has thwarted an attempt by the Hamas militant group to hack soldiers’ mobile devices by posing as attractive women on social media and instant messaging apps
Publish At:2020-02-17 07:37 | Read:122 | Comments:0 | Tags:Breaking News Cyber warfare Hacking Malware Mobile Espionage

Critical Android Bluetooth flaw CVE-2020-0022 could be exploited without user interaction

Google addressed a critical vulnerability in its Android OS that affects the Bluetooth subsystem and could be exploited without user interaction. Google has addressed a critical flaw in Android OS that affects the Bluetooth subsystem and could be exploited without user interaction. The vulnerability tracked as CVE-2020-0022 is a remote code execution
Publish At:2020-02-09 10:43 | Read:127 | Comments:0 | Tags:Breaking News Cyber Crime Mobile Android Bluetooth CVE-2020-

Malicious Optimizer and Utility Android Apps on Google Play Communicate with Trojans that Install Malware, Perform Mobil

By Lorin Wu (Mobile Threats Analyst) We recently discovered several malicious optimizer, booster, and utility apps (detected by Trend Micro as AndroidOS_BadBooster.HRX) on Google Play that are capable of accessing remote ad configuration servers that can be used for malicious purposes, perform mobile ad fraud, and download as many as 3,000 malware variants
Publish At:2020-02-06 14:35 | Read:194 | Comments:0 | Tags:Malware Mobile android google play malicious apps Mobile Ad

United States government-funded phones come pre-installed with unremovable malware

A United States–funded mobile carrier that offers phones via the Lifeline Assistance program is selling a mobile device pre-installed with not one, but two malicious applications. Assurance Wireless by Virgin Mobile offers the UMX U686CL phone as their most budget conscious option. At only $35 under the government-funded program, it’s an attractive offering.
Publish At:2020-01-09 16:50 | Read:499 | Comments:0 | Tags:Android android malware Android/Trojan.Dropper.Agent.UMX And

First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group

by Ecular Xu and Joseph C Chen We found three malicious apps in the Google Play Store that work together to compromise a victim’s device and collect user information. One of these apps, called Camero, exploits CVE-2019-2215, a vulnerability that exists in Binder (the main Inter-Process Communication system in Android). This is the first known active attack i
Publish At:2020-01-06 14:35 | Read:491 | Comments:0 | Tags:Exploits Mobile app APT google play exploit

The little-known ways mobile device sensors can be exploited by cybercriminals

The bevy of mobile device sensors in modern smartphones and tablets make them more akin to pocket-sized laboratories and media studios than mere communication devices. Cameras, microphones, accelerometers, and gyroscopes give incredible flexibility to app developers and utility to mobile device users. But the variety of inputs also give clever hackers new me
Publish At:2019-12-11 16:50 | Read:631 | Comments:0 | Tags:IoT accelerometer Android camera Google gyroscope Internet o

Yodel parcel tracking app blabs about other people’s parcels

byLisa Vaas“Fragile?” “Handle with care?”“Meh! Looks like a football to me,” workers for the UK parcel delivery company Yodel must have said around the time – 2016 – they were caught on video, apparently tossing packages around.Have they grown more tender? Dunno, but FWIW, a year after the football exposé, they made it to the top of the country&#
Publish At:2019-12-05 12:35 | Read:732 | Comments:0 | Tags:Android Mobile Privacy Ax Sharma courier delivery leak packa

Critical DoS messaging flaw fixed in December Android update

byJohn E DunnFor anyone lucky enough to get them, Android’s December 2019 updates arrived this week, patching a small list of system and Qualcomm flaws across the operating system’s two patch levels.In Google’s estimation, at the top of the urgent list on the 2019-12-01 patch level (see below for explanation) is CVE-2019-2232, a critical flaw affecting Andro
Publish At:2019-12-05 12:35 | Read:563 | Comments:0 | Tags:Android Google Linux Mobile Operating Systems Security threa

Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack

We found a new spyware family disguised as chat apps on a phishing website. We believe that the apps, which exhibit many cyberespionage behaviors, are initially used for a targeted attack campaign. We first came across the threat in May on the site http://gooogle[.]press/, which was advertising a chat app called “Chatrious.” Users can download the malicious
Publish At:2019-12-02 14:35 | Read:762 | Comments:0 | Tags:Bad Sites Mobile android APK cyberespionage spyware

Court says suspect can’t be forced to reveal 64-character password

byLisa VaasThe dry facts: A US court has come down in favor of Fifth Amendment protections against forced disclosure of a 64-character passcode in a child abuse imagery case = an important interpretation of whether forced password disclosure is the modern equivalent of an unconstitutionally coerced confession.The gut punch: The defendant is a man previously
Publish At:2019-11-26 12:35 | Read:727 | Comments:0 | Tags:Cryptography Law & order Mobile Privacy child abuse child ab

Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps

By Lance Jiang and Jesse Chang CVE-2019-11932, which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019 after a researcher named Awakened discovered that attackers could use maliciously crafted GIF files to allow remote code execution. The vulnerability was patched with version 2.19.244 of WhatsApp, but the under
Publish At:2019-11-25 14:35 | Read:722 | Comments:0 | Tags:Mobile Vulnerabilities vulnerability whatsapp Vulnerability

49 Disguised Adware Apps With Optimized Evasion Features Found on Google Play

By Jessie Huang We recently found 49 new adware apps on Google Play, disguised as games and stylized cameras. These apps are typical adware, hiding themselves within mobile devices to show ads and deploying anti-uninstall and evasion functions. These apps are no longer live but before they were taken down by Google, the total number of downloads was more tha
Publish At:2019-11-12 02:35 | Read:770 | Comments:0 | Tags:Mobile apps google play mobile adware

Zimperium Analyzes TikTok’s Security and Privacy Risks

Several news outlets over the last few days are talking about how TikTok, the viral short video app where millions of teens post comedy skits set to music, is under fire from U.S. lawmakers.   CNN reports US lawmakers on both sides of the aisle warn that the app could pose a national security risk, and are calling on regulators and intelligence agencies to
Publish At:2019-11-12 00:25 | Read:633 | Comments:0 | Tags:App Security Mobile Threat Defense Android apps iOS mobile M

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud