Updated on 2022-12-29: EarSpy attack Academics from several US universities have developed a new attack called EarSpy that can eavesdrop on Android conversations and other audio using the devices’ built-in motion sensors, such as the accelerometer. Read more: EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers Overview Academic researchers from …
Updated on 2022-12-21: Godfather Android banking trojan Group-IB researchers have an analysis of Godfather, an Android banking trojan built on top of the old Anubis trojan. Godfather currently contains modules to target the customers of 215 banks, 94 crypto wallets, and 110 crypto exchange platforms. The trojan has been active since June 2021. Read more: …
Are your conversations being monitored by your phone? Do you suspect that your phone is listening to you? Are you concerned that Google may be keeping a record of your conversations? Does Google have a record of your verbal exchanges? If so, what options do you have to protect your privacy? It’s no secret that …
Android’s security bulletin for December 2022 includes fixes for more than 80 vulnerabilities. Four of the flaws have been deemed critical. They affect Android versions 10 through 13. Two are in the Android System component, and two are in the Android Application Framework. Note I hope you’ll be able to upgrade your device to the …
Updated on 2022-12-04: Android phone makers’ encryption keys used in malware It’s never good when private keys are leaked or stolen, but even worse when they’re reused for malware. But that’s what happened with Android device makers Samsung and LG. @maldr0id found that “platform certificates” used to verify legitimate third-party Android system apps developed by …
Platform certificates from major Android vendors and software makers have leaked and were used to sign malware, the Android Security Team discovered last month. Platform certificates are digital certificates used by Android OEMs and ODMs to sign versions of the Android OS they deploy on their devices, their firmware, and official vendor apps they might …
Updated on 2022-12-01: Predatory lending apps Mobile security firm Lookout found 251 Android and 35 iOS lending apps that engaged in predatory and abusive behavior toward their users. The apps offered users loans but, in return, requested access to excessive permissions and personal user information, such as contacts, local files, and SMS messages. The apps …
Updated on 2022-12-01 Schoolyard Bully Mobile security firm Zimperium said it discovered a new Android trojan named Schoolyard Bully that has been active since 2018. Disguised as educational apps in both the Google Play Store and other third-party app stores, this malware has been downloaded more than 300,000 times across 71 countries. Zimperium says the …
Updated November 29, 2022: We have updated the content below to show as intended. Thank you for your patience. Users of OneDrive for Android can now split PDFs and have PDFs saved back to OneDrive.
Updated on 2022-11-22 Antivirus maker Bitdefender said it identified four Android apps on the official Play Store acting as downloaders for the SharkBot banking trojan. The apps were file managers but also contained malicious code to help deploy malware on a user’s device after their Play Store installation. Read more: Android SharkBot Droppers on Google …
Updated on 2022-12-22: Memory safety The US Congress will require the National Cyber Director to study the use of memory safety languages in the federal government, according to a provision included in the Financial Services and General Government Appropriations Act 2023 [PDF, page 19]. Updated on 2022-12-01: Android and safe languages Google says that Android …
Updated on 2022-11-13: Security researcher lands $70,000 for Google Pixel lock-screen bypass A vulnerability in all Google Pixel phones allowed anyone to easily bypass the lock screen, according to @xdavidhu. The bug was fixed on November 5 in an Android security update and tracked as CVE-2022-20465. The bug can be exploited with physical access to …
Updated on 2022-11-11: Xenomorph on the Play Store The Xenomorph Android banking malware has been found inside apps on the Play Store, according to Zscaler. Finding malware in Play Store-hosted apps is becoming a trend again. Read more: Rise of Banking Trojan Dropper in Google Play Overview Zscaler spotted the Xenomorph banking trojan, spreading via …
Updated November 16, 2022: We have updated the rollout timeline below. Thank you for your patience. In October we announced at Microsoft Ignite that the Office app for web (office.com), Windows, iOS, and Android will be rebranded to become the Microsoft 365 app (MC446132). As a continuation of this, the service listings on Service health …
Updated on 2022-11-02 A set of four malicious apps, developed by the Mobile apps Group, was found propagating the HiddenAds trojan. The apps have been downloaded over a million times from the Google Play Store. Read more: Malware on the Google Play store leads to harmful phishing sites Updated on 2022-11-01: New malware from the …
