Android Archives - Cyber Security Minute

Hamster Kombat Players Threatened by Spyware & Infostealers

Issued by: Dark Reading

Malicious actors are targeting users of a mobile currency game by using fake Android and Windows software that installs spyware and other malware. Hamster Kombat launched in March and already has more than 250 million users, likely due to the promises of winning TON-based cryptocurrency. The game is for Android users, who can earn in-game…

Software Security

Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug

Issued by: SecurityWeek

The critical bug, tracked as CVE-2024-31320, impacts Android versions 12 and 12L and allows an attacker to escalate privileges on a vulnerable device. “The most severe of these issues is a critical security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed,” Google explains in…

Mobile Security

Anatsa Android banking Trojan expands to Slovakia, Slovenia, and Czechia

Issued by: Security Affairs

In November 2023, researchers from ThreatFabric observed a resurgence of the Anatsa banking Trojan, aka TeaBot and Toddler. Between November and February, the experts observed five distinct waves of attacks, each focusing on different regions. The malware previously focused its activities on the UK, Germany, and Spain, but the latest campaigns targeted Slovakia, Slovenia, and…

Mobile Security

Xamalicious Android malware distributed through the Play Store

Issued by: Security Affairs

McAfee Mobile Research Team discovered a new Android backdoor dubbed Xamalicious that can take full control of the device and perform fraudulent actions. The malware has been implemented with Xamarin, an open-source framework that allows building Android and iOS apps with .NET and C#. Xamalicious relies on social engineering to gain accessibility privileges, then it…

Malware & Threats

Chameleon Android Malware Can Bypass Biometric Security

Issued by: SecurityWeek

Active since early 2023, the malware initially targeted mobile banking applications in Australia and Poland, but has since expanded its reach to the UK and Italy. When initially uncovered, ThreatFabric explains, Chameleon used multiple loggers, had limited malicious functionality, and contained various unused commands, suggesting that it was still under development. Employing a proxy feature…

Mobile Security

Google addressed an actively exploited zero-day in Android

Issued by: Security Affairs

Google released September 2023 Android security updates that address tens of vulnerabilities, including a zero-day flaw tracked as CVE-2023-35674 that was actively exploited in the wild. This high-severity vulnerability CVE-2023-35674 resides in the Framework component, a threat actor could exploit the issue to escalate privileges without requiring user interaction or additional execution privileges. “There are…

Mobile Security

Chinese APT Uses Fake Messenger Apps to Spy on Android Users

Issued by: DataBreach Today

Hackers aligned with Chinese interests are targeting Android users with fake encrypted chat apps Trojanized with espionage capabilities in separate and ongoing campaigns, one active since July 2020 and the other for more than 12 months. Researchers at Eset on Wednesday attributed the campaigns to a threat group tracked as Gref, which overlaps with activity…

Vulnerabilities

What Causes a Rise or Fall in Fresh Zero-Day Exploits?

Issued by: DataBreach Today

Why are so many fresh zero-day vulnerabilities getting exploited in the wild? A new study from Google says that last year, 41 new zero-day vulnerabilities were exploited in the wild. While that’s welcome news in terms of recent volume – it’s a 40% decrease from the all-time annual high of 69 in 2021 – it’s…

Mobile Security

Mobile Cyberattacks Soar, Especially Against Android Users

Issued by: Dark Reading

Attackers are increasingly targeting users through their mobile devices, attacking vulnerabilities in services that are built into applications and mounting increasing numbers of SMS phishing attacks. That’s according to mobile security firm Zimperium’s 2023 “Global Mobile Threat Report,” which also found that the average number of unique mobile malware samples grew 51% in 2022, totaling…

Mobile Security

Samsung Patches Memory Address Randomization Bypass Flaw

Issued by: DataBreach Today

Android smartphone device manufacturer Samsung has a patch for a flaw used by commercial surveillance hackers to implant malware in the United Arab Emirates. Security researchers at Google and Amnesty International in March reported an exploit chain apparently developed by Barcelona spyware vendor Variston to deploy a surveillance malware to devices located in the UAE….