Tag

Android Malware

All articles tagged with #android malware

cybersecurity1 month ago•4 min saved

Mirax Android RAT Turns Phones Into SOCKS5 Proxies via Meta Ads

A new Android remote access Trojan named Mirax blends traditional RAT capabilities with a residential SOCKS5 proxy feature, allowing attackers to route traffic through infected devices. Campaigns reach about 220,000 accounts on Facebook, Instagram, Messenger, and Threads via Meta ads promoting a malware dropper, with Mirax offered as a MaaS to a small, Russia-focused affiliate network. Once installed, it can capture data, render fake overlays for credential theft, and maintain multiple C2 channels (WebSockets on ports 8443, 8444, and 8445) for remote control, streaming, exfiltration, and proxy deployment. Distribution uses GitHub-hosted droppers and two crypters (Virbox and Golden Crypt) with anti-analysis checks, reflecting a trend of combining RAT functionality with proxy networks for monetization and broader reach.

via The Hacker News|

#android-malware #cybersecurity #malware-as-a-service

technology2 months ago•5 min saved

Perseus Android malware hunts secrets in notes, gains full device control

A new Android banking Trojan named Perseus disguises itself as IPTV apps to distribute via unofficial stores. It uses Android Accessibility Services to scan and extract sensitive data from note apps (Google Keep, Samsung Notes, Evernote, OneNote, etc.), including passwords and recovery phrases, enabling full remote control over infected devices (screenshots, overlay attacks, keylogging, app launches, and more). The malware evades analysis with anti‑analysis checks and a “suspicion score” to decide whether to proceed. It primarily targets Turkish and Italian financial institutions and crypto apps. Users are advised to avoid sideloading APKs, only use Google Play, and keep Play Protect enabled.

via BleepingComputer|

#android-malware #notes #perseus

technology2 months ago•5 min saved

Phishing PWA Poses as Google Security Page to Steal OTPs and Proxy Victims’ Traffic

A phishing campaign disguises a fake Google Security page as a Progressive Web App to trick users into granting permissions. The malicious PWA can exfiltrate one-time passwords, clipboard contents, contacts, and GPS data, and can proxy the victim’s browser traffic and scan internal networks via a WebSocket relay. An Android APK is also distributed to extend access with keystroke capture and device admin persistence. The attack relies on social engineering, not exploiting a vulnerability. Google says security checks aren’t done via pop-ups; remove the PWA and revoke device admin rights following Malwarebytes’ removal guidance.

via BleepingComputer|

#android-malware #otp #phishing

security3 months ago•15 min saved

PromptSpy uses GenAI to persist on Android via AI-guided UI manipulation

ESET researchers uncovered PromptSpy, the first known Android malware to use generative AI (Google Gemini) to drive UI-level actions for persistence. By feeding Gemini an XML snapshot of the current screen, the AI returns step-by-step tap instructions to keep the app in the recent apps list, while a built-in VNC module provides remote access. The malware also exploits Accessibility Services, overlays to hinder uninstallation, and can capture lockscreen data and screen video. Distribution appears tied to Argentina via a banking/phishing site; no Google Play presence. This example shows how AI can make Android threats more adaptive and harder to defeat.

via WeLiveSecurity|

#android-malware #generative-ai #persistence

technology3 months ago•7 min saved

Keenadu: A firmware-level Android tablet backdoor hidden in signed OTA updates

A new Android backdoor named Keenadu is embedded in tablet firmware and distributed via signed OTA updates, enabling attackers to remotely control devices, hijack browsers, monetize app installs, and exfiltrate data through a multi-stage loader that operates across all apps. It also spreads via trojanized apps on Google Play, with Google removing three related apps and Play Protect offering protection. About 13,700 users have been affected worldwide, with clusters in Russia, Japan, Germany, Brazil, and the Netherlands. Keenadu targets core Android components (libandroid_runtime.so, Zygote, system_server) to bypass sandboxing, allowing payloads to be delivered per targeted app and enabling broad control over the device.

via The Hacker News|

#android-malware #firmware-backdoor #kaspersky

technology6 months ago•4 min saved

Android Malware Steals Card Details and Drains Bank Accounts

A new Android malware called NGate has been discovered that can steal debit card details and PINs via NFC technology, allowing hackers to make ATM withdrawals without physical card theft. The malware is spread through social engineering tactics like phishing and fake apps, emphasizing the importance of downloading apps only from trusted sources and being cautious with personal information. Protecting devices with antivirus software and staying vigilant against scams are crucial to prevent such attacks.

via Tom's Guide|

#android-malware #banking-security #cybersecurity

technology7 months ago•3 min saved

Android malware mimics human typing to evade detection and steal money

A new Android malware called Herodotus is designed to steal banking credentials by mimicking human typing and overlaying fake login screens, with active campaigns in Italy and Brazil, and is sold as a service on underground forums. It uses sophisticated techniques to evade detection, including random delays in keystrokes, and can hijack input and steal sensitive data, posing a significant threat to mobile banking security.

via theregister.com|

#android-malware #banking-credentials #cybersecurity

cybersecurity7 months ago•3 min saved

Herodotus Android Malware Evades Detection by Mimicking Human Typing

Researchers have uncovered a new Android banking trojan called Herodotus that can mimic human typing to evade detection, conduct device takeover attacks, and target financial institutions and cryptocurrency platforms, highlighting evolving malware techniques and active campaigns in Italy, Brazil, and beyond.

via The Hacker News|

#android-malware #banking-trojan #behavior-mimicry

cybersecurity8 months ago•3 min saved

Android Malware Evolves: From Banking Trojans to Advanced Spyware and Crypto-Stealers

Cybersecurity researchers report a shift in Android malware, with dropper apps now delivering SMS stealers and spyware instead of just banking trojans, using sophisticated methods to evade Google Play Protect and targeting users in Asia and Europe through malicious apps and ads, highlighting ongoing challenges in mobile security.

via The Hacker News|

#android-malware #cybersecurity #dropper-apps

technology8 months ago•2 min saved

Cybercriminals Exploit Fake Ads to Infect Android Devices with Malware and Spyware

Cybercriminals are using fake TradingView ads on Meta's platform to distribute Brokewell malware for Android, which can steal sensitive data, monitor devices remotely, and hijack device controls, targeting cryptocurrency users since July 2023.

via BleepingComputer|

#ad-fraud #android-malware #brokewell

technology11 months ago•4 min saved

FBI Warns of BADBOX 2.0 Android Malware Impacting Millions

The FBI warns that the BADBOX 2.0 malware has infected over 1 million consumer IoT devices, mainly Android-based smart TVs and streaming devices, turning them into residential proxies for malicious activities like ad fraud and credential stuffing. Despite disruptions, the botnet continues to grow globally, with devices from China shipped worldwide, and consumers are advised to monitor their devices and avoid unofficial app stores.

via BleepingComputer|

#android-malware #badbox-20 #botnet

mobile-security-financial-fraud1 year ago•2 min saved

FakeCall Malware Exploits Androids for Banking Scams

A new variant of the FakeCall Android malware has been discovered, using voice phishing techniques to deceive users into divulging personal information. This sophisticated malware can intercept and hijack calls, redirecting them to fraudulent numbers controlled by attackers, while mimicking legitimate banking interfaces. It exploits accessibility services to gain control over devices, capturing sensitive data and performing unauthorized actions. The malware's evolution highlights ongoing challenges in mobile security, despite efforts to enhance defenses against such threats.

via The Hacker News|

#android-malware #banking-fraud #cybersecurity

technology2 years ago•3 min saved

"New Evasion Tactics: PixPirate Android Malware Targets Samsung, Google Pixel, and WhatsApp Users"

The PixPirate Android malware has evolved to hide on phones by not using an icon and employing a new tactic to remain active even after its dropper app is removed. It utilizes two apps, with the second one being the encrypted banking malware, and can launch and control itself based on different device events. The malware targets the Brazilian instant payment platform Pix to divert funds to attackers and has the capability to automate fraudulent transactions without users' knowledge. Google Play Protect is currently able to protect against known versions of this malware.

via BleepingComputer|

#android-malware #banking-trojan #google-play-protect

cybersecurity2 years ago•3 min saved

"Anatsa Android Malware Spreads to Millions of Samsung Galaxy Users via Google Play"

The Anatsa banking trojan has infected at least 150,000 Android devices in Europe through dropper apps hosted on Google Play, targeting specific geographic regions and using tactics to bypass security measures. The malware has evolved to abuse Android’s Accessibility Service and employs a multi-staged infection process. Google has removed most Anatsa dropper apps from the store, but the total number of downloads is expected to increase. Android users are advised to scrutinize app permissions and avoid downloading apps from unfamiliar publishers to protect against potential malware threats.

via BleepingComputer|

#accessibility-service #anatsa #android-malware

mobile-security-cyber-threat2 years ago•2 min saved

"Evolved Android Malware: Auto-Execution Threat for Users"

A new variant of Android malware called MoqHao has been discovered, which automatically executes on infected devices without user interaction, targeting users in France, Germany, India, Japan, and South Korea. This malware is associated with a Chinese financially motivated cluster and is distributed via smishing techniques, with the latest iteration running automatically upon installation and prompting victims to grant risky permissions. Additionally, a previously unknown cybercrime syndicate named Bigpanzi has been linked to compromising Android-based smart TVs and set-top boxes for conducting distributed denial-of-service attacks, posing a significant threat to social order and stability.

via The Hacker News|

#android-malware #bigpanzi #cyber-threat