A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 users.
#Android #Breach #Code #Computer #Data #Europcar #GitLab #InfoSec #Security #Source #iOS

Cybersecurity firm Lookout found several samples of a North Korean spyware it calls KoSpy.

Lookout researchers have discovered a novel Android surveillance tool dubber KoSpy. It is attributed to APT 37 aka ScarCruft

Amnesty International’s Security Lab uncovers sophisticated Cellebrite zero-day exploit, impacting billions of Android devices.

Amnesty International said that Google fixed previously unknown flaws in Android that allowed authorities to unlock phones using forensic tools. On

A bug in the Android and iPhone monitoring operations allows anyone to access private data exfiltrated from a victim's device.

Discover BADBOX, a new botnet pre-infecting Android devices—including TVs—via factory malware. Explore supply chain threats from one SSL certificate.

• FireScam is an information stealing malware with spyware capabilities.
  It is distributed as a fake ‘Telegram Premium’ APK via a phishing website hosted on the GitHub.io domain, mimicking the RuStore app store.
• The phishing website delivers a dropper that installs the FireScam malware disguised as the Telegram Premium application.
• The malware exfiltrates sensitive data, including notifications, messages, and other app data, to a Firebase Realtime Database endpoint.
• FireScam monitors device activities such as screen state changes, e-commerce transactions, clipboard activity, and user engagement to gather valuable information covertly.
• Captures notifications across various apps, including system apps, to potentially steal sensitive information and track user activities.
• It employs obfuscation techniques to hide its intent and evade detection by security tools and researchers.
• FireScam performs checks to identify if it is running in an analysis or virtualized environment.
• The malware leverages Firebase for command-and-control communication, data storage, and to deliver additional malicious payloads.
• Exfiltrated data is temporarily stored in the Firebase Realtime Database, filtered for valuable content, and later removed.
• The Firebase database reveals potential Telegram IDs linked to the threat actors and contains URLs to other malware specimens hosted on the phishing site.
• By exploiting the popularity of messaging apps and other widely used applications, FireScam poses a significant threat to individuals and organizations worldwide.

Amnesty said it found NoviSpy, an Android spyware linked to Serbian intelligence, on the phones of several members of Serbian civil society following police stops.

The team at CYFIRMA analyzed a malicious Android sample designed to target high-value assets in Southern Asia. This sample, attributed to an unknown threat actor, was generated using the Spynote Remote Administration Tool. While the specifics of the targeted asset remain confidential, it is likely that such a target would attract the interest of APT groups. However, we are restricted from disclosing further details about the actual target and its specific region. For a comprehensive analysis, please refer to the detailed report

The documents provide never-been-seen insight into the current cat-and-mouse game between forensics companies and phone manufacturers Apple and Google.

EXC: Security researchers at Google and Amnesty International discovered hackers exploiting the bug in an active hacking campaign.

Authored by SangRyol Ryu Recently, McAfee’s Mobile Research Team uncovered a new type of mobile malware that targets mnemonic keys by scanning for images

ESET Research uncovers Android malware that relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM.

Android security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks.

Mandrake spyware threat actors resume attacks with new functionality targeting Android devices while being publicly available on Google Play.

A Telegram for Android zero-day vulnerability dubbed 'EvilVideo' allowed attackers to send malicious Android APK payloads disguised as video files.

Earlier this week, the FBI announced that it had accessed the locked phone of Thomas Matthew Crooks, the man who opened fire at a Trump rally last Saturday. A new report from Bloomberg today reveals more details about this process and the phone used by Crooks.

After Saturday’s Trump rally shooting, the FBI said on Sunday that it had been unsuccessful in unlocking Crooks’ phone. The phone was then sent to the FBI lab in Quanitco, Virginia, and on Tuesday the bureau confirmed that it had successfully unlocked the phone in question.

The Medusa banking trojan for Android has re-emerged after almost a year of keeping a lower profile in campaigns targeting France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey.

Android, Google’s most popular mobile operating system, powers billions of smartphones and tablets globally. Known for its open-source nature and flexibility, Android offers users a wide array of features, customization options, and access to a vast ecosystem of applications through the Google Play Store and other sources.

However, with its widespread adoption and open environment comes the risk of malicious activity. Android malware, a malicious software designed to target Android devices, poses a significant threat to users’ privacy, security, and data integrity. These malicious programs come in various forms, including viruses, Trojans, ransomware, spyware, and adware, and they can infiltrate devices through multiple vectors, such as app downloads, malicious websites, phishing attacks, and even system vulnerabilities.