Android malware
Android malware uses VNC to give attackers hands-on access
A new Android banking and remote access trojan (RAT) dubbed Klopatra disguised as an IPTV and VPN app has infected more than 3,000 devices across Europe. Klopatra is described as a powerful trojan that can monitor the screen in real time, capture input, simulate gesture navigation, and features a hidden Virtual Network Computing (VNC) mode. Researchers at […]
ERMAC Android malware source code leak exposes banking trojan infrastructure
The source code for version 3 of the ERMAC Android banking trojan has been leaked online, exposing the internals of the malware-as-a-service platform and the operator’s infrastructure. The code base was discovered in an open directory by Hunt.io researchers while scanning for exposed resources in March 2024. They located an archive named Ermac 3.0.zip, which contained the malware’s code, including backend, […]
Android malware Konfety uses malformed APKs to evade detection
A new variant of the Konfety Android malware emerged with a malformed ZIP structure along with other obfuscation methods that allow it to evade analysis and detection. Konfety poses as a legitimate app, mimicking innocuous products available on Google Play, but features none of the promised functionality. The capabilities of the malware include redirecting users to […]
Android malware Crocodilus adds fake contacts to spoof trusted callers
The latest version of the ‘Crocodilus’ Android malware has introduced a new mechanism that adds a fake contact to an infected device’s contact list to deceive victims when they receive calls from the threat actors. This feature was introduced along with several others, mostly evasion-focused improvements, as the malware appears to have expanded its targeting […]
Russian army targeted by new Android malware hidden in mapping app
A new Android malware has been discovered hidden inside trojanized versions of the Alpine Quest mapping app, which is reportedly used by Russian soldiers as part of war zone operational planning. Attackers promote the trojanized app as a free, cracked version of the premium Alpine Quest Pro, using Telegram channels and Russian app catalogs for distribution. […]
New Crocodilus malware steals Android users’ crypto wallet keys
A newly discovered Android malware dubbed Crocodilus tricks users into providing the seed phrase for the cryptocurrency wallet using a warning to back up the key to avoid losing access. Although Crocodilus is a new banking malware, it features fully developed capabilities to take control of the device, harvest data, and remote control. Researchers at fraud prevention company […]
New Android malware uses Microsoft’s .NET MAUI to evade detection
New Android malware campaigns use Microsoft’s cross-platform framework .NET MAUI while disguising as legitimate services to evade detection. The tactic was observed by McAfee’s Mobile Research Team, a member of the App Defense Alliance dedicated to enhancing Android security. Although the apps McAfee observed target users in China and India, uncovering the attacks is important […]
Malicious Android ‘Vapor’ apps on Google Play installed 60 million times
Over 300 malicious Android applications downloaded 60 million items from Google Play acted as adware or attempted to steal credentials and credit card information. The operation was first uncovered by IAS Threat Lab, who categorized the malicious activity under the name “Vapor” and said it has been ongoing since early 2024. IAS identified 180 apps as part […]
BadBox malware disrupted on 500K infected Android devices
The BadBox Android malware botnet has been disrupted again by removing 24 malicious apps from Google Play and sinkholing communications for half a million infected devices. The BadBox botnet is a cyber-fraud operation targeting primarily low-cost Android-based devices like TV streaming boxes, tablets, smart TVs, and smartphones. These devices either come pre-loaded with the BadBox […]
New FireScam Android malware poses as RuStore app to steal data
A new Android malware named ‘FireScam’ is being distributed as a premium version of the Telegram app via phishing websites on GitHub that mimick the RuStore, Russia’s app market for mobile devices. RuStore launched in May 2022 by the Russian internet group VK (VKontakte) as an alternative to Google Play and Apple’s App Store, following […]