mobile
New Ghost Tap attack abuses NFC mobile payments to steal money
Cybercriminals have devised a novel method to cash out from stolen credit card details linked to mobile payment systems such as Apple Pay and Google Pay, dubbed ‘Ghost Tap,’ which relays NFC card data to money mules worldwide. The tactic builds upon the methods previously deployed by mobile malware like NGate, documented by ESET in August, […]
Brave on iOS adds new “Shred” button to wipe site-specific data
Brave Browser 1.71 for iOS introduces a new privacy-focused feature called “Shred,” which allows users to easily delete site-specific mobile browsing data. Many sites use first-party cookies for paywall systems and usage limits, which technically enables user tracking across sessions and makes this data susceptible to sharing with third parties. Brave’s new Shred feature works […]
Android malware “FakeCall” now reroutes bank calls to attackers
A new version of the FakeCall malware for Android hijacks outgoing calls from a user to their bank, redirecting them to the attacker’s phone number instead. The goal of the latest version remains to steal people’s sensitive information and money from their bank accounts. FakeCall (or FakeCalls) is a banking trojan with a focus on […]
WhatsApp now encrypts contact databases for privacy-preserving synching
The WhatsApp messenger platform has introduced Identity Proof Linked Storage (IPLS), a new privacy-preserving encrypted storage system designed for contact management. The new system solves two long-standing problems WhatsApp users have been dealing with for years, namely the risk of losing their contact lists if they lose their phone and the inability to sync contacts between different […]
AWS, Azure auth keys found in Android and iOS apps used by millions
Multiple popular mobile applications for iOS and Android come with hardcoded, unencrypted credentials for cloud services like Amazon Web Services (AWS) and Microsoft Azure Blob Storage, exposing user data and source code to security breaches. Exposing this type of credentials can easily lead to unauthorized access to storage buckets and databases with sensitive user data. Apart from […]
Over 200 malicious apps on Google Play downloaded millions of times
Google Play, the official store for Android, distributed over a period of one year more than 200 malicious applications, which cumulatively counted nearly eight million downloads. The data was collected between June 2023 and April 2024 by threat intelligence researchers at Zscaler, who identified and analyzed malware families both on Google Play and other distribution platforms. […]
Qualcomm patches high-severity zero-day exploited in attacks
Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets. The security flaw (CVE-2024-43047) was reported by Google Project Zero’s Seth Jenkins and Amnesty International Security Lab’s Conghui Wang, and it is caused by a use-after-free weakness that can lead to memory corruption when […]
Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault
Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenarios. The new ‘Important Scenario Vulnerability Program (ISVP)’ program focuses on vulnerabilities related to arbitrary code execution, the unlocking of devices, data extraction, arbitrary application installation, and bypassing device protections. Highlighted payouts […]
New LianSpy malware hides by blocking Android security feature
A previously undocumented Android malware named ‘LightSpy’ has been discovered targeting Russian users, posing on phones as an Alipay app or a system service to evade detection. Analysis shows that LianSpy has been actively targeting Android users since July 2021, but its extensive stealth capabilities helped it remain undetected for over three years. Kaspersky researchers […]
Massive SMS stealer campaign infects Android devices in 113 countries
A malicious campaign targeting Android devices worldwide utilizes thousands of Telegram bots to infect devices with SMS-stealing malware and steal one-time 2FA passwords (OTPs) for over 600 services. Zimperium researchers discovered the operation and have been tracking it since February 2022. They report finding at least 107,000 distinct malware samples associated with the campaign. The cybercriminals are motivated […]