China-linked threat actor GREF has leveraged trojanized Telegram and Signal messaging apps available in the Google Play Store and Samsung Galaxy Store to facilitate the delivery of BadBazaar spyware, according to The Hacker News.
Android device users in the U.S., Germany, and Poland have been primarily impacted by the BadBazaar spyware campaign using the FlyGram and Signal Plus Messenger apps, which commenced in July 2022, a report from ESET revealed.
Aside from exfiltrating enabling sensitive user data exfiltration, both trojanized apps infiltrate backups and PINs. Further examination showed that FlyGram also bypasses analysis through SSL pining, while Signal Plus Messenger allows attackers to connect impacted devices with their Signal account.
"BadBazaar's main purpose is to exfiltrate device information, the contact list, call logs, and the list of installed apps, and to conduct espionage on Signal messages by secretly linking the victim's Signal Plus Messenger app to the attacker's device," said researcher Lukas Stefanko.
Google announced at the Google I/O 2024 conference that several new security and privacy enhancements are set to roll out for Android, including on-device live threat detection for identifying malicious apps, improved safeguards for screen sharing, and enhanced security against cell site simulators, TechCrunch reports.
The botnet malware tracked as Ebury has steadily expanded over the past decade, having compromised over 400,000 hosts since 2009, with about 100,000 still-infected systems identified by the end of 2023, according to SecurityWeek.
The Department of Defense will evaluate the cybersecurity of mobile devices used by analysts and servicemembers as mandated in the draft text of the 2025 National Defense Authorization Act, Nextgov/FCW reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news