Mobile Security news & analysis | SC Media

Mobile Security News and Analysis l SC Media

trojanhorse_1032765

Trojanized apps containing ad fraud malware downloaded 102M times

Two related ad fraud malware programs, recently discovered in 34 trojanized Android applications, have already been downloaded roughly 102 million times from the Google Play store, researchers reported. Dubbed Android.Click.312.origin and Android.Click.313.origin, the malicious clicker trojans appear to be designed primarily to sign users up for paid premium services without their consent, according to a…

Apple to expand bug bounty program, offer researchers access to iOS, iPhones

Apple is drastically overhauling its bug bounty program, eliminating its invitation-only status, increasing its rewards, expanding it to include MacOS and other operating systems, and even agreeing to supply qualified researchers with special iPhones that are easier to probe for vulnerabilities. Apple’s head of security engineering Ivan Krstic announced these changes last week at the…

Flawed, but promising, Android ransomware uncovered

Researchers have come across a new Android ransomware family, nicknamed Android/Filecoder.C. that uses victims’ contact lists in an attempt to spread through SMS texts containing malicious links. According to ESET, Android/Filecoder.C. is poorly constructed and uses an encryption method that can be defeated without using the decryptor keys. However, the malicious actors did not get…

Sophisticated Android spyware toolset ‘Monokle’ linked to sanctioned Russian defense contractor

A company that was sanctioned by the U.S. government for allegedly helping Russia interfere with the 2016 elections has developed an advanced set of offensive spyware tools with functionality that researchers claim they have never before witnessed in real-life attack campaigns. Dubbed Monokle, the spyware toolset was actually developed as far back as 2015, according…

Researchers devise method to track Bluetooth devices, despite built-in protections

Researchers from Boston University (BU) have discovered a way to circumvent anonymization protections on Bluetooth Low Energy devices, allowing potentially malicious actors to passively track the movements of these devices and their users. BLE devices rely on non-encrypted advertising messages to signal their availability to other devices to pair up. To prevent third-party actors from…

Inconvenience stores: Thieves steal $500K from users of 7-Eleven Japan’s new payment app

Convenience chain 7-Eleven Japan has suspended a brand new mobile cashless payment service after an authorized third party accessed approximately 900 user accounts and made fraudulent charges totally 55 million yen, or roughly $500,000 dollars. The service, 7pay, reportedly had only been launched three days earlier, and allows participating customers to automatically charge purchased goods…

WannaLocker ransomware found combined with RAT and banking trojan

Researchers are warning that a new version of WannaLocker – essentially a mobile derivative of WannaCry ransomware – has been enhanced with spyware, remote access trojan and banking trojan capabilities. Cybercriminals have been using the all-in-one malware package in a campaign targeting Brazilian banks and their Android mobile customers, according to a July 1 blog…

Cirque du Soleil app was an insecure high-wire act for show-goers, researcher says

A mobile app that was designed to enhance the experience of watching a touring Cirque du Soleil show left audience members’ devices vulnerable to an attack by others sharing the same public Wi-Fi network, according to a blog post today by researchers at ESET. The app corresponded to the show TORUK – The First Flight,…

Next post in Application Security