Mobile Security news & analysis | SC Media

Mobile Security News and Analysis l SC Media

Google Keystore feature looks to improve Android Pie security

By

Google is boosting Android Key security for mobile apps with new Keystore features to improve the safety of devices running Android Pie. The Android Keystore provides application developers with cryptographic tools designed to secure user data and Android Pie is introducing new capabilities to Keystore to enable restrictions on key use and to secure key…

Google updates Chrome for desktop, Android

By

Google yesterday issued a stable channel update for the desktop version of its Chrome browser for Windows, Mac and Linux, addressing a high-level vulnerability in the process. The bug, CVE-2018-17481, is a use after free flaw in PDFium that was originally repaired in an earlier Chrome release. However, yesterday’s update to version 71.0.3578.98 introduces additional…

Android trojan scams PayPal users into giving up 2FA credentials

By

ESET has come across an Android trojan capable of defeating the multifactor authentication required to access the official PayPal app. Multifactor authentication (2FA) has become a keystone for many organizations and individuals attempting to secure their data, but one cybergang has created an app masquerading as a battery optimization tool in third-party Android stores that…

Syrian Electronic Army claims it obtained U.S. Central Command docs via hack

Researchers: Syrian Electronic Army targeting secure messaging app users with spyware

By

The Syrian Electronic Army hacker group has reportedly been investing heavily in a scheme to infect Android device users with a spyware tool hidden inside fake app updates. Known for its ardent support of Syrian President Bashar al-Assad, the threat group is targeting in particular  users of secure messaging apps such as WhatsApp and Telegram. The SEA is…

The Chaos Computer Club (CCC) became the first group to bypass Apple's Touch ID.

Fake fitness apps steal money using Apple’s Touch ID feature

By

Apple has removed a pair of fake fitness apps from its App Store after they tricked users into making expensive purchases via the Touch ID biometrics feature. Named the “Fitness Balance app” and “Calories Tracker app,” the two malicious programs cleverly instruct victims to scan their fingerprints in order to view their personalized calorie tracker and…

Automakers pen 'privacy principles' for in-car technology

Taken for a ride: Malicious driving game apps installed half a million times

By

A malicious actor recently smuggled 13 malicious apps disguised as driving simulator games into Google Play, resulting in more than 560,000 installations before they were removed. Each of the sketchy apps was found to download and launch in the background an additional malicious APK, titled “Game Center.” This APK hides its own icon and displays ads…

Privilege escalation bug patched in Accelerated Mobile Pages WordPress plug-in

By

A WordPress plug-in used to build faster-loading web pages was discovered to contain a privilege escalation vulnerability that allows unauthorized attackers to inject malicious HTML code into the main page. In a company blog post yesterday, researchers at WebARX disclosed the bug, which resides in the “MP for WP – Accelerated Mobile Pages” plug-in. The…

Google’s first Android security transparency report highlights dangers of third-party app stores

By

Android users who download from Google Play are less likely to install potentially harmful apps than those who download from unofficial third-party stores, according to the inaugural edition of Google’s quarterly Android Ecosystem Security Transparency Report. The data published in the online report last Thursday was collected from users who enabled the Google Play Protect…

A flaw that allowed users to break through the passcode screen was eliminated in iOS 7.0.2.

Group FaceTime for iOS exposes users’ full contact info

By

A researcher has apparently found a way to exploit the new Group FaceTime feature in iOS 12.1 in order to access iPhone users’ contact information. The Hacker News has reported that Spanish researcher Jose Rodriguez made the discovery just hours after the release of version 12.1 last Oct. 31, and subsequently created a video of his…

Spyware disguised as Spanish banking apps removed from Google Play

By

A spyware program fraudulently disguised as a Spanish-language banking app was found last month collecting users’ device data and messages, which were later leveraged in smishing schemes. Advertised as “Movil Secure,” the fake app pretends to be associated with multinational Spanish banking group Banco Bilbao Vizcaya Argentaria (BBVA). Published on Oct. 19, the app was discovered by Trend…

Next post in Cybercrime