Mobile Security news & analysis | SC Media

Mobile Security News and Analysis l SC Media

hotel

Hotel websites infected with skimmer via supply chain attack

A Magecart card-skimming campaign this month sabotaged the mobile websites of two hotel chains by executing a supply chain attack on a third-party partner, researchers have reported. The third party in both instances was Roomleader, a Barcelona-based provider of digital marketing and web development services. One of the ways Roomleader helps hospitality companies build out…

Reports say China devised iPhone malware campaign to track Muslims; Android and Windows devices also targeted

A recently exposed malware campaign that used watering-hole attacks to target iPhone users for more than two years was reportedly part of an effort to track Uyghur Muslims based in China’s Xinjiang state. The campaign was actually broader than originally thought, and attempted to infect Android and Microsoft Windows devices as well, reports are also…

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Watering-hole attack campaign designed to infect iOS users via exploit chains

Researchers at Google’s Project Zero yesterday lifted the curtain on a long-running mobile malware operation that for years attempted to infect iOS device users with a malware implant, using exploits delivered via a small number of compromised websites. In an online blog post report, Google researcher Ian Beer did not reveal the specific websites that…

mobile security

AhMyth –based malicious app found in Google Play

A new type of Android-centric spyware has been found that is capable of avoiding Google’s app-vetting process. Malicious actors have placed the spyware in an app, called Radio Balouch, aka RB Music, which does in fact deliver on its advertised promise of playing Balouchi-style music, a traditional music that encompasses classical, semi-classical, and folk music…

AppleMalware2

iOS 12.4 update reintroduced old bug, enabling jailbreak for current devices

Apple’s latest iOS update reportedly undid a patch that was introduced in the previous release, a mistake that allowed a security researcher to publish a jailbreak for the most up-to-date version of the operating system. The unpatched vulnerability is CVE-2019-8605, an arbitrary code execution bug caused by a use-after-free condition. Working in tandem with Google…

trojanhorse_1032765

Trojanized apps containing ad fraud malware downloaded 102M times

Two related ad fraud malware programs, recently discovered in 34 trojanized Android applications, have already been downloaded roughly 102 million times from the Google Play store, researchers reported. Dubbed Android.Click.312.origin and Android.Click.313.origin, the malicious clicker trojans appear to be designed primarily to sign users up for paid premium services without their consent, according to a…

Apple to expand bug bounty program, offer researchers access to iOS, iPhones

Apple is drastically overhauling its bug bounty program, eliminating its invitation-only status, increasing its rewards, expanding it to include MacOS and other operating systems, and even agreeing to supply qualified researchers with special iPhones that are easier to probe for vulnerabilities. Apple’s head of security engineering Ivan Krstic announced these changes last week at the…

Next post in Security News