URL address spoofing flaw keeps mobile victims from determining fake, real sites
If left unpatched, mobile browsers could direct to a fraudulent website where attackers steal account credentials and credit card information.
About SC Media
Mobile Security News and Analysis l SC Media
Apple to send research phones to trusted hackers
Apple on Wednesday officially launched its iOS Security Research Device (SRD) program — a significant milestone for the white-hat hacker community, which has made significant strides in recent years gaining the trust of software developers, tech manufacturers and website operators that previously were reluctant to work with outsiders on security issues. Under the terms of…
Huawei ban driven by security, trade considerations
The recent U.K. ban on the use of Huawei technology in its 5G wireless network is likely as much about salvaging the deteriorating U.S.-U.K. Sino relationship and restoring trade normalcy as it is about security. “There are clearly legitimate security concerns around Huawei, particularly given that as a result of the trade ban, equipment will…
Is TikTok out of time? Experts mull implications of ban
Edicts by Wells Fargo, India and the U.S. military forbidding use of popular Chinese video-sharing app TikTok, may portend a national ban and raise questions if such a prohibition would be practical and enforceable, and what the greater implications would be. Owned by Beijing-based internet technology company ByteDance, TikTok has been downloaded more than 2…
Report accuses China of extensive mobile spyware use to track ethnic minority group
A new blog post and research report from the Lookout Threat Intelligence Team has exposed the lengths to which a reputed Chinese government-sponsored APT operation has allegedly gone to track the country’s Uyghur minority population, including the trojanization of mobile apps with surveillanceware. Lookout details four spyware families — SilkBean, DoubleAgent, CarbonSteal and GoldenEagle —…
Glupteba malware leverages blockchain as a communications channel
Glupteba malware does something novel: It uses the bitcoin blockchain as a communications channel to receive updated configuration information. That’s important because malware always needs a way to go back to its home base, preferably without being detected, according to a paper released this week by Sophos Labs researchers. The new form of malware sprinkles…
Mobile ransomware disguised as upcoming Canadian Covid-19 contact tracing app
Capitalizing on a Canadian government announcement pertaining to the development of a nationwide, voluntary Covid-19 contact tracing app, malicious actors this month created a fake version of such an app that in reality infects Android users with mobile ransomware. According to a new blog post from ESET, the ransomware, dubbed CryCryptor, was found being distributed…
Amnesty Int’l: Norway, Bahrain & Kuwait Covid-19 apps threaten privacy
An Amnesty International study of 11 Covid-19 contact tracing apps from Europe, the Middle East and North Africa found identified apps from Bahrain, Kuwait and Norway as the most dangerous to users’ privacy. In a news release published on Tuesday, the human rights organization’s Security Lab said Bahrain’s ‘BeAware Bahrain’, Kuwait’s ‘Shlonik’ and Norway’s ‘Smittestopp’…
Malware found in popular barcode apps produces ads that instantly vanish
A pair of Android barcode reader apps that were downloaded more than 1 million times were found to contain ad fraud malware that tries to stay hidden by generating advertisements that instantly disappear from view. The malware, detected as AndroidOS_HiddenAd.HRXJA, can operate in the background even when infected devices aren’t actively being used, and it…
Apple patches iOS jailbreak vulnerability
Apple this week issued a new security update that addresses a zero-day vulnerability enabling iOS users to jailbreak their devices. The company has patched CVE-2020-9859, a memory consumption issue that can result in arbitrary code execution with kernel privileges. The fix was made in iOS 13.5.1 and iPadOS 13.5.1 for iPhone 6s and later, iPad…
Want to read more?
Next post in Mobile Security
