Mobile Security news & analysis | SC Media

Mobile Security News and Analysis l SC Media

WannaLocker ransomware found combined with RAT and banking trojan

Researchers are warning that a new version of WannaLocker – essentially a mobile derivative of WannaCry ransomware – has been enhanced with spyware, remote access trojan and banking trojan capabilities. Cybercriminals have been using the all-in-one malware package in a campaign targeting Brazilian banks and their Android mobile customers, according to a July 1 blog…

Cirque du Soleil app was an insecure high-wire act for show-goers, researcher says

A mobile app that was designed to enhance the experience of watching a touring Cirque du Soleil show left audience members’ devices vulnerable to an attack by others sharing the same public Wi-Fi network, according to a blog post today by researchers at ESET. The app corresponded to the show TORUK – The First Flight,…

Bouncing Golf campaign takes swing at Android users with info-stealing malware

A newly discovered cyber espionage campaign has been targeting Android users in the Middle East with malware designed to steal scores of device information, snoop on victims and potentially take over mobile devices. Known as GolfSpy, the malware is found in once-legitimate applications that have been repackaged to contain malicious code, according to a June…

trojanhorse_1032765

Google reveals actors behind Triada trojan

An analysis by Google Security on the Triada malware family found a vendor going by the name of either Yehuo or Blazefire was most likely responsible for malware that came preinstalled on some Android phones. Google’s research revealed Triada was most likely implanted on a device during the manufacturing process when the vendor opted to…

applePatch

Apple patches AirPort Base Station Firmware

Apple released several patches to addressed several vulnerabilities in its 7.9.1 update concerning its AirPort Base Station Firmware. The update is available for AirPort Extreme and AirPort Time Capsule base stations with 802.11ac. The vulnerabilities that could allow a remote attacker to leak memory, cause a denial of service, cause arbitrary code execution, not delete…

Boost Mobile breached

Boost Mobile was hit with a breach which affected an unknown number of customer accounts. “Boost.com experienced unauthorized online account activity in which an unauthorized person accessed your account through your Boost phone number and Boost.com PIN code,” the company said in a notification. “The Boost Mobile fraud team discovered the incident and was able…

A research group recently exposed a flaw in SIM cards that allows attackers to compromise devices.

‘The Community’ hacking group members charged in SIM hijacking scheme

Nine members of The Community hacking group have been charged with aggravated identity theft, conspiracy to commit wire fraud and wire fraud related to a SIM hijacking campaign designed to steal cryptocurrency. Charged by the U.S. Attorney’s Office, Eastern District of Michigan are Conor Freeman, Ricky Handschumacher, Colton Jurisic, Reyad Gafar Abbas, Garrett Endicott and…

'KorBanker' steals SMS messages, takes authentication codes in the process

Researcher uncovered passwordless database used for SMS bombing

A researcher uncovered a massive SMS Bombing Operation in a passwordless database that exposed the sensitive information of millions of users. Security researcher Bob Diachenko discovered an open and unprotected MongoDB instance containing a massive amount of data including MD5 hashed emails, first and last names, location data, IP address, phone number, mobile network carrier…

Next post in Mobile Security