Mobile Security news & analysis | SC Media

Mobile Security News and Analysis l SC Media

WhatsApp malicious video hoax reportedly makes comeback

By

An old hoax targeting WhatsApp users has reportedly reemerged, attempting to scare users by falsely warning them not to download a supposed video that contains dangerous malware. The fake notification, which pops up up on WhatsApp’s instant message feature, advises users to be on the lookout for a malicious video titled “Martinelli”. However, no such…

Google Keystore feature looks to improve Android Pie security

By

Google is boosting Android Key security for mobile apps with new Keystore features to improve the safety of devices running Android Pie. The Android Keystore provides application developers with cryptographic tools designed to secure user data and Android Pie is introducing new capabilities to Keystore to enable restrictions on key use and to secure key…

Google updates Chrome for desktop, Android

By

Google yesterday issued a stable channel update for the desktop version of its Chrome browser for Windows, Mac and Linux, addressing a high-level vulnerability in the process. The bug, CVE-2018-17481, is a use after free flaw in PDFium that was originally repaired in an earlier Chrome release. However, yesterday’s update to version 71.0.3578.98 introduces additional…

Android trojan scams PayPal users into giving up 2FA credentials

By

ESET has come across an Android trojan capable of defeating the multifactor authentication required to access the official PayPal app. Multifactor authentication (2FA) has become a keystone for many organizations and individuals attempting to secure their data, but one cybergang has created an app masquerading as a battery optimization tool in third-party Android stores that…

Syrian Electronic Army claims it obtained U.S. Central Command docs via hack

Researchers: Syrian Electronic Army targeting secure messaging app users with spyware

By

The Syrian Electronic Army hacker group has reportedly been investing heavily in a scheme to infect Android device users with a spyware tool hidden inside fake app updates. Known for its ardent support of Syrian President Bashar al-Assad, the threat group is targeting in particular  users of secure messaging apps such as WhatsApp and Telegram. The SEA is…

The Chaos Computer Club (CCC) became the first group to bypass Apple's Touch ID.

Fake fitness apps steal money using Apple’s Touch ID feature

By

Apple has removed a pair of fake fitness apps from its App Store after they tricked users into making expensive purchases via the Touch ID biometrics feature. Named the “Fitness Balance app” and “Calories Tracker app,” the two malicious programs cleverly instruct victims to scan their fingerprints in order to view their personalized calorie tracker and…

Automakers pen 'privacy principles' for in-car technology

Taken for a ride: Malicious driving game apps installed half a million times

By

A malicious actor recently smuggled 13 malicious apps disguised as driving simulator games into Google Play, resulting in more than 560,000 installations before they were removed. Each of the sketchy apps was found to download and launch in the background an additional malicious APK, titled “Game Center.” This APK hides its own icon and displays ads…

Privilege escalation bug patched in Accelerated Mobile Pages WordPress plug-in

By

A WordPress plug-in used to build faster-loading web pages was discovered to contain a privilege escalation vulnerability that allows unauthorized attackers to inject malicious HTML code into the main page. In a company blog post yesterday, researchers at WebARX disclosed the bug, which resides in the “MP for WP – Accelerated Mobile Pages” plug-in. The…

Next post in Mobile Security