Mobile Security news & analysis | SC Media

Mobile Security News and Analysis l SC Media

Facebook sues surveillance tool provider and hosts of hacking websites

Facebook this week filed a lawsuit against a reputed spyware provider that allegedly exploited a WhatsApp vulnerability to enable smartphone hacking, and also pursued legal action against the domain hosts of multiple websites that allegedly offer tools for hacking the social network. On Tuesday, Facebook and its encrypted messaging subsidiary WhatApp filed a complaint against…

Xhelper ad dropper adds to its list of victims

There has been a surge in activity surrounding the Xhelper Android ad dropper, with more than 45,000 devices being infected since the malware made its first appearance six months ago. In the past month an average of 131 devices were infected each day, with about 2,400 devices persistently infected throughout the month. The malware mostly…

iPhone jailbreakers lured to click fraud site

A cybergang has created a malicious website that dangles the reward of being able to jailbreak an iPhone, but instead injects the device with click fraud malware. The threat actors use the legitimate Checkm8 vulnerability, which does allow some legacy iOS devices to be jailbroken, as the basis for their program, reported Cisco Talos researchers…

mobile security

Kernel privilege escalation bug actively exploited in Android devices

Researchers have discovered a zero-day kernel privilege escalation bug that can result in the full compromise of certain Android devices and is apparently being exploited in the wild. Devices known to be affected by the high-level, use-after-free vulnerability include the Pixel 1, 1X:, 2 and 2 XL; the Huawei P20; the Xiaomi Redmi 5A; the…

Criminals’ security lapses enable discovery of Geost mobile banking trojan

Thanks in no small part to the perpetrators’ own sloppy operational security, researchers have uncovered a large Android banking trojan scheme that may have impacted hundreds of millions of Russians. Dubbed Geost, the malware is distributed via a malicious cybercriminal botnet operation consisting of 13 command-and-control servers and more than 140 malicious domains, according to…

New checkm8 exploit can jailbreak millions of iOS devices

An independent researcher who goes by the Twitter handle axi0mX has discovered and published an iOS jailbreak exploit that applies to hundreds of millions of devices and cannot be patched. Named checkm8, the exploit leverages a race condition vulnerability found in the bootrom, a read-only memory chip that contains the first code that initially loads…

Apple updates software, fixes flaw affecting third-party keyboard apps

Apple last week released a series of software updates that repaired vulnerabilities in iOS, iPadOS, macOS Mojave, macOS High Sierra, macOS Sierra, watchOS, tvOS, Apple TV Software and Safari. This included a fix for an iOS/iPadOS flaw that, due to improper sandbox restrictions, can grant third-party keyboard extensions full access to iPhone, iPad and iPod…

Next post in Security News