Mobile Security News, Articles and Updates

EFF, Look out uncover Dark Caracal spy group

A new threat actor named Dark Caracal and operating out of a building operated by the Lebanese e General Directorate of General Security (GDGS) has been fingered by Lookout and the Electronic Frontier Foundation (EFF) as being behind cyberattacks hitting thousands of victims in more than 20 nations worldwide.

Not-so-super Sonic? Sega apps leak data to suspicious servers, says research lab

Three Sonic the Hedgehog games for Android devices that collectively have been downloaded well over a hundred million times are reportedly leaking users' geolocation and device data to uncertified servers, thereby posing a privacy threat.

Malicious 'ChaiOS' link can crash Apple devices

A quirky bug in Apple's Messages application is allowing a malicious GitHub link to cause crashes and other bothersome behavior on both macOS and iOS machines.

AdultSwine malware helps porn ads and scams invade children's apps

Cybercriminals have been spiking game apps, including several aimed at children, with malware that displays pornographic ads, pushes fake security apps, and registers users for premium services with permission.

FakeBank malware accesses sensitive SMS banking messages

A newly discovered mobile malware program that primarily targets Russian banking customers can take over victims' SMS capabilities, allowing cybercriminals to intercept text messages that contain bank security codes, and then use those codes to reset bank account passwords.

Researchers believe malicious Android app written in Kotlin code may be a first

Researchers have discovered a fake utility app called Swift Cleaner that they believe may be the first Android mobile malware developed using the open-source Kotlin programming language.

New adware found in fake Flashlight apps with dark intentions

A newly discovered mobile adware program called LightsOut was recently observed in numerous fake Android flashlight applications, reportedly prompting their removal from the Google Play Store.

White House bans personal mobile devices belonging to staff, guests

White House Press Secretary Sarah Huckabee Sanders said the ban is intended to bolster security.

36 malicious apps advertised as security tools spotted in Google Play

Trend Micro researchers notified Google of a total of 36 malicious apps on Google Play posing as security tools.

Privacy of location tracking device owners threatened by 'Trackmageddon' flaws

A slew of online services used to manage GPS- and GSM-based location tracking devices have been found vulnerable to flaws that could allow attackers to hijack these devices and reveal their owners' past and current locations.

Smartphone sensors exploited to steal login PINs

Nanyang Technological University researchers developed a technique to leverage a phones sensors to guess a user's PIN code.

John McAfee's Twitter and phone hacked to promote cryptocurrencies

John McAfee is warning users that anyone can be hacked after someone allegedly broke into his Twitter account to promote cryptocurrency investments.

Report: Internet-Connected Speakers Can Lead to a Broken Record

Music lovers connected to wireless, Internet-connected Sonos speakers beware that their audio systems could have been unwittingly usurped for nefarious purposes, according to a new report from Trend Micro.

New Jersey State Police spent $850,000 on Harris Corp. stingray devices

Information obtained via right-to-know request revealed The New Jersey State Police spent at least $850,000 on stingray devices from Harris Corp.

Migos' Offset iCloud hacked, nude images of fiancé Cardi B leaked

Rapper Cardi B is threatening legal action after hackers broke into her fiancé Offset's iCloud account to steal nude images of the female rapper.

Spanish research tool probes smartphone electromagnetic emissions for encryption keys

Spanish researchers are developing a tool that will scan smartphones for 'electromagnetic emanations' that could be used to obtain encryption keys as part of an attack.

Jack of all trades Loapi Android trojan hosts an array of threats

An Android trojan has been described as a jack of all trades due to its complicated modular architecture.

Threat group APT-C-23 still active, releases GnatSpy mobile malware

A new mobile malware family, dubbed GnatSpy, that may be a much more dangerous variant of the earlier VAMP malware, has been reported in the wild.

Apple addresses KRACK exploits in AirPort Base Station firmware

Apple has continued to roll out patches to fix the KRACK (Key Reinstallation AttaCKs) series of vulnerabilities, this time in its AirPort Base Station firmware.

Banking trojans sneak into Google Play again

Banking trojans have once again made their way past Google Play's security mechanisms, this time to target the Polish Financial sector.

Janus Android exploit allows attacker to issue their own 'updates' to legitimate apps

A recently patched Android bug dubbed "Janus" allows an attacker to distribute their own updates for the legitimate apps

BlackBerry pitches connected car security recommendations, self-driving truck huge cybercrime target

As our cars become more connected and our society moves closer to wide spread autonomous driving, companies are calling for national standards to secure devices.

Apple releases security updates for multiple products

Apple released security updates to patch vulnerabilities in its iOS, mac OS, tvOS and watchOS platforms.

Newly created tool spots TLS vulnerability in major banking and VPN apps

Eight banking apps and one virtual private app were found to contain a hidden vulnerability in their TLS protections, which can be exploited to perform MITM attacks, according to academic researchers who created a new black-box tool capable of detecting the flaw.

Study: 90 percent of top cryptocurrency apps carry security and privacy risks

A study of 90 cryptocurrency mobile applications available on Google Play found that 90 percent of them contain security vulnerabilities or privacy risks.

Tizi spyware made it into Google Play store

Google is warning users of a socially engineered spyware named Tizi that that looks to steal sensitive data from popular social media sites including WhatsApp, Skype, and Viber.

Fake WhatsApp update on Google Play promoted malware disguised as game

A fake WhatsApp application that was downloaded one million times from the Google Play Store was observed advertising a malicious game app that infects users with secondary malware capable of click fraud, data extraction, and SMS surveillance.