Mobile Security News, Articles and Updates

Variant of Marcher Android malware poses as Flash Player update

Developers of the Android banking malware Marcher are now disguising the trojan as an Adobe Flash Player update, the cloud security company Zscaler has reported in a Thursday blog post.

Samsung left millions at risk by not renewing domain, patches Magician

Samsung Magician recently patched a flaw which could allow an attacker to execute arbitrary code but a separate flaw may have left millions at risk all because of an renewed domain.

Mobile device hackers step up their game with chain attacks

Cybercriminals have moved to a new level when attacking mobile devices replacing their simplistic attack methods with sophisticated and stealthier models that now use chain attacks instead of one of the older one-trick pony hacks that simply tried to elevate privileges, according to Checkpoint.

Google ups reward for Android bugs to $200K

Google has pumped up its Android Security Rewards program, with as much as $200,000 being granted for its top prize.

Data incident at Stephenville Medical & Surgical Clinic in Texas

An unnamed employee in the Medical Records Department mistakenly sent a spreadsheet containing data on former patients.

Trump's cellphone calls may be heard by more people than just other world leaders

Security around the president's cellphone communications was tighter during the Obama administration when the then-leader had to relinquish certain apps on his Blackberry and access to his number restricted to just a few people.

Judy in Disguise: Mobile malware posing as Android apps downloaded up to 36.5M times

A pair of campaigns designed to spread ad fraud malware through supposedly innocuous Android applications generated between 8.5 million and 36.5 million downloads before Google removed the apps from its online store.

Samsung Galaxy S8 iris scanner hacked with simple cheat

Chaos Computer Club hackers have found a way to cheat biometric verification on Samsung Galaxy S8

Google adds more security with Play Protect app

Google will roll out a new security tool called Google Play Protect over the next few weeks to all Android users.

Worth it? Android users make $0.05 profit infecting themselves with Ztorg trojan

A malware operation reportedly has been tricking millions of Android device owners into infecting themselves with the Ztorg rootkit trojan by enticing them with offers from ad networks and apps that pay users for installing content.

Unraveling mobile banking malware, Check Point

Banking malware targeting mobile users requires little tech know-how to develop and operate, so it stands as a recurrent battle for security professionals.

Scam found pushing unwanted apps that can intercept texts

A new scam has been spotted that uses legitimate porn sites to spread potentially unwanted apps.

WhatsApp scam offers free Netflix, but steals info and commits SMS fraud

WhatsApp users are receiving scam messages from trusted sources, offering free Netflix access for a year if they pass on a link to 10 of their contacts.

Report: WhatsApp began encrypting back-ups to iCloud Drive in late 2016

WhatsApp added another layer of protection for users in late 2016, quietly introducing a new feature that encrypts messages and contacts when uploading this data to Apple's iCloud servers, according to a Forbes report.

Android 'O' will reportedly fix dangerous permissions flaw exposing users to attacks

A flaw in Google Android's security mechanisms reportedly exposes users to ransomware, banking malware and adware attacks, but Google is apparently addressing the issue in its upcoming version of the OS, Android O.

Pickpockets and hackers, the latest cybercrime marriage

A Trend Micro researcher may have stumbled across a new alliance in place between petty criminals and their more sophisticated cyber cousins that could prove mutually beneficial.

FalseGuide malware hits 600K devices via botnet on Google Play

A new strain of malware was detected on Google Play that mobile threat researchers at Check Point dubbed FalseGuide and said was hidden in more than 40 guide apps for games.

Met Police officer buys malware that monitors messages, calls and more

A London police officer has purchased malware for mobile phones and computers that can intercept calls, emails and more.

Fake Super Mario Run App Steals Credit Card Information

Dozens of malicious Android apps claiming to be the mobile game Super Mario Run have been detected by researchers at Trend Micro.

SMSVova spyware downloaded millions of times from Google Play store since 2014

A spyware program disguised as an app that dispenses Android updates was downloaded between 1 and 5 million times before being pulled from Google's official U.S. Play Store, according to researchers at Zscaler.

Updated Microsoft Authenticator simplifies secure log-ins on Android, iOS phones

A new, simplified two-factor verification sign-in feature for phones that eliminates the need for passwords or one-time code entries is now officially available for Microsoft account-holders.

Details on 1.7M Snapchat users allegedly posted in India

Snapchat CEO Evan Spiegel might want to tone down his comments while discussing the target demographic for his app.

FDA warns Abbott on cybersecurity woes with St. Jude heart devices

In addition to a serious battery depletion problem, the FDA said Abbott hadn't incorporated recommendations into its cybersecurity risk assessment plan.

New Android OS blocks some ransomware

Google's latest iteration of its mobile operating system for Android devices, Android O, helps block some ransomware.

App vulnerability could burn Aga oven owners

Aga oven owners could have been left scratching their heads over why their food did not cook properly if not for a researcher at Pen Test Partners.

Miley Cyrus, Rosario Dawson and Suki Waterhouse claimed by Celebgate 2.0

Miley Cyrus, Rosario Dawson and Suki Waterhouse have joined the ranks of Celebgate victims.

Side-channel attack technique steals PINs by analyzing smart device sensor readings

Researchers in the UK have uncovered a technique for malicious websites to spy on smart device owners and even decipher their screen touches and PIN number entries by secretly monitoring their devices' sensor data.