Mobile Security | SC Media

Mobile Security

Android apps with scores of downloads serve up annoying ads, unwanted subscriptions

Hundreds of millions of Android devices have potentially been compromised by malicious adware and ad fraud apps that on the surface appear to offer harmless services such as selfie filters, weather forecasts or VPN security, according to a trio of recently released research reports. Late last week, researchers at mobile security company Wandera reported finding…

Tricks of the trade: Mac malware impersonates trading app

Researchers have uncovered two variants of information-stealing Mac malware that impersonates a legitimate stocks and cryptocurrency trading application. The two variants, identified by Trend Micro as Trojan.MacOS.GMERA.A and Trojan.MacOS.GMERA.B, both include a copy of Stockfolio version 1.4.13, along with the malware author’s digital certificate and various malicious components. The first variant’s components include a Mach-O…

hotel

Hotel websites infected with skimmer via supply chain attack

A Magecart card-skimming campaign this month sabotaged the mobile websites of two hotel chains by executing a supply chain attack on a third-party partner, researchers have reported. The third party in both instances was Roomleader, a Barcelona-based provider of digital marketing and web development services. One of the ways Roomleader helps hospitality companies build out…

Holy cybercrime, Batman! Joker malware commits ad fraud, data theft

Two dozen apps that collectively generated over 472,000 downloads from the Google Play store were found to be infected with a new Android malware called Joker, which delivers a payload that perpetrates both ad fraud and data theft, a research firm has reported. Joker’s second-stage malware is a .dex (Dalvik Executable) file capable of stealing…

Brazil

BRATA malware targeting Brazilian Android devices

First there was Brangelina, TomKat and Bennifer and now Kaspersky has presented the world with BRATA, or Brazilian RAT Android. BRATA is not a power celebrity couple, but is a relatively new Android remote access tool family that, at least so far, has exclusively targeted Brazilians using Android 5.0 or higher, according to Kaspersky’s GReAT…

Reports say China devised iPhone malware campaign to track Muslims; Android and Windows devices also targeted

A recently exposed malware campaign that used watering-hole attacks to target iPhone users for more than two years was reportedly part of an effort to track Uyghur Muslims based in China’s Xinjiang state. The campaign was actually broader than originally thought, and attempted to infect Android and Microsoft Windows devices as well, reports are also…

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Watering-hole attack campaign designed to infect iOS users via exploit chains

Researchers at Google’s Project Zero yesterday lifted the curtain on a long-running mobile malware operation that for years attempted to infect iOS device users with a malware implant, using exploits delivered via a small number of compromised websites. In an online blog post report, Google researcher Ian Beer did not reveal the specific websites that…

applePatch

Apple issues supplemental security updates

Apple has released updates for four of its operating systems including iOS and tvOS. The patch for iOS 12.4.1 iPhone 5s and later, iPad Air and later, and iPod touch 6th generation and fixes a vulnerability, CVE-2019-8605, where a malicious application may be able to execute arbitrary code with system privileges. The update for macOS…

AppleMalware2

iOS 12.4 update reintroduced old bug, enabling jailbreak for current devices

Apple’s latest iOS update reportedly undid a patch that was introduced in the previous release, a mistake that allowed a security researcher to publish a jailbreak for the most up-to-date version of the operating system. The unpatched vulnerability is CVE-2019-8605, an arbitrary code execution bug caused by a use-after-free condition. Working in tandem with Google…

Next post in Mobile Security