Mobile Security | SC Media

Mobile Security

High-volume eGobbler malvertising campaign exploits zero-day Chrome bug

A malicious actor has been leveraging a Google Chrome browser exploit to deliver malvertisements to iOS users, including a campaign earlier this month during which 500 million user sessions were exposed to a session hijacking attack. Dubbed eGobbler by researchers at Confiant, the threat actor from April 6-10 ran a massive operation consisting of eight…

Three apps claiming to improve Instagram exposed as an insta-scam

A trio of Android applications that supposedly helped Instagram account owners increase likes and followers, boost security and improve the overall user experience were actually stealing their usernames and passwords, Malwarebytes has reported. The apps, which were designed to target users based in Iran, had been available for download via the Google Play store as…

Zeus-in-the-mobile variant uses security firm's name to gain victims' trust

Massive SIM swap fraud leaves traditional 2FA users at risk

As two-factor authentication becomes more popular, threat actors have proven once again how this security feature can be exploited if not implemented properly. Kaspersky researchers uncovered large-scale SIM swap fraud operations targeting users in both the Portugese-speaking nations of Brazil and Mozambique were able to use social engineering, bribery,  and simple phishing attacks to ultimately…

Possible link discovered that ties together Wi-Fi routers with backdoors

Verizon FIOS, TP Link patch major vulnerabilities in routers

Researchers have revealed that certain Verizon and TP Link routers have severe vulnerabilities that that could lead to remote command injection in the former and a zero-day attack on the latter. Tenable Research found three vulnerabilities in Verizon’s Fios Quantum Gateway routers, which are supplied to almost every new Verizon Fios customer, while IBM Security…

Security update removes hard-coded credentials from MyCar Controls app

Motor vehicle technology and equipment provider AutoMobility Distribution Inc. has updated its MyCar Controls telematics mobile application for iOS and Android in order to eliminate the use of insecure hard-coded credentials. The MyCar app offers geolocation services as well as remote start/stop and lock/unlock capabilities to vehicles that come with a compatible remote start unit.…

Reports: Israeli officials’ devices hacked; data possessed by Iran

Hackers stole information from former Israeli prime minister Ehud Barak’s computer and phone months ago and sold it to Iran, according to multiple news outlets, citing a TV report by Israel’s Channel 12 this past weekend. The news reportedly broke several days after a separate Channel 12 story that said Iranian intelligence directly hacked the…

Malicious SDK installs SimBad adware on apps downloaded millions of times

The developers of 210 mobile applications found on the Google Play Store were apparently tricked into building their programs using a malicious software developer kit that secretly implanted adware in their apps. The apps, many of which were packaged as driving or racing simulator games, were downloaded nearly 150 million times by Android device users,…

iphone

Facebook phishing campaign hitting iOS users

A new phishing campaign targeting mainly iOS users asking them to login in with their Facebook account and give away their credentials. The report by Myki said the attackers create fake copies of legitimate sites to attract victims. The victim is then asked to login in using his or her social media credentials, like Facebook.…

Next post in Phishing