Lucene search
K

169 matches found

Krebs on Security
Krebs on Security
added 2023/08/03 11:22 a.m.30 views

How Malicious Android Apps Slip Into Disguise

Researchers say mobile malware purveyors have been abusing a bug in the Google Android platform that lets them sneak malicious code into mobile apps and evade security scanning tools. Google says it has updated its app malware detection mechanisms in response to the new research. At issue is a...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/04 9:58 a.m.17 views

Mexico-Based Hacker Targets Global Banks with Android Malware

An e-crime actor of Mexican provenance has been linked to an Android mobile malware campaign targeting financial institutions globally, but with a specific focus on Spanish and Chilean banks, from June 2021 to April 2023. The activity is being attributed to an actor codenamed NeoNet, according to...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/20 5:5 a.m.30 views

Rogue Android Apps Target Pakistani Individuals in Sophisticated Espionage Campaign

Individuals in the Pakistan region have been targeted using two rogue Android apps available on the Google Play Store as part of a new targeted campaign. Cybersecurity firm Cyfirma attributed the campaign with moderate confidence to a threat actor known as DoNot Team, which is also tracked as...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/20 5:5 a.m.3 views

Rogue Android Apps Target Pakistani Individuals in Sophisticated Espionage Campaign

Individuals in the Pakistan region have been targeted using two rogue Android apps available on the Google Play Store as part of a new targeted campaign. Cybersecurity firm Cyfirma attributed the campaign with moderate confidence to a threat actor known as DoNot Team, which is also tracked as...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/06 3:40 a.m.30 views

Google Mandates Android Apps to Offer Easy Account Deletion In-App and Online

Google is enacting a new data deletion policy for Android apps that allow account creation to also offer users with a setting to delete their accounts in an attempt to provide more transparency and control over their data. "For apps that enable app account creation, developers will soon need to...

6.4AI score
Exploits0
Kitploit
Kitploit
added 2023/03/29 11:30 a.m.47 views

Apk.Sh - Makes Reverse Engineering Android Apps Easier, Automating Some Repetitive Tasks Like Pulling, Decoding, Rebuilding And Patching An APK

apk.sh is a Bash script that makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK. Features apk.sh basically uses apktool to disassemble, decode and rebuild resources and some bash to automate the frida gadget...

7.8AI score
Exploits0References5
Kitploit
Kitploit
added 2023/02/28 11:30 a.m.140 views

APKHunt - Comprehensive Static Code Analysis Tool For Android Apps That Is Based On The OWASP MASVS Framework

APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their cod...

7.7AI score
Exploits0References5
The Hacker News
The Hacker News
added 2023/02/24 9:0 a.m.46 views

Even Top-Ranked Android Apps in Google Play Store Provide Misleading Data Safety Labels

An investigation into data safety labels for Android apps available on the Google Play Store has uncovered "serious loopholes" that allow apps to provide misleading or outright false information. The study, conducted by the Mozilla Foundation as part of its Privacy Not Included initiative, compar...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2022/12/29 7:48 a.m.56 views

New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software

Users searching for popular software are being targeted by a new malvertising campaign that abuses Google Ads to serve trojanized variants that deploy malware, such as Raccoon Stealer and Vidar. The activity makes use of seemingly credible websites with typosquatted domain names that are surfaced...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/02 11:47 a.m.51 views

These Android Apps with a Million Play Store Installations Redirect Users to Malicious Sites

A set of four Android apps released by the same developer has been discovered directing victims to malicious websites as part of an adware and information-stealing campaign. The apps, published by a developer named Mobile apps Group and currently available on the Play Store, have been collectivel...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2022/10/24 2:7 p.m.121 views

TikTok: bypass two-factor authentication in Android apps and web

A vulnerability was found where a random timeout issue on a Two-Step Verification endpoint could have resulted in a potential bypass of authentication if multiple incorrect attempts were entered in quick succession. It was found that this vulnerability required access to the user's email/password...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/10/20 9:4 a.m.63 views

These 16 Clicker Malware Infected Android Apps Were Downloaded Over 20 Million Times

As many as 16 malicious apps with over 20 million cumulative downloads have been taken down from the Google Play Store after they were caught committing mobile ad fraud. The Clicker malware masqueraded as seemingly harmless utilities like cameras, currency/unit converters, QR code readers,...

1.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/07/29 1:25 p.m.49 views

Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware

A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with banking malware. These 17 dropper apps, collectively dubbed DawDropper by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/07/27 1:37 p.m.48 views

These 28+ Android Apps with 10 Million Downloads from the Play Store Contain Malware

As many as 30 malicious Android apps with cumulative downloads of nearly 10 million have been found on the Google Play Store distributing adware. "All of them were built into various programs, including image-editing software, virtual keyboards, system tools and utilities, calling apps, wallpaper...

1.3AI score
Exploits0
Kitploit
Kitploit
added 2022/05/25 12:30 p.m.28 views

DroidDetective - A Machine Learning Malware Analysis Framework For Android Apps

A machine learning malware analysis framework for Android apps. DroidDetective is a Python tool for analysing Android applications APKs for potential malware related behaviour and configurations. When provided with a path to an application APK file Droid Detective will make a prediction using it'...

7.1AI score
Exploits0References3
The Hacker News
The Hacker News
added 2022/05/17 9:6 a.m.20 views

Over 200 Apps on Play Store Caught Spying on Android Users Using Facestealer

More than 200 Android apps masquerading as fitness, photo editing, and puzzle apps have been observed distributing spyware called Facestealer to siphon user credentials and other valuable information. "Similar to Joker, another piece of mobile malware, Facestealer changes its code frequently, thu...

7.2AI score
Exploits0
OSV
OSV
added 2022/04/22 9:15 p.m.5 views

CVE-2021-3898

Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker...

6.5CVSS5.8AI score0.00427EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2022/04/12 10:48 a.m.30 views

Apps removed from Google Play for harvesting user data

Dozens of apps were removed from the Google Play Store after they were found to be harvesting the data of device owners. The code in question—a software development kit SDK—was used inside apps which were downloaded over 10 million times. What happened? A wide range of Android apps were found to...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/02/07 11:42 a.m.14 views

Securitas breached, 3TB of airport employee records exposed

An unsecured AWS server, found open to the public Internet, is the root cause of a huge compromise of data of airport employees in Colombia and Peru. This server, according to a report, belongs to Securitas, a Stockholm-based multinational company that provides security services like security...

0.6AI score
Exploits0
OSV
OSV
added 2021/12/28 2:15 a.m.4 views

CVE-2021-20873

Yappli is an application development platform which provides the function to access a requested URL using Custom URL Scheme. When Android apps are developed with Yappli versions since v7.3.6 and prior to v9.30.0, they are vulnerable to improper authorization in Custom URL Scheme handler, and may ...

8.1CVSS5.8AI score0.00842EPSS
Exploits0References2
Rows per page
Query Builder