EUVD-2018-14343

Malware in sbrugna...

A week in security (September 29 – October 5)

Last week on Malwarebytes Labs: From threats to apology, hackers pull child data offline after public backlash Your Meta AI conversations may come back as ads in your feed Scam Facebook groups send malicious Android malware to seniors Sendit tricked kids, harvested their data, and faked messages,...

EUVD-2025-6755

Malicious code in bioql PyPI...

Scam Facebook groups send malicious Android malware to seniors

An infostealer and banking Trojan rolled into one is making the rounds in Facebook groups aimed at "active seniors". Attackers used social engineering methods to lure targets into joining fake Facebook groups that appeared to promote travel and community activities—such as trips, dance classes, a...

LLM-Generated Samples for Android Malware Detection

Android malware continues to evolve through obfuscation and polymorphism, posing challenges for both signature-based defenses and machine learning models trained on limited and imbalanced datasets. Synthetic data has been proposed as a remedy for scarcity, yet the role of large language models LL...

MalEval Android Malware Evaluation Framework

This repository contains the source code of MalEval, an evaluation framework for Android malware behavior auditing, focusing on explaining and substantiating malicious behaviors. The framework provides expert-verified reports, curated metadata, and model outputs to enable reproducible evaluation ...

Beyond Classification: Evaluating LLMs for Fine-Grained Automatic Malware Behavior Auditing

Automated malware classification has achieved strong detection performance. Yet, malware behavior auditing seeks causal and verifiable explanations of malicious activities -- essential not only to reveal what malware does but also to substantiate such claims with evidence. This task is challengin...

DMLDroid: Deep Multimodal Fusion Framework for Android Malware Detection with Resilience to Code Obfuscation and Adversarial Perturbations

In recent years, learning-based Android malware detection has seen significant advancements, with detectors generally falling into three categories: string-based, image-based, and graph-based approaches. While these methods have shown strong detection performance, they often struggle to sustain...

Feature-Centric Approaches to Android Malware Analysis: a Survey

Sophisticated malware families exploit the openness of the Android platform to infiltrate IoT networks, enabling large-scale disruption, data exfiltration, and denial-of-service attacks. This systematic literature review SLR examines cutting-edge approaches to Android malware analysis with direct...

RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities

A new Android malware called RatOn has evolved from a basic tool capable of conducting Near Field Communication NFC relay attacks to a sophisticated remote access trojan with Automated Transfer System ATS capabilities to conduct device fraud. "RatOn merges traditional overlay attacks with automat...

77 Malicious Android Apps With 19M Downloads Targeted 831 Banks Worldwide

Zscaler reports 77 Android apps on Google Play with 19 million installs spread malware, hitting 831 banks and…...

New Android Hook Malware Variant Locks Devices With Ransomware

Zimperium's research reveals the Hook Android malware is now a hybrid threat, using ransomware and spyware to steal…...

DRMD: Deep Reinforcement Learning for Malware Detection under Concept Drift

Malware detection in real-world settings must deal with evolving threats, limited labeling budgets, and uncertain predictions. Traditional classifiers, without additional mechanisms, struggle to maintain performance under concept drift in malware domains, as their supervised learning formulation...

MalLoc: toward Fine-Grained Android Malicious Payload Localization Via LLMs

The rapid evolution of Android malware poses significant challenges to the maintenance and security of mobile applications apps. Traditional detection techniques often struggle to keep pace with emerging malware variants that employ advanced tactics such as code obfuscation and dynamic behavior...

Fake Antivirus App Spreads Android Malware to Spy on Russian Users

Doctor Web warns of Android.Backdoor.916.origin, a fake antivirus app that spies on Russian users by stealing data, streaming…...

PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads

Cybersecurity researchers have discovered a nascent Android remote access trojan RAT called PlayPraetor that has infected more than 11,000 devices, primarily across Portugal, Spain, France, Morocco, Peru, and Hong Kong. "The botnet's rapid growth, which now exceeds 2,000 new infections per week, ...

Empirical Evaluation of Concept Drift in ML-Based Android Malware Detection

Despite outstanding results, machine learning-based Android malware detection models struggle with concept drift, where rapidly evolving malware characteristics degrade model effectiveness. This study examines the impact of concept drift on Android malware detection, evaluating two datasets and...

Understanding Concept Drift with Deprecated Permissions in Android Malware Detection

Permission analysis is a widely used method for Android malware detection. It involves examining the permissions requested by an application to access sensitive data or perform potentially malicious actions. In recent years, various machine learning ML algorithms have been applied to Android...

Fake Telegram Apps Spread via 607 Domains in New Android Malware Attack

Fake Telegram apps are being spread through 607 malicious domains to deliver Android malware, using blog-style pages and phishing tactics to trick users...

MH-FSF: a Unified Framework for Overcoming Benchmarking and Reproducibility Limitations in Feature Selection Evaluation

Feature selection is vital for building effective predictive models, as it reduces dimensionality and emphasizes key features. However, current research often suffers from limited benchmarking and reliance on proprietary datasets. This severely hinders reproducibility and can negatively impact...