European Bank Customers Targeted in SpyNote Android Trojan Campaign

Various European customers of different banks are being targeted by an Android banking trojan called SpyNote as part of an aggressive campaign detected in June and July 2023. "The spyware is distributed through email phishing or smishing campaigns and the fraudulent activities are executed with a...

CVE-2018-17403

The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to impersonate a user and set up their account without their knowledge. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibili...

CVE-2018-17402

The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide...

CVE-2018-17400

The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application. NOTE: the vendor says that, to exploit this, the user has to...

CVE-2018-17403

The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to impersonate a user and set up their account without their knowledge. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibili...

CVE-2018-17401

The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide...

PT-2018-14016 · Phonepe · Phonepe

Name of the Vulnerable Software and Affected Versions: PhonePe wallet aka com.PhonePe.app versions 3.0.6 through 3.3.26 Description: The issue might allow attackers to impersonate a user and set up their account without their knowledge. To exploit this, the user has to explicitly install a...

PT-2018-14013 · Phonepe · Phonepe

Name of the Vulnerable Software and Affected Versions: PhonePe wallet aka com.PhonePe.app versions 3.0.6 through 3.3.26 Description: The issue might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application. To...

PT-2018-14014 · Phonepe · Phonepe

Name of the Vulnerable Software and Affected Versions: PhonePe wallet aka com.PhonePe.app versions 3.0.6 through 3.3.26 Description: The issue allows attackers to perform Account Takeover attacks by exploiting the Forgot Password feature. To exploit this, the user has to explicitly install a...

PT-2018-14015 · Phonepe · Phonepe

Name of the Vulnerable Software and Affected Versions: PhonePe wallet aka com.PhonePe.app versions 3.0.6 through 3.3.26 Description: The issue might allow attackers to discover sensitive information, including Credit/Debit card numbers, expiration dates, and CVV numbers. To exploit this, a user...

CVE-2018-15661

An issue was discovered in the Ola Money aka com.olacabs.olamoney application 1.9.0 for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS messages, then the Forgot Password screen can be used to bypass authentication. NOTE: the vendor does...

PT-2018-13127 · Ola Cabs · Ola Money

Name of the Vulnerable Software and Affected Versions: Ola Money aka com.olacabs.olamoney version 1.9.0 Description: An issue was discovered in the Ola Money application for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS messages, then t...