EUVD-2021-7337

Malicious code in bioql PyPI...

Zanubis in motion: Tracing the active evolution of the Android banking malware

Introduction Zanubis is a banking Trojan for Android that emerged in mid-2022. Since its inception, it has targeted banks and financial entities in Peru, before expanding its objectives to virtual cards and crypto wallets. The main infection vector of Zanubis is impersonating legitimate Peruvian...

CVE-2021-1873

An API issue in Accessibility TCC permissions was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to unexpectedly leak a user's credentials from secure text...

CVE-2018-15660

An issue was discovered in the Ola Money aka com.olacabs.olamoney application 1.9.0 for Android. If an attacker controls an application with accessibility permissions, then the attacker can read certain Ola Money data such as a credit card number, expiration date, bank account number, and...

CVE-2018-15661

An issue was discovered in the Ola Money aka com.olacabs.olamoney application 1.9.0 for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS messages, then the Forgot Password screen can be used to bypass authentication. NOTE: the vendor does...

Zanubis Android Banking Trojan Poses as Peruvian Government App to Target Users

An emerging Android banking trojan called Zanubis is now masquerading as a Peruvian government app to trick unsuspecting users into installing the malware. "Zanubis's main infection path is through impersonating legitimate Peruvian Android applications and then tricking the user into enabling the...

Meta Cracks Down on Cyber Espionage Operations in South Asia Abusing Facebook

Facebook parent company Meta disclosed that it took action against two espionage operations in South Asia that leveraged its social media platforms to distribute malware to potential targets. The first set of activities is what the company described as "persistent and well-resourced" and undertak...

More Stealthier Version of BrazKing Android Malware Spotted in the Wild

Banking apps from Brazil are being targeted by a more elusive and stealthier version of an Android remote access trojan RAT that's capable of carrying out financial fraud attacks by stealing two-factor authentication 2FA codes and initiating rogue transactions from infected devices to transfer...

CVE-2021-1873

An API issue in Accessibility TCC permissions was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to unexpectedly leak a user's credentials from secure text...

CVE-2018-15660

An issue was discovered in the Ola Money aka com.olacabs.olamoney application 1.9.0 for Android. If an attacker controls an application with accessibility permissions, then the attacker can read certain Ola Money data such as a credit card number, expiration date, bank account number, and...

Authentication flaw

DISPUTED An issue was discovered in the Ola Money aka com.olacabs.olamoney application 1.9.0 for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS messages, then the Forgot Password screen can be used to bypass authentication. NOTE: the...

CVE-2018-15661

The vulnerability CVE-2018-15661 affects Ola Money (com.olacabs.olamoney) on Android 1.9.0. If an attacker controls an app with accessibility permissions and the ability to read SMS, the Forgot Password screen can bypass authentication. The issue is triggered by the interaction of accessibility f...

CVE-2018-15660

The CVE-2018-15660 issue affects Ola Money (com.olacabs.olamoney) Android app v1.9.0. If an attacker controls another app with accessibility permissions, they can read sensitive data (credit card number, expiration date, bank account number, and transaction history). The Red Hat entry notes the v...

PT-2018-13126 · Ola Cabs · Ola Money

Name of the Vulnerable Software and Affected Versions: Ola Money aka com.olacabs.olamoney version 1.9.0 Description: An issue was discovered in the Ola Money application for Android. If an attacker controls an application with accessibility permissions, then the attacker can read certain Ola Mone...