Reddit: com.reddit.frontpage vulernable to Task Hijacking (aka StrandHogg Attack)

Summary: The app com.reddit.frontpage is vulnerable to Task Hijacking used by widespread Android trojans. Task hijacking allows malicious apps to inherit permissions of vulnerable apps and is usually used for phishing login credentials of victims. Impact: Assuming a malicious actor want's to grab...

Google Removes Two Ztorg Trojans from Play Marketplace

Google, for the second time this month, has removed malicious apps from Google Play that could have laid the groundwork for an attacker to root infected devices. A researcher with Kaspersky Lab on Tuesday described how attackers managed to evade settings set in place by Google Play’s VerifyApps...

Malicious Links Top Source of Mobile Trojans

Cheetah Mobile says the scourge of Ghost Push malware is still taking its toll on Android devices nearly two years after making its debut. Now the research firm is trying to track down how Ghost Push and other Trojans have remained so prolific despite mitigation efforts. In a report released Frid...

Five-Year 'Dust Storm' APT Campaign Seen Targeting Japanese Critical Infrastructure

A five-year campaign primarily focused on extracting sensitive information from Japanese oil, gas, and electric utilities was outlined by researchers on Tuesday. Referred to as Operation Dust Storm .PDF by researchers at Cylance, the campaign has managed to stay persistent over the years, and...