41 matches found
FriendlyDealer mimics official app stores to push unvetted gambling apps
We’ve identified a huge social-engineering campaign designed to steer people into online gambling sites under the impression they’re installing a legitimate app. We’re calling it FriendlyDealer. It’s been observed across at least 1,500 domains, each hosting a website that impersonates the Google...
CVE-2026-3675
A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected by this issue is the function FakeAppReceiver of the component org.ethosmobile.ethoslauncher. Executing a manipulation can lead to improper authorization. The attack needs to be launched locally. The exploit has been...
EUVD-2026-10191
A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected by this issue is the function FakeAppReceiver of the component org.ethosmobile.ethoslauncher. Executing a manipulation can lead to improper authorization. The attack needs to be launched locally. The exploit has been...
CVE-2026-3675 Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppReceiver improper authorization
A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected by this issue is the function FakeAppReceiver of the component org.ethosmobile.ethoslauncher. Executing a manipulation can lead to improper authorization. The attack needs to be launched locally. The exploit has been...
CVE-2026-3675
A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected by this issue is the function FakeAppReceiver of the component org.ethosmobile.ethoslauncher. Executing a manipulation can lead to improper authorization. The attack needs to be launched locally. The exploit has been...
CVE-2026-3674
CVE-2026-3674 affects Freedom Factory dGEN1 (up to 20260221) via the FakeAppProvider in org.ethosmobile.ethoslauncher. Manipulation of the component yields improper authorization, with the attack exploitable from a local position. The exploit has been released publicly. Impact is described as par...
CVE-2026-3667
A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has...
CVE-2026-3667
CVE-2026-3667 affects Freedom Factory dGEN1 (up to 20260221) with the vulnerability in the function FakeAppService of the component org.ethosmobile.ethoslauncher. The underlying issue is improper authorization, exploitable from a local attacker. Public exploits exist and the vendor was notified w...
CVE-2026-3667 Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppService improper authorization
A security flaw has been discovered in Freedom Factory dGEN1 up to 20260221. The impacted element is the function FakeAppService of the component org.ethosmobile.ethoslauncher. The manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has...
PT-2026-23884
Name of the Vulnerable Software and Affected Versions Freedom Factory dGEN1 versions up to 20260221 Description A flaw exists in Freedom Factory dGEN1 that allows for improper authorization. This issue is related to the FakeAppProvider function within the org.ethosmobile.ethoslauncher component...
PT-2026-23885
Name of the Vulnerable Software and Affected Versions Freedom Factory dGEN1 versions up to 20260221 Description A flaw exists in Freedom Factory dGEN1 that allows for improper authorization. The issue is located within the FakeAppReceiver function of the org.ethosmobile.ethoslauncher component...
Freedom Factory dGEN1 授权问题漏洞
The Freedom Factory dGEN1 is a Ethereum mobile device produced by the Freedom Factory company. Versions of Freedom Factory dGEN1 dated back to 20260221 and earlier contained an authorization issue vulnerability. This vulnerability stemmed from incorrect operations on the FakeAppProvider function...
Fantasy Hub is spyware for rent—complete with fake app kits and support
Researchers at Zimperium identified Fantasy Hub, a new Android spyware developed and sold as a subscription on Russian-language cybercrime forums. Malware-as-a-Service MaaS means cybercriminals rent out to malware to other criminals, complete with the infrastructure necessary to harvest and abuse...
Malware Bypasses Microsoft Defender and 2FA to Steal $24K in Crypto
Malware bypasses Microsoft Defender and 2FA, stealing $24K in cryptocurrency via a fake NFT game app. Learn how…...
Apple Approves Fake App Before Real Rabby Wallet, Users’ Funds Stolen
By Waqas Crypto Nightmare! Fake Rabby Wallet App Steals Millions After Apple App Store Fails to Catch It. This is a post from HackRead.com Read the original post: Apple Approves Fake App Before Real Rabby Wallet, Users Funds Stolen...
CVE-2024-23674
The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from...
A week in security (February 5 – February 11)
Last week on Malwarebytes Labs: Ivanti urges customers to patch yet another critical vulnerability Ransomware in 2023 recap: 5 key takeaways FBI and CISA publish guide to Living off the Land techniques Warning from LastPass as fake app found on Apple App Store 2 million job seekers targeted by da...
Fake LastPass Password Manager App Lurks on iOS App Store
By Waqas Remember, it is LastPass Password Manager, not LassPass Password Manager! This is a post from HackRead.com Read the original post: Fake LastPass Password Manager App Lurks on iOS App Store...
Warning from LastPass as fake app found on Apple App Store
Password Manager LastPass has warned about a fraudulent app called “LassPass Password Manager” which it found on the Apple App Store. The app closely mimics the branding and appearance of LastPass, right down to the interface. So, even if the name was a “happy accident” it seems clear that this w...
New MMRat Android Trojan Uses Fake App Stores for Bank Fraud
By Deeba Ahmed So far, the potent Android trojan MMRat has remained undetected on VirusTotal. This is a post from HackRead.com Read the original post: New MMRat Android Trojan Uses Fake App Stores for Bank Fraud...