Android Malware Spotted Subscribing Victims to Paid Services Without Consent

Cybersecurity researchers expose a 10-month global Android malware campaign using fake apps to secretly charge users through premium SMS bills...

New macOS Malware notnullOSX Targets Crypto Wallets Over $10K

macOS Malware notnullOSX targets crypto wallets over $10K, using fake apps, Terminal tricks, and backdoors to steal funds and sensitive data...

Malware in 2025 spread far beyond Windows PCs

This blog is part of a series highlighting new and concerning trends we noticed over the last year. Trends matter because they almost always provide a good indication of what 's coming next. If there’s one thing that became very clear in 2025, it’s that malware is no longer focused on Windows...

New Android malware lets criminals control your phone and drain your bank account

Albiriox is a new family of Android banking malware that gives attackers live remote control over infected phones, letting them quietly drain bank and crypto accounts during real sessions. Researchers have analyzed a new Android malware family called Albiriox which is showing signs of developing...

Spyware-Plugged ChatGPT, DALL·E and WhatsApp Apps Target US Users

Are you using a fake version of a popular app? Appknox warns US users about malicious brand clones hiding on third-party app stores. Protect yourself from hidden spyware and ‘commercial parasites.’...

New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps

A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google Photos, TikTok, and YouTube as lures to install them. "Once active, the spyware can exfiltra...

EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks

Combining AI-generated code and social engineering, EvilAI operators are executing a rapidly expanding campaign, disguising their malware as legitimate applications to bypass security, steal credentials, and persistently compromise organizations worldwide...

New JSCEAL Malware Targets Millions via Fake Crypto App Ads

JSCEAL malware targets millions using fake crypto app ads to steal wallets and data. Users urged to stay alert and avoid downloading from untrusted sources...

Cybercriminals Use Fake Apps to Steal Data and Blackmail Users Across Asia's Mobile Networks

Cybersecurity researchers have discovered a new, large-scale mobile malware campaign that's targeting Android and iOS platforms with fake dating, social networking, cloud storage, and car service apps to steal sensitive personal data. The cross-platform threat has been codenamed SarangTrap by...

Malware Surge Hits Android: Adware, Trojans and Crypto Theft Lead Q2 Threats

Dr.Web reports Android malware surge in Q2 with adware, banking trojans and crypto theft hidden in fake apps, firmware and spyware targeting users...

SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps

Cybersecurity researchers have found that threat actors are setting up deceptive websites hosted on newly registered domains to deliver a known Android malware called SpyNote. These bogus websites masquerade as Google Play Store install pages for apps like the Chrome web browser, indicating an...

Scammers Sneak 300+ Ad Fraud Apps onto Google Play with 60M Downloads

Google Play Store hit by 300+ fake Android apps, downloaded more than 60 million times pushing ad fraud and data theft. Learn how to spot and remove these threats...

CVE-2024-34677

Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate...

Octo2 Malware Uses Fake NordVPN, Chrome Apps to Infect Android Devices

Octo2 malware is targeting Android devices by disguising itself as popular apps like NordVPN and Google Chrome. This…...

PT-2024-20011 · Unknown · Online-Ausweis-Funktion Eid

Name of the Vulnerable Software and Affected Versions: Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 Description: The issue allows authentication bypass by spoofing, enabling a man-in-the-middle attacker to assume a victim's identity and access...

Fake Signal and Telegram Apps in the Google Play Store

Google removed fake Signal and Telegram apps from its Play store. An app with the name Signal Plus Messenger was available on Play for nine months and had been downloaded from Play roughly 100 times before Google took it down last April after being tipped off by security firm ESET. It was also...

Chinese APT Slid Fake Signal and Telegram Apps onto Official App Stores

By Habiba Rashid Key Findings Cybersecurity researchers have warned of fake Signal and Telegram apps that have been distributed through the… This is a post from HackRead.com Read the original post: Chinese APT Slid Fake Signal and Telegram Apps onto Official App Stores...

Fake Windows Crypto Apps Spreading AppleJeus Malware

By Deeba Ahmed The infamous North Korean state-backed Lazarus hacking group is using AppleJeus malware to steal crypto funds from Windows users. This is a post from HackRead.com Read the original post: Fake Windows Crypto Apps Spreading AppleJeus Malware...

Fake Banking Rewards Apps Install Info-stealing RAT on Android Phones

By Deeba Ahmed The malware campaign is ongoing and one of its targets was ICICI bank in India. This is a post from HackRead.com Read the original post: Fake Banking Rewards Apps Install Info-stealing RAT on Android Phones...

Google Warns Spyware Being Deployed Against Android, iOS Users

Google is warning victims in Kazakhstan and Italy that they are being targeted by Hermit, a sophisticated and modular spyware from Italian vendor RCS Labs that not only can steal data but also record and make calls. Researchers from Google Threat Analysis Group TAG revealed details in a blog post...