199 matches found
Input validation
The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.8. This app contains an exported service named...
Input validation
The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service...
Input validation
The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.1.13. This app contains an exported service name...
Input validation
The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service...
CVE-2019-15389
The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.1.13. This app contains an exported service named...
CVE-2019-15388
The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.1.13. This app contains an exported service name...
CVE-2019-15351
The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service named...
CVE-2019-15350
The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service named...
CVE-2019-15348
The Tecno Camon Android device with a build fingerprint of TECNO/H612/TECNO-ID5a:8.1.0/O11019/F-180828V106:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service named...
CVE-2019-15348
CVE-2019-15348 affects Tecno Camon Android devices that include a pre-installed platform app com.lovelyfont.defcontainer (FontCoverService). The exported service allows any co-located app to pass arbitrary shell-script commands to be executed as the system user when triggered via a logcat message...
CVE-2019-15346
The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service...
DarkUniverse APT Emerges to Deliver Sophisticated, Targeted Spy Attacks
A sophisticated espionage APT that was active for at least eight years before receding into the shadows has been uncovered — and researchers said that it may still be active. In April 2017, ShadowBrokers published one of their many leaks of cyberweapons used by the National Security Agency NSA an...
Dtrack RAT is Behind Virulent ATM-Espionage Campaign
An espionage malware called Dtrack – and a related variant, ATMDtrack – has been traced back to the notorious North Korea-linked Lazarus Group APT. Both have been identified this month targeting victims in India. According to researcher Konstantin Zykov of Kaspersky, researchers first uncovered...
PsiXBot Adds PornModule, Google DNS Service to Its Arsenal
The PsiXBot malware has made a few changes in recent weeks, including implementing Google’s DNS over HTTPS DoH and adding the blackmail-ready “PornModule” to its bag of tricks. PsiXBot is a multi-use Windows malware that has a range of capabilities, including keylogging, stealing passwords and...
Fully equipped Spying Android RAT from Brazil: BRATA
"BRATA" is a new Android remote access tool malware family. We used this code name based on its description - "Brazilian RAT Android". It exclusively targets victims in Brazil: however, theoretically it could also be used to attack any other Android user if the cybercriminals behind it want to. I...
Adwind Spyware-as-a-Service Attacks Utility Grid Operators
A phishing campaign that spoofs a PDF attachment to deliver Adwind spyware has been taking aim at national grid utilities infrastructure. Adwind, a.k.a. JRAT or SockRat, is being used in a malware-as-a-service model in this campaign, researchers said. It offers a full cadre of info-gathering...
Powerful FinSpy Spyware Found Targeting iOS and Android Users in Myanmar
One of the most powerful, infamous, and advanced piece of government-grade commercial surveillance spyware dubbed FinSpy—also known as FinFisher—has been discovered in the wild targeting users in Myanmar. Created by German company Gamma International, FinSpy is spying software that can target...
Threat Roundup for June 7 to June 14
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 07 and June 14. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...
Covert Keylogging: Sniping your Typing
There have been many attempts at making key logging devices or software over the years, however, whilst a DIY solution is usually made from large Raspberry Pi devices or Arduino boards, the KeyLogger PRO offering from Maltronics has raised a few eyebrows with regards to the wealth of features...
CVE-2019-12505
CVE-2019-12505 affects Inateck WP1001 wireless presenter (Rev. v1.3C). The issue arises from unencrypted and unauthenticated data communication over the 2.4 GHz link, enabling a remote attacker to perform keystroke injection and send arbitrary keystrokes to a victim’s computer when the target is ...