Avast WEBforum
Consumer Products => Avast Mobile Security => Avast Mobile Security for Android => Topic started by: Pondus on November 07, 2013, 11:24:03 PM
-
New iPhones give shorter battery life than Android rivals
http://blogs.which.co.uk/technology/apple/new-iphones-still-give-shorter-battery-life-than-android-rivals/
-
U.S. Cellular's Galaxy S 4 to receive Android 4.3 update Nov. 8
http://www.phonedog.com/2013/11/06/u-s-cellular-s-galaxy-s-4-to-receive-android-4-3-update-nov-8/
-
Android KitKat
http://developer.android.com/about/versions/kitkat.html
-
Mobile malware on the rise in Q3, 97% targets Android
http://www.gsmarena.com/mobile_malware_on_the_rise_in_q3_97_of_which_targets_android-news-7155.php
-
Mobile Pwn2Own 2013 Yields Exploits in Safari, Samsung S4 applications
http://www.hppwn2own.com/mobile-pwn2own-2013-yields-exploits-safari-samsung-s4-applications/
-
iOS 7.0.4
http://support.apple.com/kb/DL1701
http://support.apple.com/kb/HT6058
-
Chrome on a Nexus 4 and Samsung Galaxy S4 falls
http://www.hppwn2own.com/chrome-nexus-4-samsung-galaxy-s4-falls/
-
seems Google playstore have apps With malware :-\
https://www.virustotal.com/en/file/536c95792e8820bb3b41c56b8b9d32a44cddc48c037efa9a0c04264421f6abe5/analysis/1385333474/
htxps://play.google.com/store/apps/details?id=com.bestfreeandroidwallpapers.wallpapermirandakerr&hl=en
-
Actually, AirPush is kinda a grey zone. It's PUP at best, definitely not malware (it "just" displays really annoying advertisements).
Filip
-
Security Alert: Shoot the Bulk Messenger
https://blog.lookout.com/blog/2013/12/19/shoot-the-bulk-messenger/
-
Google Removes Vital Privacy Feature From Android, Claiming Its Release Was Accidental
https://www.eff.org/deeplinks/2013/12/google-removes-vital-privacy-features-android-shortly-after-adding-them
-
Back off, NSA: Blackphone promises to be the first privacy-focused smartphone
http://www.engadget.com/2014/01/15/blackphone-privacy-and-security-android-smartphone/
blackphone https://www.blackphone.ch/
-
Android antivirus apps CAN'T kill nasties on sight like normal AV - and that's Google's fault
http://www.theregister.co.uk/2013/12/17/android_anti_malware/
-
Android 4.5: there may be much breakage for root apps
https://plus.google.com/+Chainfire/posts/Lyhjzu1z9s1
-
Scam Warning: New "One-Ring" Cell Phone Scam
http://newyork.bbb.org/article/Scam-Warning-New-One-Ring-Cell-Phone-Scam-45589
-
Viruses now use your computer to infect your phone
http://blogs.norman.com/2014/for-consumption/viruses-now-use-your-computer-to-infect-your-phone
-
Hackers can use Snapchat to disable iPhones, researcher says
http://www.latimes.com/business/technology/la-fi-tn-snapchat-shut-down-iphone-20140207,0,3127301.story
-
(http://www.screencast-o-matic.com/screenshots/u/Lh/1392157515470-69489.png)
TimePIN Changes Your Android PIN Code Every Minute For Improved Security (http://appscout.pcmag.com/android/320558-timepin-changes-your-android-pin-code-every-minute-for-improved-security)
-
Fake Korean bank applications for Android – PT 1
http://blog.avast.com/2014/02/17/fake-korean-bank-applications-for-android-pt-1/
-
Google Play: Whats the newest threat on the official Android market? (https://blog.avast.com/2014/03/07/google-play-whats-the-newest-threat-on-the-official-android-market/)
(https://blog.avast.com/wp-content/uploads/2014/03/Blg1.png)
-
Android RATs Branch out with Dendroid
http://www.symantec.com/connect/blogs/android-rats-branch-out-dendroid
-
Android OS Memory Corruption Bug
http://ibrahimbalic.com/2014/android-os-memory-corruption-bug/
-
Android OS Memory Corruption Bug
http://ibrahimbalic.com/2014/android-os-memory-corruption-bug/
Doesn't load. After using VPN, I got an article in Turkish I think? Can't really read that :)
-
Android OS Memory Corruption Bug
http://ibrahimbalic.com/2014/android-os-memory-corruption-bug/
Doesn't load. After using VPN, I got an article in Turkish I think? Can't really read that :)
Funny, this time it's vice versa, no problem to get there. (See screenshot)
-
Android OS Memory Corruption Bug
http://ibrahimbalic.com/2014/android-os-memory-corruption-bug/
Doesn't load. After using VPN, I got an article in Turkish I think? Can't really read that :)
Probably the article was removed. The bug caused some problems in the internal systems of Play Store (Google Play Console).
A cached version is available here (http://webcache.googleusercontent.com/search?q=cache:http://ibrahimbalic.com/2014/android-os-memory-corruption-bug/).
-
Probably the article was removed.
Nope, it's still up.
-
Paypal Remote Code Execution
https://labs.mwrinfosecurity.com/advisories/2014/03/10/paypal-remote-code-execution/
-
Declaring machine war against malicious Android packages
http://blog.avast.com/2014/04/02/declaring-machine-war-against-malicious-android-packages/
-
CCleaner for Android http://www.piriform.com/blog/2014/4/3/ccleaner-for-android
-
Occupy Your Icons Silently on Android
http://www.fireeye.com/blog/technical/2014/04/occupy_your_icons_silently_on_android.html
-
WhatsApp Flaw leaves User Location Vulnerable to Hackers and Spy Agencies
http://thehackernews.com/2014/04/whatsapp-flaw-leaves-user-location.html
-
If an Android Has a Heart, Does It Bleed?
http://www.fireeye.com/blog/technical/2014/04/if-an-android-has-a-heart-does-it-bleed.html
-
Local root vulnerability in Android 4.4.2
http://blog.cassidiancybersecurity.com/post/2014/06/Android-4.4.3%2C-or-fixing-an-old-local-root
-
Student promises Java key to unlock Simplocker ransomware
http://www.theregister.co.uk/2014/06/17/student_forges_java_key_to_unlock_simplelocker_ransomware/
A university student claims he is set to release a Java application to decrypt the first ransomware to hit Android devices.
-
Don’t get too used to 4G, 5G is on the way
http://betanews.com/2014/06/17/dont-get-too-used-to-4g-5g-is-on-the-way/
-
Yo App Hacked By College Students
http://techcrunch.com/2014/06/20/yo-app-allegedly-hacked-by-college-students/
-
Android KeyStore Stack Buffer Overflow: To Keep Things Simple, Buffers Are Always Larger Than Needed
http://securityintelligence.com/android-keystore-stack-buffer-overflow-to-keep-things-simple-buffers-are-always-larger-than-needed/
-
Selfmite: Attack using SMS worm to increase pay-per-install income
http://www.adaptivemobile.com/blog/selfmite-worm
-
Importing a smartphone? Beware of viruses
http://blogs.norman.com/2014/for-consumption/importing-a-smartphone-beware-of-viruses
-
Is Your Android Device Telling the World Where You've Been?
https://www.eff.org/deeplinks/2014/07/your-android-device-telling-world-where-youve-been
-
The Service You Can’t Refuse: A Secluded HijackRAT
http://www.fireeye.com/blog/technical/malware-research/2014/07/the-service-you-cant-refuse-a-secluded-hijackrat.html
-
Android 4.4.2 Secure USB Debugging Bypass
https://labs.mwrinfosecurity.com/advisories/2014/07/03/android-4-4-2-secure-usb-debugging-bypass/
-
Android 4.4.2 Secure USB Debugging Bypass
https://labs.mwrinfosecurity.com/advisories/2014/07/03/android-4-4-2-secure-usb-debugging-bypass/
Thanks God I'm on 4.4.4 which is not affected. This was one of my wishes of avast! Mobile Security protection. But, maybe due to technical reasons and Android limitations, I was never heard. And people still rely on the lockscreen password. A simple adb command just delete it :'(
-
CVE-2013-6272 com.android.phone
http://blog.curesec.com/article/blog/35.html
-
Top 10 phones with the fastest charging times: from zero to hero
http://www.phonearena.com/news/Top-10-phones-with-the-fastest-charging-times-from-zero-to-hero_id57912
-
Android crypto blunder exposes users to highly privileged malware
http://arstechnica.com/security/2014/07/android-crypto-blunder-exposes-users-to-highly-privileged-malware/
https://securityledger.com/2014/07/old-apache-code-at-root-of-android-fakeid-mess/
-
Gyrophone: Recognizing Speech From Gyroscope Signals
http://crypto.stanford.edu/gyrophone/files/gyromic.pdf
-
Exclusive: Next-gen Nexus hardware to be unveiled in mid-October, Android L hits November 1st
http://www.androidauthority.com/next-gen-nexus-hardware-529418/
-
Microsoft Office goes completely free for Android phones ;)
http://www.androidcentral.com/microsoft-office-goes-completely-free-android-phones
-
Microsoft Office goes completely free for Android phones ;)
http://www.androidcentral.com/microsoft-office-goes-completely-free-android-phones
March 27th... Old news :)
-
DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket
http://user.informatik.uni-goettingen.de/~krieck/docs/2014-ndss.pdf
-
Android news http://googleblog.blogspot.no/2014/10/android-be-together-not-same.html
-
FBI director demands access to private cell phone data
http://www.cnet.com/news/fbi-director-demands-access-to-private-cell-phone-data/
-
On LPX13D, SELinux, and root
https://plus.google.com/+Chainfire/posts/VxjfYJnZAXP
-
Koler ‘Police’ Ransomware Gets its Worm On
http://www.adaptivemobile.com/blog/koler-police-ransomware-gets-its-worm-on
-
Why Samsung Knox isn't really a Fort Knox
http://mobilesecurityares.blogspot.co.uk/2014/10/why-samsung-knox-isnt-really-fort-knox.html
-
Google Calendar 5.0 Is Ready For Your 4.0.3+ Devices
http://www.androidpolice.com/2014/11/04/google-calendar-5-0-ready-4-0-3-devices-apk-download/
-
Android 5.0 Lollipop http://www.android.com/versions/lollipop-5-0/
-
Encryption and Storage Performance in Android 5.0 Lollipop
http://www.anandtech.com/show/8725/encryption-and-storage-performance-in-android-50-lollipop
-
Is backing up your data the same as exposing it? In this case – Yes!
https://blog.avast.com/2014/12/03/is-backing-up-your-data-the-same-as-exposing-it-in-this-case-yes/
-
DeathRing: Pre-loaded malware hits smartphones for the second time in 2014
https://blog.lookout.com/blog/2014/12/04/deathring/
-
Problems in Qualcomm Snapdragon Set Alarm Bells Ringing for Samsung, LG
http://www.businesskorea.co.kr/article/7635/unexpected-hurdle-problems-qualcomm-snapdragon-set-alarm-bells-ringing-samsung-lg
-
Mobile advertising firms spread malware by posing as official Google Play apps
https://blog.avast.com/2014/12/12/mobile-advertising-firms-spread-malware-by-posing-as-official-google-play-apps/
-
Fake “The Interview” app is really an Android banking trojan
http://grahamcluley.com/2014/12/the-interview-android-app-malware/
-
Google No Longer Provides Patches for WebView Jelly Bean and Prior
https://community.rapid7.com/community/metasploit/blog/2015/01/11/google-no-longer-provides-patches-for-webview-jelly-bean-and-prior
-
Hallo, hola, olá to the new, more powerful Google Translate app
http://googletranslate.blogspot.no/2015/01/hallo-hola-ola-to-new-more-powerful_14.html
-
Fobus, the sneaky little thief that could
https://blog.avast.com/2015/01/15/fobus-the-sneaky-little-thief-that-could/
-
Microsoft designs a lamp that could charge your smartphone
http://www.zdnet.com/article/microsoft-designs-a-lamp-that-could-charge-your-smartphone/
http://wmpoweruser.com/microsoft-research-is-developing-technology-to-automatically-charge-smartphones-using-a-light-beam/
guessing winphones are first in line
-
Google No Longer Provides Patches for WebView Jelly Bean and Prior
https://community.rapid7.com/community/metasploit/blog/2015/01/11/google-no-longer-provides-patches-for-webview-jelly-bean-and-prior
-> https://plus.google.com/+AdrianLudwig/posts/1md7ruEwBLF
-
Android WiFi-Direct Denial of Service
http://www.coresecurity.com/advisories/android-wifi-direct-denial-service
-
New outlook app and office for android and iOS
http://blogs.microsoft.com/blog/2015/01/29/office-everywhere-great-news-office-ios-android/
-
Apps on Google Play Pose As Games and Infect Millions of Users with Adware
https://blog.avast.com/2015/02/03/apps-on-google-play-pose-as-games-and-infect-millions-of-users-with-adware/
-
Mobile Crypto-Ransomware Simplocker now on Steroids
https://blog.avast.com/2015/02/10/mobile-crypto-ransomware-simplocker-now-on-steroids/
-
Exclusive: Galaxy S6 software will bring some amazing changes
http://www.sammobile.com/2015/02/12/exclusive-galaxy-s6-software-will-bring-some-amazing-changes/
-
Combating Dormant Malware Apps with Harvester
http://sseblog.ec-spride.de/2015/02/introducing-harvester/
http://www.bodden.de/pubs/TUD-CS-2015-0031.pdf
-
R7-2015-02: Google Play Store X-Frame-Options (XFO) Gaps Enable Android Remote Code Execution (RCE)
https://community.rapid7.com/community/metasploit/blog/2015/02/10/r7-2015-02-google-play-store-x-frame-options-xfo-gaps-enable-android-remote-code-execution-rce
-
Angry Android hacker hides Xbot malware in popular application icons
https://blog.avast.com/2015/02/17/angry-android-hacker-hides-xbot-malware-in-popular-application-icons/
-
The Great SIM Heist - How Spies Stole the Keys to the Encryption Castle
https://firstlook.org/theintercept/2015/02/19/great-sim-heist/
-
Malware Is Still Spying On You Even When Your Mobile Is Off
http://now.avg.com/malware-is-still-spying-on-you-after-your-mobile-is-off/
-
Behind the Scenes of Avast’s Global Wi-Fi Hack Experiment: How we collected and analyzed Wi-Fi data
https://blog.avast.com/2015/03/03/behind-the-scenes-of-avasts-global-wi-fi-hack-experiment-how-we-collected-and-analyzed-wi-fi-data/
-
Freezing Chrome for Ice Cream Sandwich
http://blog.chromium.org/2015/03/freezing-chrome-for-ice-cream-sandwich_3.html
-
Android 5.1: Unwrapping a new Lollipop update
http://officialandroid.blogspot.com/2015/03/android-51-unwrapping-new-lollipop.html
-
Xiaomi Mi 4 flagship riddled with malware and uncertified Android version, or is it? [Update]
http://betanews.com/2015/03/08/xiaomi-mi-4-flagship-riddled-with-malware-and-uncertified-android-version-or-is-it/
-
FREAK Out on Mobile
https://www.fireeye.com/blog/threat-research/2015/03/freak_out_on_mobile.html
-
Most of the pre-loaded apps on the Samsung Galaxy S6 and S6 edge can be disabled
www.androidbeat.com/2015/03/pre-loaded-apps-on-samsung-galaxy-s6-edge-disabled/
-
Android Installer Hijacking Vulnerability Could Expose Android Users to Malware
http://researchcenter.paloaltonetworks.com/2015/03/android-installer-hijacking-vulnerability-could-expose-android-users-to-malware/
-
Google Android Security Report 2014
https://static.googleusercontent.com/media/source.android.com/en/us/devices/tech/security/reports/Google_Android_Security_2014_Report_Final.pdf
-
You can now push Google Maps directions from your desktop to your smartphone
http://thenextweb.com/google/2015/04/24/you-can-now-push-google-maps-directions-from-your-desktop-to-your-smartphone/
-
Lost your Android phone? Now you can just Google its location
http://thenextweb.com/insider/2015/04/15/lost-your-android-phone-now-you-can-just-google-its-location/
-
Porn clicker app slipped into Google Play imitating popular Dubsmash app
https://blog.avast.com/2015/04/24/porn-clicker-app-slipped-into-google-play-imitating-popular-dubsmash-app/
-
Popular Android Apps with SSL Certificate Validation Failure
https://samsclass.info/128/proj/popular-ssl.htm
-
PCs require antivirus. Smartphones don’t. Right?
https://blog.avast.com/2015/04/30/pcs-require-antivirus-smartphones-dont-right/
-
Keeping Tabs on WhatsApp's Encryption
http://www.heise.de/ct/artikel/Keeping-Tabs-on-WhatsApp-s-Encryption-2630361.html
-
Bleep
http://www.bleep.pm/
-
Mobile Spyware Maker mSpy Hacked, Customer Data Leaked
http://krebsonsecurity.com/2015/05/mobile-spy-software-maker-mspy-hacked-customer-data-leaked/
-
Tech giants don’t want Obama to give police access to encrypted phone data
http://www.washingtonpost.com/world/national-security/tech-giants-urge-obama-to-resist-backdoors-into-encrypted-communications/2015/05/18/11781b4a-fd69-11e4-833c-a2de05b6b2a4_story.html
-
NSA Planned to Hijack Google App Store to Hack Smartphones
https://firstlook.org/theintercept/2015/05/21/nsa-five-eyes-google-samsung-app-stores-spyware/
-
Security Analysis of Android Factory Resets
http://www.cl.cam.ac.uk/~rja14/Papers/fr_most15.pdf
-
Project Abacus is an ATAP project aimed at killing the password
http://www.androidcentral.com/project-abacus-atap-project-aimed-killing-password
-
Android update news
www.androidpit.com/android-5-0-lollipop-phone-update-news
Nexus 5 Gets Massive Standby Time Boost From Android M Upgrade From Android 5.1.1 Lollipop
www.techtimes.com/articles/58622/20150608/nexus-5-gets-standby-time-boost-from-android-m-upgrade-from-android-5-1-1-lollipop.htm
-
Sony confirms Xperia Z3+ overheats, promises software fix
www.gsmarena.com/sony_confirms_xperia_z3_overheats_promises_software_fix-news-12633.php
-
New exploit turns Samsung Galaxy phones into remote bugging devices
http://arstechnica.com/security/2015/06/new-exploit-turns-samsung-galaxy-phones-into-remote-bugging-devices/
http://www.forbes.com/sites/thomasbrewster/2015/06/16/samsung-galaxy-s6-vulnerable-to-cunning-keyboard-cracking-attack/
Remote Code Execution as System User on Samsung Phones
https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/
-
Trend Micro Discovers Android Vulnerability that Can Lead to Exposure of Device Memory Content
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-android-vulnerability-that-can-lead-to-exposure-of-device-memory-content/
-
Security vulnerability in LG’s Update Center application
http://www.search-lab.hu/about-us/news/109-security-vulnerability-in-lg-s-update-center-application
-
Plex has been hacked, so be sure to change your passwords
www.phandroid.com/2015/07/02/plex-hacked/
Plex blog https://blog.plex.tv/
-
Android M preview
www.slashgear.com/android-m-preview-update-brings-a-lot-of-sweet-goodies-09392411/
https://developer.android.com/index.html
-
New Android Malware Family Evades Antivirus Detection by Using Popular Ad Libraries
http://researchcenter.paloaltonetworks.com/2015/07/new-android-malware-family-evades-antivirus-detection-by-using-popular-ad-libraries/
www.ubergizmo.com/2015/07/android-malware-nintendo-emulator/
www.pcworld.com/article/2945292/android-malware-masquerades-as-nintendo-game-emulator.html
-
More than one in 10 American mobile users is the target of mobile malware
https://blog.avast.com/2015/07/15/more-than-one-in-10-american-mobile-users-is-the-target-of-mobile-malware/
http://files.avast.com/files/marketing/security-reports/2015/avast-q1-2015-security-report.pdf
(https://blog.avast.com/wp-content/uploads/2015/07/Avast-Virus-Lab-Blog.jpg)
-
Darkode Shutdown: FireEye Intern Accused Of Creating $65,000 Android Malware
http://www.forbes.com/sites/thomasbrewster/2015/07/15/fireeye-intern-dendroid-charges/
-
Password Brute Force Vulnerabilities
https://appbugs.co/html/bugs_category.php?c=password_bruteforce
-
Android malware Fobus now targeting users in the U.S., Germany and Spain
https://blog.avast.com/2015/07/21/android-malware-fobus-now-targeting-users-in-the-u-s-germany-and-spain/
(https://blog.avast.com/wp-content/uploads/2015/07/fobus_table1.png)
-
Creators of Dubsmash 2 Android Malware Strike Again
https://blog.avast.com/2015/07/22/creators-of-dubsmash-2-android-malware-strike-again/
-
Malware that Just Won’t Give Up on Google Play
https://blog.avast.com/2015/07/24/malware-that-just-wont-give-up-on-google-play/
-
Major Flaw In Android Phones Would Let Hackers In With Just A Text
http://www.npr.org/sections/alltechconsidered/2015/07/27/426613020/major-flaw-in-android-phones-would-let-hackers-in-with-just-a-text
-
Dangerous Exploit?
http://www.tomshardware.com/news/stagefright-vulnerability-drm-android-heartbleed,29682.html
-
Big Brother(s) Could be Watching You Thanks to Stagefright
https://blog.avast.com/2015/07/29/big-brothers-could-be-watching-you-thanks-to-stagefright/
-
Trend Micro Discovers Vulnerability That Renders Android Devices Silent
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-vulnerability-that-renders-android-devices-silent/
-
Certifi-gate: Hundreds of Millions of Android Devices Could Be Pwned
http://blog.checkpoint.com/2015/08/06/certifigate/
http://www.checkpoint.com/resources/certifigate
-
Samsung Announces an Android Security Update Process to Ensure Timely Protection from Security Vulnerabilities
http://global.samsungtomorrow.com/samsung-announces-an-android-security-update-process-to-ensure-timely-protection-from-security-vulnerabilities/
-
Stagefright Detector Detects if Your Phone Is Vulnerable to Stagefright
http://lifehacker.com/stagefright-detector-detects-if-your-phone-is-vulnerabl-1722662061
https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector
-
One Class to Rule Them All: New Android Serialization Vulnerability Gives Underprivileged Apps Super Status
https://securityintelligence.com/one-class-to-rule-them-all-new-android-serialization-vulnerability-gives-underprivileged-apps-super-status
-
Stagefright: Mission Accomplished?
http://blog.exodusintel.com/2015/08/13/stagefright-mission-accomplished/
-
MediaServer Takes Another Hit with Latest Android Vulnerability
http://blog.trendmicro.com/trendlabs-security-intelligence/mediaserver-takes-another-hit-with-latest-android-vulnerability/
-
New data uncovers the surprising predictability of Android lock patterns
http://arstechnica.com/security/2015/08/new-data-uncovers-the-surprising-predictability-of-android-lock-patterns/
-
As this is now being abused, are we being protected? Certi-gate -> http://blog.checkpoint.com/2015/08/06/certifigate/
About abuse, read here: http://blog.checkpoint.com/2015/08/25/certifigate-statistics-exploitation-mitigation/
polonus
-
Remote Code Execution in Dolphin Browser for Android
http://rotlogix.com/2015/08/22/remote-code-execution-in-dolphin-browser-for-android/
Exploiting the Mercury Browser for Android
http://rotlogix.com/2015/08/23/exploiting-the-mercury-browser-for-android/
-
This is what Android fragmentation looks like in 2015
www.thenextweb.com/insider/2015/08/05/this-is-what-android-fragmentation-looks-like-in-2015/
-
Attack code exploiting Android’s critical Stagefright bugs is now public
http://arstechnica.com/security/2015/09/attack-code-exploiting-androids-critical-stagefright-bugs-is-now-public/
-
BrainTest – A New Level of Sophistication in Mobile Malware
http://blog.checkpoint.com/2015/09/21/braintest-a-new-level-of-sophistication-in-mobile-malware/
-
Dangerous Trojan hiding in official Android firmware
http://news.drweb.com/show/?i=9629&lng=en&c=5
-
Zimperium zLabs is Raising the Volume: New Vulnerability Processing MP3/MP4 Media
https://blog.zimperium.com/zimperium-zlabs-is-raising-the-volume-new-vulnerability-processing-mp3mp4-media/
-
If Google sends you an SMS warning you that someone has accessed your account… be careful!
http://www.pandasecurity.com/mediacenter/news/google-sms/
-
Get ready for the sweet taste of Android 6.0 Marshmallow
http://officialandroid.blogspot.fi/2015/10/get-ready-for-sweet-taste-of-android-60.html
-
87% of Android devices insecure
http://androidvulnerabilities.org/press/2015-10-08
https://www.cl.cam.ac.uk/~drt24/papers/spsm-scoring.pdf
-
Chinese Taomike Monetization Library Steals SMS Messages
http://researchcenter.paloaltonetworks.com/2015/10/chinese-taomike-monetization-library-steals-sms-messages/
-
Setting the Record Straight on Moplus SDK and the Wormhole Vulnerability
http://blog.trendmicro.com/trendlabs-security-intelligence/setting-the-record-straight-on-moplus-sdk-and-the-wormhole-vulnerability/
-
Hack The Galaxy: Hunting Bugs in the Samsung Galaxy S6 Edge
http://googleprojectzero.blogspot.com/2015/11/hack-galaxy-hunting-bugs-in-samsung.html
-
The spy in your pocket: Researchers name data-slurping mobe apps
http://www.theregister.co.uk/2015/11/05/dataslurping_smartphone_apps/
-
DroidJack isn’t the only spying software out there: Avast discovers that OmniRat is currently being used and spread by criminals to gain full remote control of devices.
https://blog.avast.com/2015/11/05/droidjack-isnt-the-only-spying-software-out-there-avast-discovers-that-omnirat-is-currently-being-used-and-spread-by-criminals-to-gain-full-remote-control-of-devices/
-
Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire
https://blog.lookout.com/blog/2015/11/04/trojanized-adware/
-
Samsung S6 calls open to man-in-the-middle base station snooping
http://www.theregister.co.uk/2015/11/12/mobile_pwn2own1
-
Latest Android phones hijacked with tidy one-stop-Chrome-pop
http://www.theregister.co.uk/2015/11/12/mobile_pwn2own/
-
Trojanized adware family abuses accessibility service to install whatever apps it wants
https://blog.lookout.com/blog/2015/11/19/shedun-trojanized-adware/
-
Stalking anyone on Telegram
https://oflisback.github.io/telegram-stalking/
-
Hello Barbie App, Hello Security Issues
https://bluebox.com/hello-barbie-app-hello-security-issues/
-
High-Profile Mobile Apps At Risk Due to Three-Year-Old Vulnerability
http://blog.trendmicro.com/trendlabs-security-intelligence/high-profile-mobile-apps-at-risk-due-to-three-year-old-vulnerability/
-
Protecting hundreds of millions more mobile users
https://googleonlinesecurity.blogspot.com/2015/12/protecting-hundreds-of-millions-more.html
-
Retailer’s apps reveal your Christmas list to the public
https://blog.avast.com/2015/12/15/retailers-apps-reveal-my-christmas-list-to-the-public/
-
Crimeware / APT Malware Masquerade as Santa Claus and Christmas Apps
https://www.cloudsek.com/announcements/blog/apt-malware-masquerade-as-christmas-apps-and-santa-claus/
-
Stingrays- A Secret Catalogue of Government Gear for Spying on Your Cellphone
https://theintercept.com/2015/12/17/a-secret-catalogue-of-government-gear-for-spying-on-your-cellphone/
-
Nexus Security Bulletin - January 2016
http://source.android.com/security/bulletin/2016-01-01.html
-
Vulnerability in Blackphone Puts Devices at Risk for Takeover
https://www.sentinelone.com/blog/vulnerability-in-blackphone-puts-devices-at-risk-for-takeover/
-
Brain Test re-emerges: 13 apps found in Google Play
https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/
-
Nexus Security Bulletin - February 2016
https://source.android.com/security/bulletin/2016-02-01.html
-
Software Bug Leaves Several MediaTek-Powered Android Devices Vulnerable to Attack
http://gadgets.ndtv.com/mobiles/news/software-bug-leaves-several-mediatek-powered-android-devices-vulnerable-to-attack-795743
-
Samsung starts Android Marshmallow update with Galaxy S6 today
http://www.theverge.com/2016/2/15/10995144/samsung-galaxy-android-marshmallow-update
http://news.samsung.com/global/get-things-done-faster-with-the-newly-enhanced-edge-screen
-
Security Alert: Mazar BOT Spotted in Active Attacks – the Android Malware That Can Erase Your Phone
https://heimdalsecurity.com/blog/security-alert-mazar-bot-active-attacks-android-malware/
-
Hands on: Samsung Galaxy S7 review
http://www.techradar.com/reviews/phones/mobile-phones/samsung-galaxy-s7-1315188/review
-
Android Malware About to Get Worse: GM Bot Source Code Leaked
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
-
Avast finds personal data on phones sold at pawn shops
https://blog.avast.com/2016/02/24/avast-finds-personal-data-on-phones-sold-at-pawn-shops/
-
Avast Wi-Fi Hack Experiment Demonstrates “Reckless” Behavior of Mobile World Congress Attendees
http://www.businesswire.com/news/home/20160222005555/en/Avast-Wi-Fi-Hack-Experiment-Demonstrates-%E2%80%9CReckless%E2%80%9D-Behavior
-
Porn clicker trojans keep flooding Google Play
http://www.welivesecurity.com/2016/02/24/porn-clicker-trojans-keep-flooding-google-play/
http://www.welivesecurity.com/2016/02/24/porn-clicker-trojans-google-play-analysis/
-
Android trump card: Acecard
https://blog.kaspersky.com/acecard-android-trojan/11368/
-
Lack of awareness drives growth of malware attacks on smartphones
http://www.rcrwireless.com/20160226/americas/lack-awareness-drives-growth-malware-attacks-smartphones
-
Nexus Security Bulletin - March 2016
https://source.android.com/security/bulletin/2016-03-01.html
-
LG's Stylus 2 is the first phone to support DAB+ radio
http://www.engadget.com/2016/03/14/lg-stylus-2-dab-plus-radio/
-
Stagefright 3.0
http://www.wired.co.uk/news/archive/2016-03/16/stagefright-android-real-world-hack?utm_source=dlvr.it&utm_medium=gplus
-
Android Security Advisory—2016-03-18
http://source.android.com/security/advisory/2016-03-18.html
-
Metaphor - A (real) reallife Stagefright exploit
https://www.exploit-db.com/docs/39527.pdf
-
Fake mobile antivirus apps promise rainbows and safety forever
https://blog.avast.com/fake-antivirus-apps-mobile-browser
-
Nexus Security Bulletin—April 2016
https://source.android.com/security/bulletin/2016-04-02.html
-
Google’s new ‘Live Cases’ lets Nexus owners create custom accessories
http://thenextweb.com/gadgets/2016/04/14/google-live-cases/
-
Four hundred MILLION vulnerable Androids are out there
http://www.theregister.co.uk/2016/04/20/four_hundred_meelion_vulnerable_androids_out_there/
-
Do you have any DeWalt tools?
Well now they also have a phone > http://dewaltphones.com
-
Towelroot and Leaked Hacking Team Exploits Used to Deliver “Dogspectus” Ransomware to Android Devices
https://www.bluecoat.com/security-blog/2016-04-25/android-exploit-delivers-dogspectus-ransomware
-
Android Banker Trojan preys on credit card information
https://blog.avast.com/android-banker-trojan-preys-on-credit-card-information
-
Mobile Malware Competition Rises in Underground Markets
https://securityintelligence.com/mobile-malware-competition-rises-in-underground-markets/
-
Cortana for Android adds Windows 10 notification syncing
http://www.winbeta.org/news/cortana-android-adds-windows-10-notification-syncing
-
Google wants to get rid of password logins for Android apps by 2017
http://www.androidauthority.com/google-kills-passwords-trust-api-694394/
-
Samsung S7 Batmobile
http://www.samsungmobilepress.com/press/Samsung-and-Warner-Bros.-Interactive-Entertainment-Join-Forces-to-Celebrate-the-Third-Anniversary-of-Injustice:-Gods-Among-Us-with-Limited-Release-of-Samsung-Galaxy-S7-edge-Injustice-Edition?2016-05-27
-
OEMs Have Flaws Too: Exposing Two New LG Vulnerabilities
http://blog.checkpoint.com/2016/05/29/oems-have-flaws-too-exposing-two-new-lg-vulnerabilities/
-
Adware on Google Play: Knock-off FIFA apps take advantage of football (soccer) hype around Copa America and Euro Cup
https://blog.avast.com/adware-on-google-play-knock-off-fifa-apps-take-advantage-of-football-soccer-hype-around-copa-america-and-euro-cup
-
(In-) Security of Security Applications
https://www.sit.fraunhofer.de/fileadmin/dokumente/Presse/teamsik_advisories_AV.pdf
-
FLocker Mobile Ransomware Crosses to Smart TV
http://blog.trendmicro.com/trendlabs-security-intelligence/flocker-ransomware-crosses-smart-tv/
-
Millions of Android devices have flawed full disk encryption
https://www.engadget.com/2016/07/01/android-qualcomm-security-flaw-encryption/
https://bits-please.blogspot.no/2016/06/extracting-qualcomms-keymaster-keys.html
-
From HummingBad to Worse: New In-Depth Details and Analysis of the HummingBad Android Malware Campaign
http://blog.checkpoint.com/2016/07/01/from-hummingbad-to-worse-new-in-depth-details-and-analysis-of-the-hummingbad-andriod-malware-campaign/
-
Android Security Bulletin — July 2016
https://source.android.com/security/bulletin/2016-07-01.html
-
DroidJack Uses Side-Load… It's Super Effective! Backdoored Pokemon GO Android App Found
https://www.proofpoint.com/us/threat-insight/post/droidjack-uses-side-load-backdoored-pokemon-go-android-app
-
Pokémon Go is automatically granting permission to read your Gmail
http://www.theverge.com/2016/7/11/12150468/pokemon-go-privacy-full-account-access-permission
http://www.theverge.com/2016/7/11/12156990/pokemon-go-security-flaw-google-account-fix
-
Android banking malware blocks victims’ outgoing calls to customer service
http://www.symantec.com/connect/blogs/android-banking-malware-blocks-victims-outgoing-calls-customer-service
-
Security Researchers Find 215 Fake Pokemon Go Apps And Issue Android Ransomware Warning
http://www.techweekeurope.co.uk/security/fake-pokemon-go-mobile-apps-195141
-
Android Security Bulletin — August 2016
https://source.android.com/security/bulletin/2016-08-01.html
-
QuadRooter: New Android Vulnerabilities in Over 900 Million Devices
http://blog.checkpoint.com/2016/08/07/quadrooter/
-
Study Highlights Serious Security Threat to Many Internet Users
https://ucrtoday.ucr.edu/39030
http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf
-
QuadRooter: New Android Vulnerabilities in Over 900 Million Devices
http://blog.checkpoint.com/2016/08/07/quadrooter/
Google confirms 'Verify Apps' can block apps using QuadRooter vulnerabilities
http://www.androidcentral.com/google-confirms-verify-apps-can-block-apps-quadrooter-exploits
-
Study Highlights Serious Security Threat to Many Internet Users
https://ucrtoday.ucr.edu/39030
http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf
Linux flaw that allows anyone to hijack Internet traffic also affects 80% of Android devices
https://blog.lookout.com/blog/2016/08/15/linux-vulnerability-android/
-
Banking Trojan, Gugi, evolves to bypass Android 6 protection
https://securelist.com/blog/mobile/75971/banking-trojan-gugi-evolves-to-bypass-android-6-protection/
-
Android Security Bulletin — September 2016
https://source.android.com/security/bulletin/2016-09-01.html
-
Rooting Pokémons in Google Play Store
https://securelist.com/blog/mobile/76081/rooting-pokemons-in-google-play-store/
-
Announcing the Project Zero Prize
https://googleprojectzero.blogspot.com/2016/09/announcing-project-zero-prize.html
-
Even More Safe Browsing on Android!
https://security.googleblog.com/2016/09/even-more-safe-browsing-on-android.html
-
Mobile Ransomware: The Fast Growing Yet Unknown Threat
http://blog.trendmicro.com/mobile-ransomware-fast-growing-yet-unknown-threat/
-
The banker that can steal anything
https://securelist.com/blog/mobile/76101/the-banker-that-can-steal-anything/
-
DressCode and its Potential Impact for Enterprises
http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-potential-impact-enterprises/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Anti-MalwareBlog+%28Trendlabs+Security+Intelligence+Blog%29
-
Android 7.1
http://android-developers.blogspot.no/2016/10/android-71-developer-preview.html
-
Memory disclosure mitigations in CopperheadOS
https://copperhead.co/blog/2016/09/20/memory-disclosure-mitigations
-
Android Banking Trojan Asks for Selfie With Your ID
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-asks-for-selfie-with-your-id/
-
Europol warns of Android tap-and-go thefts - http://www.bbc.co.uk/news/technology-37495102
-
Malware posing as Dual Instance app steals users’ Twitter credentials
https://blog.avast.com/malware-posing-as-dual-instance-app-steals-users-twitter-credentials
-
Android phones rooted by “most serious” Linux escalation bug ever
http://arstechnica.com/security/2016/10/android-phones-rooted-by-most-serious-linux-escalation-bug-ever/
-
Using Rowhammer bitflips to root Android phones is now a thing
http://arstechnica.com/security/2016/10/using-rowhammer-bitflips-to-root-android-phones-is-now-a-thing/
-
Meeting Cellebrite - Israel's master phone crackers - http://www.bbc.co.uk/news/technology-37441109
-
Android Trojan GM Bot is evolving and targeting more than 50 banks worldwide
https://blog.avast.com/android-trojan-gm-bot-is-evolving-and-targeting-more-than-50-banks-worldwide
-
Security Update Patches 13 Android Vulnerabilities Discovered by Trend Micro
http://blog.trendmicro.com/trendlabs-security-intelligence/security-update-patches-13-android-vulnerabilities-discovered-trend-micro/
-
KRYPTOWIRE DISCOVERS MOBILE PHONE FIRMWARE THAT TRANSMITTED PERSONALLY IDENTIFIABLE INFORMATION (PII) WITHOUT USER CONSENT OR DISCLOSURE
http://www.kryptowire.com/adups_security_analysis.html
-
KRYPTOWIRE DISCOVERS MOBILE PHONE FIRMWARE THAT TRANSMITTED PERSONALLY IDENTIFIABLE INFORMATION (PII) WITHOUT USER CONSENT OR DISCLOSURE
http://www.kryptowire.com/adups_security_analysis.html
Your Android could be sending messages to China
https://blog.avast.com/your-android-could-be-sending-messages-to-china
-
3 million Android phones vulnerable due to pre-installed rootkit
https://blog.avast.com/3-million-android-phones-vulnerable-due-to-pre-installed-rootkit
-
Android Banking Malware Masquerading as Email App Targets German Banks
https://blog.fortinet.com/2016/11/18/android-banking-malware-masquerading-as-email-app-targets-german-banks
-
More Than 1 Million Google Accounts Breached by Gooligan
http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/
Gooligan Checker: https://gooligan.checkpoint.com/
-
New SmsSecurity Variant Roots Phones, Abuses Accessibility Features and TeamViewer
http://blog.trendmicro.com/trendlabs-security-intelligence/new-smssecurity-variant-roots-phones-abuses-accessibility-features-teamviewer/
-
Analysis of multiple vulnerabilities in AirDroid
https://blog.zimperium.com/analysis-of-multiple-vulnerabilities-in-airdroid/
-
Android Security Bulletin — December 2016
https://source.android.com/security/bulletin/2016-12-01.html
-
These Top 10 Most Performance-Draining Android Apps Might Shock You
https://blog.avast.com/these-top-10-most-performance-draining-android-apps-might-shock-you
https://files.avast.com/files/marketing/materials/androidappperformancereportq32016.pdf
-
Sony Xperia X is the first non-Google phone to get Android 7.1.1
https://9to5google.com/2017/01/02/sony-xperia-x-is-the-first-non-google-phone-to-get-android-7-1-1/?pushup=1
-
Android Security Bulletin — January 2017
https://source.android.com/security/bulletin/2017-01-01.html
-
How to protect your Android device from Ghost Push
https://blog.avast.com/how-to-protect-your-android-device-from-ghost-push
-
In Review: 2016’s Mobile Threat Landscape Brings Diversity, Scale, and Scope
http://blog.trendmicro.com/trendlabs-security-intelligence/2016-mobile-threat-landscape/
-
Lifting the (Hyper) Visor: Bypassing Samsung’s Real-Time Kernel Protection
https://googleprojectzero.blogspot.com/2017/02/lifting-hyper-visor-bypassing-samsungs.html
-
Password-Manager Apps
https://team-sik.org/trent_portfolio/password-manager-apps/
-
The Skinner adware rears its ugly head on Google Play
http://blog.checkpoint.com/2017/03/08/skinner-adware-rears-ugly-head-google-play/
-
Malicious malware and ransomware found pre-installed on 38 Android phones by two companies
http://www.ibtimes.co.uk/malicious-malware-ransomware-found-pre-installed-38-android-phones-by-two-companies-1611008#-/web/tags/268436597-1489335754199-trackingCode-Z34f4auACDGiR8e2VoNxxpWXW6LZRaWLTtnuWS7WiUQVoc1bUkHm94b6YaW3dHAA-articleId-393952574-vv-ee358faf-2159-4b50-aeaa-aff0f67d2f43
Preinstalled Malware Targeting Mobile Users
http://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/
-
Google Kicks Chamois Android Adware off the Play Store
https://www.bleepingcomputer.com/news/security/google-kicks-chamois-android-adware-off-the-play-store/
-
Google Kicks Chamois Android Adware off the Play Store
https://www.bleepingcomputer.com/news/security/google-kicks-chamois-android-adware-off-the-play-store/
Detecting and eliminating Chamois, a fraud botnet on Android
https://security.googleblog.com/2017/03/detecting-and-eliminating-chamois-fraud.html
-
When it comes to Malware, the APKs spread all around the web are really dangerous as they are full of virus. Similarly, the Hack & coin generator kind of tools are also very dangerous for mobile malware. Such as this post hxtp://noxappplayer.com/dream-league-soccer-2017-hack/ might provide the hack tool but it is very difficult to say whether they are providing the right tool or not.
So beware of such websites and don't get trapped by them just for getting something for free!
-
Diverse protections for a diverse ecosystem: Android Security 2016 Year in Review
https://security.googleblog.com/2017/03/diverse-protections-for-diverse.html
https://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2016_Report_Final.pdf
-
Android Security Bulletin — April 2017
https://source.android.com/security/bulletin/2017-04-01.html
-
Mobile spyware uses sandbox to avoid antivirus detections
https://blog.avast.com/mobile-spyware-uses-sandbox-to-avoid-antivirus-detections
-
Pegasus for Android - Technical Analysis and Findings of Chrysaor
https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-android-technical-analysis.pdf
-
No password, phone sign in for Microsoft accounts!
https://blogs.technet.microsoft.com/enterprisemobility/2017/04/18/no-password-phone-sign-in-for-microsoft-accounts/
-
Fake Super Mario Run App Steals Credit Card Information
http://blog.trendmicro.com/trendlabs-security-intelligence/fake-super-mario-run-app-steals-credit-card-information/
-
DressCode Android Malware Finds Apparent Successor in MilkyDoor
http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-android-malware-finds-successor-milkydoor/
-
Android Spyware SMSVova posing as system update on Play Store
https://www.zscaler.com/blogs/research/android-spyware-smsvova-posing-system-update-play-store
-
Android Security Bulletin — May 2017
https://source.android.com/security/bulletin/2017-05-01
-
Privacy Threats through Ultrasonic Side Channels on Mobile Devices
http://christian.wressnegger.info/content/projects/sidechannels/2017-eurosp.pdf
-
New Nokia Leaks Reveal Secret Smartphones
https://www.forbes.com/sites/ewanspence/2017/05/17/hmd-nokia8-video-leak-rumor/#5b561ba55a59
-
Cloak & Dagger
http://cloak-and-dagger.org/
http://cs.ucsb.edu/~yanick/publications/2017_oakland_cloakanddagger.pdf
-
http://fortune.com/2017/05/28/android-malware-judy/
-
Android Security Bulletin — June 2017
https://source.android.com/security/bulletin/2017-06-01
-
WannaCry WannaBe targeting Android smartphones
https://blog.avast.com/wannacry-wannabe-targeting-android-smartphones
-
Dvmap: the first Android malware with code injection
https://securelist.com/78648/dvmap-the-first-android-malware-with-code-injection/
-
SLocker Mobile Ransomware Starts Mimicking WannaCry
https://blog.trendmicro.com/trendlabs-security-intelligence/slocker-mobile-ransomware-starts-mimicking-wannacry/
-
Android Security Bulletin — July 2017
https://source.android.com/security/bulletin/2017-07-01
-
Google Revealed an Israeli Spyware Company That Has Quietly Sold Its Wares for Years
https://motherboard.vice.com/en_us/article/evdebz/google-revealed-an-israeli-spyware-company-that-has-quietly-sold-its-wares-for-years
-
Amazon halts Blu phone sales over 'potential security issue'
http://www.zdnet.com/article/amazon-halts-blu-phone-sales-over-potential-security-issue/
-
A new era in mobile banking Trojans
Svpeng turns keylogger and steals everything through accessibility services
https://securelist.com/a-new-era-in-mobile-banking-trojans/79198/
-
The $60.00 smartphones mentioned in this security bulletin are back on Amazon if you're looking to buy one. ;D
https://www.kryptowire.com/adups_security_analysis.html
-
Disney is being sued (AGAIN) for collecting data on children.
https://www.bleepingcomputer.com/news/legal/disney-sued-for-tracking-children-without-permission-via-mobile-games/
-
Hotspot shield VPN warnings
https://www.theregister.co.uk/2017/08/07/hotspot_shield_deceives_with_false_privacy_promises_complaint_claims/
-
Android Security Bulletin — August 2017
https://source.android.com/security/bulletin/2017-08-01
-
SonicSpy: Over a thousand spyware apps discovered, some in Google Play
https://blog.lookout.com/sonicspy-spyware-threat-technical-research
-
Is your Android device getting sluggish? Find the culprits in our list of performance-draining apps
https://blog.avast.com/is-your-android-device-getting-sluggish-find-the-culprits-in-our-list-of-performance-draining-apps
https://files.avast.com/files/marketing/pr/avast/reports/2017/2017-q1-avast-android-app-preformance-and-trend-report.pdf
-
Shattered Trust: When Replacement Smartphone Components Attack
https://www.usenix.org/system/files/conference/woot17/woot17-paper-shwartz.pdf
-
Igexin advertising network put user privacy at risk
https://blog.lookout.com/igexin-malicious-sdk
-
Android 8.0 Ore
https://www.androidpit.com/android-oreo-release-features-news
https://www.android.com/versions/oreo-8-0/
http://www.trustedreviews.com/news/android-oreo-features-3266704
-
Time for S9 discussions
https://www.digitaltrends.com/mobile/samsung-galaxy-s9-news/
http://bgr.com/2017/08/30/galaxy-s9-rumors-specs-design-galaxy-note-8/
-
Android Security Bulletin — September 2017
https://source.android.com/security/bulletin/2017-09-01
-
BootStomp: On the Security of Bootloaders in Mobile Devices
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-redini.pdf
-
BankBot Found on Google Play and Targets Ten New UAE Banking Apps
http://blog.trendmicro.com/trendlabs-security-intelligence/bankbot-found-google-play-targets-ten-new-uae-banking-apps/
-
BlueBorne
The dangers of Bluetooth implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth stacks
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
-
Go spy, GO! Popular app with 200M+ users crosses the red line
https://blog.adguard.com/en/go-spy-go-popular-android-keyboard-from-china-crosses-the-red-line/
-
CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tang.pdf
-
ZNIU: First Android Malware to Exploit Dirty COW Vulnerability
http://blog.trendmicro.com/trendlabs-security-intelligence/zniu-first-android-malware-exploit-dirty-cow-vulnerability/
-
Android Security Bulletin — October 2017
https://source.android.com/security/bulletin/2017-10-01
-
Behind the Masq: Yet more DNS, and DHCP, vulnerabilities
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
https://github.com/google/security-research-pocs/tree/master/vulnerabilities/dnsmasq
-
DoubleLocker: Innovative Android Ransomware
https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/
-
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
https://www.krackattacks.com/
https://papers.mathyvanhoef.com/ccs2017.pdf
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4
-
Android malware on Google Play adds devices to botnet
https://www.symantec.com/connect/blogs/android-malware-google-play-adds-devices-botnet-and-performs-ddos-attacks
-
LokiBot - the first hybrid Android malware
https://clientsidedetection.com/lokibot___the_first_hybrid_android_malware.html
-
Coin Miner Mobile Malware Returns, Hits Google Play
http://blog.trendmicro.com/trendlabs-security-intelligence/coin-miner-mobile-malware-returns-hits-google-play/
-
Impostor apps: How to spot a fake app before it's too late
https://blog.avast.com/impostor-apps-how-to-spot-a-fake-app-before-its-too-late
-
Coin Miner Mobile Malware Returns, Hits Google Play
http://blog.trendmicro.com/trendlabs-security-intelligence/coin-miner-mobile-malware-returns-hits-google-play/
Cryptocurrency mining malware sneaks onto Google Play
https://blog.avast.com/cryptocurrency-mining-malware-sneaks-onto-google-play
-
Android Security Bulletin — November 2017
https://source.android.com/security/bulletin/2017-11-01
-
Eavesdropper: The Mobile Vulnerability Exposing Millions of Conversations
https://www.appthority.com/mobile-threat-center/blog/eavesdropper-mobile-vulnerability-exposing-millions-conversations/
https://www.appthority.com/mobile-threat-center/blog/eavesdropper-vulnerability-extends-amazon-cloud-storage-data/
-
Mobile banking Trojan sneaks into Google Play targeting Wells Fargo, Chase and Citibank customers
https://blog.avast.com/mobile-banking-trojan-sneaks-into-google-play-targeting-wells-fargo-chase-and-citibank-customers
-
Android Security Bulletin — December 2017
https://source.android.com/security/bulletin/2017-12-01
-
Jack of all trades
https://securelist.com/jack-of-all-trades/83470/
-
New version of mobile malware Catelites possibly linked to Cron cyber gang
https://blog.avast.com/new-version-of-mobile-malware-catelites-possibly-linked-to-cron-cyber-gang
https://cdn2.hubspot.net/hubfs/486579/Catelites%20Bot%20Targetted%20Banking%20Apps.pdf
-
Mobile Menace Monday: upping the ante on Adups
https://blog.malwarebytes.com/cybercrime/2017/12/mobile-menace-monday-upping-the-ante-on-adups-fwupgradeprovider/
https://forums.malwarebytes.com/topic/216616-disabling-adups-via-debloater-fwupgradeproviderapk/
-
Janus Android App Signature Bypass Allows Attackers to Modify Legitimate Apps
http://blog.trendmicro.com/trendlabs-security-intelligence/janus-android-app-signature-bypass-allows-attackers-modify-legitimate-apps/
-
Android Security Bulletin — January 2018
https://source.android.com/security/bulletin/2018-01-01
-
Malware Displaying Porn Ads Discovered in Game Apps on Google Play
https://research.checkpoint.com/malware-displaying-porn-ads-discovered-in-game-apps-on-google-play/
-
Cryptocurrency wallet scams found on Google Play
https://blog.avast.com/cryptocurrency-wallet-scams-found-on-google-play
-
Downloaders on Google Play spreading malware to steal Facebook login details
https://blog.avast.com/downloaders-on-google-play-spreading-malware-to-steal-facebook-login-details
-
Doctor Web detects infected games on Google Play with more than 4,500,000 downloads
https://news.drweb.com/show/?i=11685&lng=en
-
How we fought bad apps and malicious developers in 2017
https://android-developers.googleblog.com/2018/01/how-we-fought-bad-apps-and-malicious.html
-
Android Security Bulletin — February 2018
https://source.android.com/security/bulletin/2018-02-01
-
Six top US intelligence chiefs caution against buying Huawei phones
https://www.cnbc.com/2018/02/13/chinas-hauwei-top-us-intelligence-chiefs-caution-americans-away.html
-
Android Ransomware From Android Defender to Doublelocker
https://www.welivesecurity.com/wp-content/uploads/2018/02/Android_Ransomware_From_Android_Defender_to_Doublelocker.pdf
-
The State of LTE (February 2018)
http://opensignal.com/reports/2018/02/state-of-lte
-
RedDrop Malware
https://www.wandera.com/blog/reddrop-malware/
-
Banking Trojan Found in Over 40 Models of Low-Cost Android Smartphones
https://www.bleepingcomputer.com/news/security/banking-trojan-found-in-over-40-models-of-low-cost-android-smartphones/ (https://www.bleepingcomputer.com/news/security/banking-trojan-found-in-over-40-models-of-low-cost-android-smartphones/)
-
Avast Android App Report reveals: These apps drain your monthly data and your Android’s storage
https://blog.avast.com/avast-android-app-report-reveals-these-apps-drain-your-monthly-data-and-your-androids-storage
https://press.avast.com/hubfs/media-materials/kits/Android-App-Trends-Report-Q3-2017/Avast-Android-%20App-Performance-&-Trend-Report-Q3-2017.pdf
-
New Monero mining malware discovered in Google Play
https://blog.avast.com/new-monero-mining-malware-discovered-in-google-play
-
How Android Phones Hide Missed Security Updates From You
https://www.wired.com/story/android-phones-hide-missed-security-updates-from-you/
-
Android apps prove a goldmine for dodgy password practices
https://www.theregister.co.uk/2018/04/16/android_apps_prove_a_goldmine_for_dodgy_password_practices/
-
DNS over TLS support in Android P Developer Preview
https://security.googleblog.com/2018/04/dns-over-tls-support-in-android-p.html
-
Twitter has an unlaunched ‘Secret’ encrypted messages feature
https://techcrunch.com/2018/05/07/encrypted-dms/
-
Android devices ship with pre-installed malware
https://blog.avast.com/android-devices-ship-with-pre-installed-malware
-
Project Capillary: End-to-end encryption for push messaging, simplified
https://android-developers.googleblog.com/2018/06/project-capillary-end-to-end-encryption.html
-
Android Malware Worm that mines Cryptocurrency is infecting Amazon Fire TV and Fire TV Stick devices
http://www.aftvnews.com/android-malware-worm-that-mines-cryptocurrency-is-infecting-amazon-fire-tv-and-fire-tv-stick-devices/
-
The SIM Hijackers
https://motherboard.vice.com/en_us/article/vbqax3/hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin
-
Android Security Bulletin — August 2018
https://source.android.com/security/bulletin/2018-08-01
-
Fake app infects your Android with spyware
https://blog.avast.com/fake-apps-android-spyware
-
Epic's first Fortnite Installer allowed hackers to download and install anything on your Android phone silently
https://www.androidcentral.com/epic-games-first-fortnite-installer-allowed-hackers-download-install-silently
-
ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem
https://atcommands.org/
https://atcommands.org/sec18-tian.pdf
-
Increasing mobile threat intelligence with apklab.io
https://blog.avast.com/mobile-threat-intelligence-with-apklab.io
-
Huawei & Honor's Recent Benchmarking Behaviour: A Cheating Headache
https://www.anandtech.com/show/13318/huawei-benchmark-cheating-headache
Huawei tries passing off DSLR shots as Nova 3 camera samples, gets caught in the most amusing way imaginable
https://www.androidpolice.com/2018/08/19/huawei-tries-passing-dslr-shot-off-nova-3-camera-sample-gets-caught-amusing-way-imaginable/
-
Android Security Bulletin — September 2018
https://source.android.com/security/bulletin/2018-09-01
-
How to tell if an Android App is safe to install
https://blog.avast.com/check-android-app-safety
-
New Alpha Release: Tor Browser for Android
https://blog.torproject.org/new-alpha-release-tor-browser-android
-
How to detect and remove a virus from your Android phone
https://blog.avast.com/remove-android-virus
-
Android Security Bulletin — October 2018
https://source.android.com/security/bulletin/2018-10-01
-
Phishing Attacks on Modern Android
http://www.s3.eurecom.fr/~yanick/publications/2018_ccs_phishing.pdf
-
Block puzzles open the door to malware
https://blog.avast.com/block-puzzle-games-malware
-
Google and Android have your back by protecting your backups
https://security.googleblog.com/2018/10/google-and-android-have-your-back-by.html
-
Google and Android have your back by protecting your backups
https://security.googleblog.com/2018/10/google-and-android-have-your-back-by.html
https://www.nccgroup.trust/us/our-research/android-cloud-backuprestore/?research=Public+Reports
https://www.nccgroup.trust/globalassets/our-research/us/public-reports/2018/final_public_report_ncc_group_google_encryptedbackup_2018-10-10_v1.0.pdf
-
Ad network scams
https://blog.avast.com/android-device-firmware-cheats-chinese-ad-networks-avast
-
Android Security Bulletin — November 2018
https://source.android.com/security/bulletin/2018-11-01
-
Cloudflare Brings its 1.1.1.1 DNS Service to Android & iOS Mobile Devices
https://www.bleepingcomputer.com/news/security/cloudflare-brings-its-1111-dns-service-to-android-and-ios-mobile-devices/
-
Researchers Created Fake 'Master' Fingerprints to Unlock Smartphones
https://motherboard.vice.com/en_us/article/bjenyd/researchers-created-fake-master-fingerprints-to-unlock-smartphones
-
The Rotexy mobile Trojan – banker and ransomware
https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/
-
Fake Voice Apps on Google Play, Botnet Likely in Development
https://blog.trendmicro.com/trendlabs-security-intelligence/fake-voice-apps-on-google-play-botnet-likely-in-development/
-
Sophisticated Android clickfraud apps pose as iPhone apps and devices
https://news.sophos.com/en-us/2018/12/06/android-clickfraud-fake-iphone/
-
Android Trojan steals money from PayPal accounts even with 2FA on
https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/
-
Spyware Disguises as Android Applications on Google Play
https://blog.trendmicro.com/trendlabs-security-intelligence/spyware-disguises-as-android-applications-on-google-play/
-
Android Security Bulletin — January 2019
https://source.android.com/security/bulletin/2019-01-01
-
Surprise! Your phone data is for sale
https://blog.avast.com/phone-location-data-to-aggregators
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bounty-hunter-300-dollars-located-phone-microbilt-zumigo-tmobile
-
New Batch of 9 Adware Apps in Google Play Installed Over 8 Million Times
https://www.bleepingcomputer.com/news/security/new-batch-of-9-adware-apps-in-google-play-installed-over-8-million-times/
-
Adware Disguised as Game, TV, Remote Control Apps Infect 9 Million Google Play Users
https://blog.trendmicro.com/trendlabs-security-intelligence/adware-disguised-as-game-tv-remote-control-apps-infect-9-million-google-play-users/
List here
http://www.documentcloud.org/documents/5677408-AdwareFoundonGooglePlay-Appendix.html
-
Google Play Apps Drop Anubis Banking Malware, Use Motion-based Evasion Tactics
https://blog.trendmicro.com/trendlabs-security-intelligence/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics/
-
Free VPN Risk Index: Android Apps
https://www.top10vpn.com/free-vpn-android-app-risk-index/
-
Major vulnerability found in ES File Explorer
https://blog.avast.com/critical-flaw-found-in-es-file-explorer
-
Various Google Play “Beauty Camera” Apps Sends Users Pornographic Content, Redirects Them to Phishing Websites and Collects Their Pictures
https://blog.trendmicro.com/trendlabs-security-intelligence/various-google-play-beauty-camera-apps-sends-users-pornographic-content-redirects-them-to-phishing-websites-and-collects-their-pictures/
-
Android Security Bulletin — February 2019
https://source.android.com/security/bulletin/2019-02-01
-
How we fought bad apps and malicious developers in 2018
https://android-developers.googleblog.com/2019/02/how-we-fought-bad-apps-and-malicious.html
-
Increasing mobile threat intelligence with apklab.io
https://blog.avast.com/mobile-threat-intelligence-with-apklab.io
https://apklab.io/
(https://blog.avast.com/hs-fs/hubfs/apklab-io-2.png?width=400)
-
You may already know but posting it anyway
Google Password Check
https://www.blog.google/technology/safety-security/google-password-checkup-cross-account-protection/
Play protect
https://www.android.com/play-protect/
-
Android Security Bulletin — March 2019
https://source.android.com/security/bulletin/2019-03-01
-
Fake mobile CCleaner app sneaked into the China Baidu app store
https://blog.avast.com/fake-mobile-ccleaner-app-tricking-users
-
Mobile malware evolution 2018
https://securelist.com/mobile-malware-evolution-2018/89689/
-
Adware hiding behind beauty filters on Google Play Store
https://blog.avast.com/apklab.io-flags-3-fake-apps-on-google-play
-
Android Test 2019 – 250 Apps
https://www.av-comparatives.org/tests/android-test-2019-250-apps/
read it, lots of usless programs
also posted here >> https://forum.avast.com/index.php?topic=221963.msg1498051#msg1498051
also see >> 5 Apr 2018 https://www.welivesecurity.com/2018/04/05/google-play-ad-slingers/
-
BEC Goes Mobile as Cybercriminals Turn to SMS
https://www.agari.com/email-security-blog/bec-goes-mobile/
-
Hundreds of millions of UC Browser users for Android are threatened
https://news.drweb.com/show/?i=13176&c=38&lng=en&p=0
-
Gustuff Android Malware Targets 100+ Banking and 32 Cryptocurrency Apps
https://www.bleepingcomputer.com/news/security/gustuff-android-malware-targets-100-banking-and-32-cryptocurrency-apps/
-
Android Security Bulletin — April 2019
https://source.android.com/security/bulletin/2019-04-01
-
Mobile Malware Analysis : Tricks used in Anubis
https://eybisi.run/Mobile-Malware-Analysis-Tricks-used-in-Anubis/
-
Android apps on Google Play Store come with nasty surprise
https://blog.avast.com/adware-plagues-google-play
-
Is the UK putting its 5G tech at risk?
https://blog.avast.com/uk-considers-huawei-for-5g
-
Chrome for Android exploit tricks users with fake address bar, here’s how to avoid it
https://9to5google.com/2019/04/28/chrome-android-exploit-fake-address-bar/
https://jameshfisher.com/2019/04/27/the-inception-bar-a-new-phishing-method/
-
Android Security Bulletin — May 2019
https://source.android.com/security/bulletin/2019-05-01
-
Queue the Hardening Enhancements
https://security.googleblog.com/2019/05/queue-hardening-enhancements.html
-
Top U.S. Tech Companies Begin to Cut Off Vital Huawei Supplies
https://www.bloomberg.com/news/articles/2019-05-19/google-to-end-some-huawei-business-ties-after-trump-crackdown
-
Android Users Being Spammed Using Fake Missed Call Alerts
https://www.bleepingcomputer.com/news/security/android-users-being-spammed-using-fake-missed-call-alerts/
-
DuckDuckGo Android Browser Vulnerable to URL Spoofing Attacks
https://www.bleepingcomputer.com/news/security/duckduckgo-android-browser-vulnerable-to-url-spoofing-attacks/
-
Android Security Bulletin — June 2019
https://source.android.com/security/bulletin/2019-06-01
-
New adware "BeiTaAd" found hidden within popular applications in app store
https://blog.lookout.com/beitaplugin-adware
-
Android users threatened by fraudulent push notifications
https://news.drweb.com/show/?i=13313&lng=en
-
Malware sidesteps Google permissions policy with new 2FA bypass technique
https://www.welivesecurity.com/2019/06/17/malware-google-permissions-2fa-bypass/
-
How I Hacked the Microsoft Outlook Android App and Found CVE-2019-1105
https://www.f5.com/labs/articles/threat-intelligence/how-i-hacked-the-microsoft-outlook-android-app-and-found-cve-2019-1105
-
This is Your President Speaking: Spoofing Alerts in 4G LTE Networks
https://dl.acm.org/ft_gateway.cfm?id=3326082
-
Riltok mobile Trojan: A banker with global reach
https://securelist.com/mobile-banker-riltok/91374/
-
This scary game app is coming for your credentials
https://www.wandera.com/mobile-security/scary-granny-game-stealing-data/
-
New triple-threat mobile version of the malware WannaLocker targets banks in Brazil
https://blog.avast.com/wannalocker-targets-banks-in-brazil
-
Android Security Bulletin — July 2019
https://source.android.com/security/bulletin/2019-07-01.html
-
A great show is now history, as is its insecure mobile app
https://androidappwatch.eset.com/latest-posts/a-great-show-is-now-history-as-is-its-insecure-mobile-app/
-
“Updates for Samsung” — from a blog to an Android advertisement revenue goldmine of 10,000,000+ users
https://medium.com/csis-techblog/updates-for-samsung-from-a-blog-to-an-android-advertisement-revenue-goldmine-of-10-000-000-166585e34ad0
-
Agent Smith: A New Species of Mobile Malware
https://research.checkpoint.com/agent-smith-a-new-species-of-mobile-malware/
-
Avast researchers find apparent Android app scam
https://blog.avast.com/avast-researcher-finds-apparent-android-app-scam
-
Google pulls stalker apps identified by Avast
https://blog.avast.com/avast-identifies-stalker-apps
-
Android ransomware is back
https://www.welivesecurity.com/2019/07/29/android-ransomware-back/
-
Android Security Bulletin — August 2019
https://source.android.com/security/bulletin/2019-08-01.html
-
Fight Android malware by quitting Google Play (https://www.cnet.com/how-to/fight-android-malware-by-quitting-google-play-and-using-f-droid-to-install-android-apps/?ftag=CAD1acfa04&bhid=20265061282590127042076844046992)
I've been using F-Droid apps for almost a year now just to po Google! ;D
-
Doctor Web: Clicker Trojan Installed from Google Play by Some 102,000,000 Android Users
https://news.drweb.com/show/?i=13382&lng=en
-
Android Security: A Peek Behind the Scenes
https://www.bleepingcomputer.com/news/security/android-security-a-peek-behind-the-scenes/
-
Does Avast detect: Re: https://news.drweb.com/show/?i=13382&lng=en&c=5
and https://securityaffairs.co/wordpress/89675/malware/android-apps-clicker-trojan.html
polonus
-
First‑of‑its‑kind spyware sneaks into Google Play
https://www.welivesecurity.com/2019/08/22/first-spyware-android-ahmyth-google-play/
-
An advertising dropper in Google Play
https://securelist.com/dropper-in-google-play/92496/
-
Nokia Leads the Global Rankings in Updating Smartphone Software and Security
https://www.counterpointresearch.com/nokia-leads-global-rankings-updating-smartphone-software-security/
-
Android Security Bulletin — September 2019
https://source.android.com/security/bulletin/2019-09-01.html
-
Critical flaw found in many Android smartphones
https://blog.avast.com/fake-provisioning-alerts-on-androids
https://www.zdnet.com/article/samsung-huawei-lg-and-sony-phones-vulnerable-to-rogue-provisioning-messages/
https://research.checkpoint.com/advanced-sms-phishing-attacks-against-modern-android-based-smartphones/
-
Flashlight apps on Google Play request up to 77 permissions each, Avast finds
https://blog.avast.com/flashlight-apps-on-google-play-request-up-to-77-permissions-avast-finds
https://decoded.avast.io/luiscorrons/flashlight-apps-on-google-play-request-up-to-77-permissions/
-
More Hidden App Malware Found on Google Play with over 2.1 Million Downloads
https://www.symantec.com/blogs/threat-intelligence/hidden-adware-google-play
-
Pulling back the curtain on a banking botnet
https://blog.avast.com/avast-researcher-helps-expose-banking-botnet-geost
http://public.avast.com/research/VB2019-Garcia-etal.pdf
-
The Eye on the Nile
https://research.checkpoint.com/the-eye-on-the-nile/
-
Android Security Bulletin — October 2019
https://source.android.com/security/bulletin/2019-10-01
-
UC Browser app abuses may have exposed 500 million users
https://www.zscaler.com/blogs/research/uc-browser-app-abuses-may-have-exposed-500-million-users
-
Fake Photo Beautification Apps on Google Play can Read SMS Verification Code to Trigger Wireless Application Protocol (WAP)/Carrier Billing
https://blog.trendmicro.com/trendlabs-security-intelligence/fake-photo-beautification-apps-on-google-play-can-read-sms-verification-code-to-trigger-wireless-application-protocol-wap-carrier-billing/
-
Firefox Preview/GeckoView Add-ons Support
https://blog.mozilla.org/addons/2019/10/23/fx-preview-geckoview-add-ons-support/
-
Tracking down the developer of Android adware affecting millions of users
https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/
-
Xhelper: Persistent Android dropper app infects 45K devices in past 6 months
https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware
-
Xhelper: Persistent Android dropper app infects 45K devices in past 6 months
https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware
https://www.zdnet.com/article/new-unremovable-xhelper-malware-has-infected-45000-android-devices/
https://blog.malwarebytes.com/android/2019/08/mobile-menace-monday-android-trojan-raises-xhelper/
-
Android Security Bulletin — November 2019
https://source.android.com/security/bulletin/2019-11-01
-
The App Defense Alliance: Bringing the security industry together to fight bad apps
https://security.googleblog.com/2019/11/the-app-defense-alliance-bringing.html
-
49 Disguised Adware Apps With Optimized Evasion Features Found on Google Play
https://blog.trendmicro.com/trendlabs-security-intelligence/49-disguised-adware-apps-with-optimized-evasion-features-found-on-google-play/
-
Popular Android phones can be tricked into snooping on their owners
https://techcrunch.com/2019/11/08/android-baseband-flaws/
https://assets.documentcloud.org/documents/6543391/ATFuzzer.pdf
-
The Road to Qualcomm TrustZone Apps Fuzzing
https://research.checkpoint.com/the-road-to-qualcomm-trustzone-apps-fuzzing/
-
How Attackers Could Hijack Your Android Camera to Spy on You
https://www.checkmarx.com/blog/how-attackers-could-hijack-your-android-camera
-
Ginp - A malware patchwork borrowing from Anubis
https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html
-
The StrandHogg vulnerability
https://promon.co/security-news/strandhogg/
-
Android Security Bulletin — December 2019
https://source.android.com/security/bulletin/2019-12-01
-
It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool.
https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html
-
U.S. Navy bans TikTok from government-issued mobile devices
https://www.reuters.com/article/us-usa-tiktok-navy/u-s-navy-bans-tiktok-from-government-issued-mobile-devices-idUSKBN1YO2HU
-
One Nation, Tracked
https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html
-
Android Security Bulletin — January 2020
https://source.android.com/security/bulletin/2020-01-01
-
United States government-funded phones come pre-installed with unremovable malware
https://blog.malwarebytes.com/android/2020/01/united-states-government-funded-phones-come-pre-installed-with-unremovable-malware/
-
Fleeceware apps persist on the Play Store
https://news.sophos.com/en-us/2020/01/14/fleeceware-apps-persist-on-the-play-store/
-
Ring Doorbell App Packed with Third-Party Trackers
https://www.eff.org/deeplinks/2020/01/ring-doorbell-app-packed-third-party-trackers
-
Android Security Bulletin — February 2020
https://source.android.com/security/bulletin/2020-02-01
-
Critical Bluetooth Vulnerability in Android (CVE-2020-0022) – BlueFrag
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
-
Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications
https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/
-
From my current presentation (https://forum.avast.com/index.php?topic=78426.0),
(https://screencast-o-matic.com/screenshots/u/Lh/1581271476171-5645.png)
-
'Sloppy' Mobile Voting App Used in Four States Has 'Elementary' Security Flaws
https://www.vice.com/en_us/article/akw7mp/sloppy-mobile-voting-app-used-in-four-states-has-elementary-security-flaws
http://news.mit.edu/2020/voting-voatz-app-hack-issues-0213
https://internetpolicy.mit.edu/wp-content/uploads/2020/02/SecurityAnalysisOfVoatz_Public.pdf
-
Mitigations are attack surface, too
https://googleprojectzero.blogspot.com/2020/02/mitigations-are-attack-surface-too.html
-
Lookout Phishing AI provides an inside look into a phishing campaign targeting mobile banking users
https://blog.lookout.com/lookout-phishing-ai-reveals-mobile-banking-phishing-campaign
-
Hamas Android Malware On IDF Soldiers - This is How it Happened
https://research.checkpoint.com/2020/hamas-android-malware-on-idf-soldiers-this-is-how-it-happened/
-
Disruptive ads enforcement and our new approach
https://security.googleblog.com/2020/02/disruptive-ads-enforcement-and-our-new.html
-
IMP4GT: IMPersonation Attacks in 4G NeTworks
https://imp4gt-attacks.net/
https://imp4gt-attacks.net/media/imp4gt_camera_ready.pdf
-
US Drugstore Giant Walgreens Leaked Users' Sensitive Info
https://www.bleepingcomputer.com/news/security/us-drugstore-giant-walgreens-leaked-users-sensitive-info/
-
2020 - Year of the RAT
https://www.threatfabric.com/blogs/2020_year_of_the_rat.html
-
Android Security Bulletin — March 2020
https://source.android.com/security/bulletin/2020-03-01
-
Iranian Coronavirus app collecting sensitive information
https://blog.avast.com/iranian-coronavirus-app-collecting-sensitive-information-avast
-
Google Play Protect Miserably Fails Android Protection Tests
https://www.bleepingcomputer.com/news/security/google-play-protect-miserably-fails-android-protection-tests/
-
The SIM highjackers: how criminals are stealing millions by highjacking phone numbers
https://www.europol.europa.eu/newsroom/news/sim-highjackers-how-criminals-are-stealing-millions-highjacking-phone-numbers
-
People infected with coronavirus are all around you, says Ginp Trojan
https://www.kaspersky.com/blog/ginp-trojan-coronavirus-finder/34338/
-
Google Play Store Played Again – Tekya Clicker Hides in 24 Children’s Games and 32 Utility Apps
https://research.checkpoint.com/2020/google-play-store-played-again-tekya-clicker-hides-in-24-childrens-games-and-32-utility-apps/
-
Android.Circle.1 adware trojan found on Google Play is capable of executing BeanShell scripts
https://news.drweb.com/show/?i=13740&lng=en
-
Automatic Uncovering of Hidden Behaviors FromInput Validation in Mobile Apps
https://panda.moyix.net/~moyix/papers/inputscope_oakland20.pdf
-
Android Security Bulletin — April 2020
https://source.android.com/security/bulletin/2020-04-01
-
Fingerprint cloning: Myth or reality?
https://blog.talosintelligence.com/2020/04/fingerprint-research.html
-
What you need to know about government contact tracing apps
Several countries are planning or have rolled out smartphone-based contact tracing apps. What does this mean for our privacy?
https://blog.avast.com/what-to-know-about-government-contact-tracing-apps
-
Hiding in plain sight: PhantomLance walks into a market
https://securelist.com/apt-phantomlance/96772/
-
Lucy’s Back: Ransomware Goes Mobile
https://research.checkpoint.com/2020/lucys-back-ransomware-goes-mobile/
-
Android Security Bulletin — May 2020
https://source.android.com/security/bulletin/2020-05-01
-
EventBot: A New Mobile Banking Trojan is Born
https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born
-
EventBot: A New Mobile Banking Trojan is Born
https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born (https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born)
https://youtu.be/z9Nx9_v8wyU
-
First seen in the wild – Malware uses Corporate MDM as attack vector
https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/
-
Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
https://www.forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use/
-
Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
https://www.forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use/ (https://www.forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use/)
Why is this posted twice?
https://forum.avast.com/index.php?topic=66267.msg1546217#msg1546217
-
StrandHogg 2.0 - The ‘evil twin’
https://promon.co/strandhogg-2-0/
-
Should you trust the Apple/Google contact-tracing app?
https://blog.avast.com/should-you-trust-contact-tracing-apps
-
Fraudsters spread a mobile trojan disguised as a Valorant game
https://news.drweb.com/show/?i=13838&lng=en&c=5
-
Android Security Bulletin — June 2020
https://source.android.com/security/bulletin/2020-06-01
-
Wallpaper crash explained: Here’s how a simple image can soft-brick phones
https://www.androidauthority.com/android-wallpaper-crash-1124577/
https://www.androidauthority.com/fix-wallpaper-brick-bug-1125528/
-
Wallpaper crash explained: Here’s how a simple image can soft-brick phones
https://www.androidauthority.com/android-wallpaper-crash-1124577/ (https://www.androidauthority.com/android-wallpaper-crash-1124577/)
https://www.androidauthority.com/fix-wallpaper-brick-bug-1125528/ (https://www.androidauthority.com/fix-wallpaper-brick-bug-1125528/)
I'm happy to report that all that gray hasn't overloaded my processor, (brain) :)
-
How smartphones have become one of the largest attack surfaces
https://blog.avast.com/smartphones-and-increasing-mobile-threats-avast
-
HiddenAds campaign on Play Store with 15M+ downloads discovered by Avast
https://blog.avast.com/avast-discovers-47-android-adware-apps-avast
https://decoded.avast.io/jakubvavra/hiddenads-up-to-no-good-again-and-spreading-via-android-gaming-apps/
-
Banking Trojan Cerberus Made it onto the Google Play Store
https://blog.avast.com/avast-finds-banking-trojan-cerberus-on-google-play-avast
-
Banking Trojan Cerberus Made it onto the Google Play Store
https://blog.avast.com/avast-finds-banking-trojan-cerberus-on-google-play-avast (https://blog.avast.com/avast-finds-banking-trojan-cerberus-on-google-play-avast)
It targets users in Spain and was downloaded more than 10,000 times
-
Banking Trojan Cerberus Made it onto the Google Play Store
https://blog.avast.com/avast-finds-banking-trojan-cerberus-on-google-play-avast (https://blog.avast.com/avast-finds-banking-trojan-cerberus-on-google-play-avast)
It targets users in Spain and was downloaded more than 10,000 times
Thanks Bob. (Note, I reposted it in readable size...)
-
Banking Trojan Cerberus Made it onto the Google Play Store
https://blog.avast.com/avast-finds-banking-trojan-cerberus-on-google-play-avast (https://blog.avast.com/avast-finds-banking-trojan-cerberus-on-google-play-avast)
It targets users in Spain and was downloaded more than 10,000 times
Thanks Bob. (Note, I reposted it in readable size...)
Sorry, what does that mean? "readable size....?
-
Sorry, what does that mean? "readable size....?
It means larger than "size=2". ;)
-
Android Security Bulletin — July 2020
https://source.android.com/security/bulletin/2020-07-01
-
Sorry, what does that mean? "readable size....?
It means larger than "size=2". ;)
Size of the font I used was 10? I'm also using Chrome, Not Firefox. :)
-
Mobile APT Surveillance Campaigns Targeting Uyghurs
https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf
-
New Joker variant hits Google Play with an old trick
https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/
-
Welcome Chat as a secure messaging app? Nothing could be further from the truth
https://www.welivesecurity.com/2020/07/14/welcome-chat-secure-messaging-app-nothing-further-truth/
-
Weekly Security News Roundup w/e 7-17-2020
https://youtu.be/ZaTHC_HXsH4
-
BlackRock - the Trojan that wanted to get them all
https://www.threatfabric.com/blogs/blackrock_the_trojan_that_wanted_to_get_them_all.html
-
Android Security Bulletin — August 2020
https://source.android.com/security/bulletin/2020-08-01?hl=en
-
Achilles: Small chip, big peril.
https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/
-
Call Me Maybe: Eavesdropping Encrypted LTE Calls With ReVoLTE
https://revolte-attack.net/
https://revolte-attack.net/media/revolte_camera_ready.pdf
https://blog.cryptographyengineering.com/2020/08/12/attack-of-the-week-voice-calls-in-lte/
-
Firebase Cloud Messaging Service Takeover: A small research that led to 30k$+ in bounties
https://abss.me/posts/fcm-takeover/
-
Android Security Bulletin — September 2020
https://source.android.com/security/bulletin/2020-09-01?hl=en
-
TERRACOTTA Android Malware: A Technical Study
https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study
-
Mobile (Private) Contact Discovery
https://contact-discovery.github.io/
https://www.heise.de/downloads/18/2/9/7/0/4/5/9/preprint.pdf
-
iOS and Android scam apps spreading via TikTok
https://blog.avast.com/scam-apps-spreading-via-tiktok-avast
-
#Instagram_RCE: Code Execution Vulnerability in Instagram App for Android and iOS
https://research.checkpoint.com/2020/instagram_rce-code-execution-vulnerability-in-instagram-app-for-android-and-ios/
-
APT‑C‑23 group evolves its Android spyware
https://www.welivesecurity.com/2020/09/30/aptc23-group-evolves-its-android-spyware/
-
Android Security Bulletin — October 2020
https://source.android.com/security/bulletin/2020-10-01?hl=en
-
Somewhere over the RAINBOW(MIX)
https://www.whiteops.com/blog/somewhere-over-the-rainbowmix
-
Multiple Address Bar Spoofing Vulnerabilities In Mobile Browsers
https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.html
-
Another 21 malware apps found on Google Play
https://blog.avast.com/new-malware-apps-on-google-play-avast
-
Android Security Bulletin — November 2020
https://source.android.com/security/bulletin/2020-11-01?hl=en
-
Fraudulent Minecraft apps deceive millions of Google Play users
https://blog.avast.com/fraudulent-minecraft-apps-on-google-play-avast
https://press.avast.com/fraudulent-minecraft-related-apps-deceive-millions-of-google-play-users-avast-warns
-
GO SMS Pro Vulnerable to Media File Theft
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/go-sms-pro-vulnerable-to-media-file-theft/
-
Malware in Minecraft mods
https://www.kaspersky.com/blog/minecraft-mod-adware-google-play/37717/
-
Enter WAPDropper – An Android Malware Subscribing Victims To Premium Services By Telecom Companies
https://research.checkpoint.com/2020/enter-wapdropper-subscribe-users-to-premium-services-by-telecom-companies/
-
Vulnerability in Google Play Core Library Remains Unpatched in Google Play Applications
https://research.checkpoint.com/2020/vulnerability-in-google-play-core-library-remains-unpatched-in-google-play-applications/
-
Android Security Bulletin—December 2020
https://source.android.com/security/bulletin/2020-12-01?hl=en
-
Is your favorite mobile app being used to spread propaganda?
https://blog.avast.com/mobile-disinformation-campaigns-avast
-
IBM Trusteer Exposes Massive Fraud Operation Facilitated by Evil Mobile Emulator Farms
https://securityintelligence.com/posts/massive-fraud-operation-evil-mobile-emulator-farms/
-
Beware: PayPal phishing texts state your account is 'limited'
https://www.bleepingcomputer.com/news/security/beware-paypal-phishing-texts-state-your-account-is-limited/
-
Android Security Bulletin — January 2021
https://source.android.com/security/bulletin/2021-01-01?hl=en
-
Android Security Bulletin — February 2021
https://source.android.com/security/bulletin/2021-02-01?hl=en
-
Barcode Scanner app on Google Play infects 10 million users with one update
https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/
-
Lookout Discovers Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict
https://blog.lookout.com/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict
-
SHAREit Flaw Could Lead to Remote Code Execution
https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html
-
SHAREit Flaw Could Lead to Remote Code Execution
https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html (https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html)
Weekly Security News Roundup
https://youtu.be/hfa0in4hgj8
-
1Password has none, KeePass has none... So why are there seven embedded trackers in the LastPass Android app?
https://www.theregister.com/2021/02/25/lastpass_android_trackers_found/
-
One of the biggest Android VPNs hacked? Data of 21 million users from 3 Android VPNs put for sale online
https://cybernews.com/security/one-of-the-biggest-android-vpns-hacked-data-of-21-million-users-from-3-android-vpns-put-for-sale-online/
-
Android Security Bulletin — March 2021
https://source.android.com/security/bulletin/2021-03-01?hl=en
-
New Advanced Android Malware Posing as “System Update”
https://blog.zimperium.com/new-advanced-android-malware-posing-as-system-update/
-
New Advanced Android Malware Posing as “System Update”
https://blog.zimperium.com/new-advanced-android-malware-posing-as-system-update/ (https://blog.zimperium.com/new-advanced-android-malware-posing-as-system-update/)
This is an app that has never been on Google Play.
Only install Apps from reputable places like Google Play.
-
Microsoft kills off the Cortana app for Android and iOS
https://www.bleepingcomputer.com/news/microsoft/microsoft-kills-off-the-cortana-app-for-android-and-ios/
-
Microsoft kills off the Cortana app for Android and iOS
https://www.bleepingcomputer.com/news/microsoft/microsoft-kills-off-the-cortana-app-for-android-and-ios/ (https://www.bleepingcomputer.com/news/microsoft/microsoft-kills-off-the-cortana-app-for-android-and-ios/)
Windows will be next. :)
-
Android sends 20x more data to Google than iOS sends to Apple, study says
https://arstechnica.com/gadgets/2021/03/android-sends-20x-more-data-to-google-than-ios-sends-to-apple-study-says/
https://www.scss.tcd.ie/doug.leith/apple_google.pdf
-
German Gigaset Android Update Server probably delivers malware
https://borncity.com/win/2021/04/03/gigaset-gehackt-android-update-server-liefern-wohl-malware-aus/
https://borncity.com/win/2021/04/07/update-zum-malware-befall-bei-gigaset-android-gerten-6-4-2021/
-
Rust in the Android platform
https://security.googleblog.com/2021/04/rust-in-android-platform.html
-
German Gigaset Android Update Server probably delivers malware
https://borncity.com/win/2021/04/03/gigaset-gehackt-android-update-server-liefern-wohl-malware-aus/
https://borncity.com/win/2021/04/07/update-zum-malware-befall-bei-gigaset-android-gerten-6-4-2021/
Pre-installed auto installer threat found on Android mobile devices in Germany
https://blog.malwarebytes.com/android/2021/04/pre-installed-auto-installer-threat-found-on-android-mobile-devices-in-germany/
-
Malicious code in APKPure app
https://securelist.com/apkpure-android-app-store-infected/101845/
-
Malware found on the AppGallery app store for the first time
https://news.drweb.com/show/?i=14182&lng=en
-
Android Security Bulletin — April 2021
https://source.android.com/security/bulletin/2021-04-01?hl=en
-
Updated guidance to improve your app quality and discovery on Google Play
https://android-developers.googleblog.com/2021/04/updated-guidance-to-improve-your-app.html
-
Why Google Should Stop Logging Contact-Tracing Data
https://blog.appcensus.io/2021/04/27/why-google-should-stop-logging-contact-tracing-data/
-
Android Security Bulletin — May 2021
https://source.android.com/security/bulletin/2021-05-01?hl=en
-
Surveillance Self-Defense:
Re: https://ssd.eff.org/en/playlist/privacy-breakdown-mobile-phones
I for instance for quite some time now am using Blokada5 app on Google Android,
(app is available via the Aptoide webshop) to keep all sorts of unwanted ads and tracking at bay.
You can install various blocklists with Blokada5.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
Android Stalkerware Test 2021
https://www.av-comparatives.org/android-stalkerware-test-2021
https://www.av-comparatives.org/wp-content/uploads/2021/05/avc_stalkerware_2021.pdf
-
Security probe of Qualcomm MSM data services
https://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/
-
Misconfiguration of third party cloud services exposed data of over 100 million users
https://blog.checkpoint.com/2021/05/20/misconfiguration-of-third-party-cloud-services-exposed-data-of-over-100-million-users/
-
Android Security Bulletin — June 2021
https://source.android.com/security/bulletin/2021-06-01?hl=en
-
Play Dev ID requirements + 2-Step Verification
https://android-developers.googleblog.com/2021/06/play-dev-id-requirements-2-step.html
-
Adware is Android’s greatest threat in 2021
https://blog.avast.com/adware-is-the-greatest-android-threat-of-2021-avast
-
Android trojans steal Facebook users’ logins and passwords
https://news.drweb.com/show/?i=14244&lng=en
-
Android trojans steal Facebook users’ logins and passwords
https://news.drweb.com/show/?i=14244&lng=en (https://news.drweb.com/show/?i=14244&lng=en)
Our question here should be does Avast also detect and prevent these malicious apps?
-
Android Security Bulletin — July 2021
https://source.android.com/security/bulletin/2021-07-01?hl=en
-
Lookout Unearths Android Crypto Mining Scams
https://blog.lookout.com/lookout-unearths-android-crypto-mining-scams
-
Is storing a digital driver’s license on your phone a good idea?
https://blog.avast.com/digital-wallets-and-drivers-licenses-avast
-
Google Play Protect fails Android security tests once more
https://www.bleepingcomputer.com/news/security/google-play-protect-fails-android-security-tests-once-more/
-
Google to block logins on old Android devices starting September
https://www.bleepingcomputer.com/news/google/google-to-block-logins-on-old-android-devices-starting-september/
-
Android Security Bulletin — August 2021
https://source.android.com/security/bulletin/2021-08-01?hl=en
-
FlyTrap Android Malware Compromises Thousands of Facebook Accounts
https://blog.zimperium.com/flytrap-android-malware-compromises-thousands-of-facebook-accounts/
-
Triada Trojan in WhatsApp mod
https://securelist.com/triada-trojan-in-whatsapp-mod/103679/
-
Android Security Bulletin — September 2021
https://source.android.com/security/bulletin/2021-09-01
-
New malware seizes on COVID-19 to target Android users
https://www.msn.com/en-us/news/technology/new-malware-seizes-on-covid-19-to-target-android-users/ar-AAOJqDc?li=BBnb7Kz
Cloudmark says the "clever and complicated" malware sends Android users a text message claiming to have the latest COVID-19 guidance in their area or informs them that their third COVID-19 vaccine appointment has been scheduled. more...
-
GriftHorse Android Trojan Steals Millions from Over 10 Million Victims Globally
https://blog.zimperium.com/grifthorse-android-trojan-steals-millions-from-over-10-million-victims-globally/
-
Android Security Bulletin — October 2021
https://source.android.com/security/bulletin/2021-10-01?hl=en
-
Flubot Android malware now spreads via fake security updates
https://www.bleepingcomputer.com/news/security/flubot-android-malware-now-spreads-via-fake-security-updates/
-
A New variant of Hydra Banking Trojan Targeting European Banking Users
https://blog.cyble.com/2021/09/30/a-new-variant-of-hydra-banking-trojan-targeting-european-banking-users/
-
Study reveals Android phones constantly snoop on their users
https://www.bleepingcomputer.com/news/security/study-reveals-android-phones-constantly-snoop-on-their-users/
https://www.scss.tcd.ie/Doug.Leith/Android_privacy_report.pdf
-
Photo editor Android app
STILL sitting on Google Play store is malware
https://www.bleepingcomputer.com/news/security/photo-editor-android-app-still-sitting-on-google-play-store-is-malware/
-
Google launches Android Enterprise bug bounty program
https://www.bleepingcomputer.com/news/security/google-launches-android-enterprise-bug-bounty-program/
-
Google launches Android Enterprise bug bounty program
https://www.bleepingcomputer.com/news/security/google-launches-android-enterprise-bug-bounty-program/ (https://www.bleepingcomputer.com/news/security/google-launches-android-enterprise-bug-bounty-program/)
It's about time. :)
-
UltimaSMS: A widespread premium SMS scam on the Google Play Store
https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast
https://raw.githubusercontent.com/avast/ioc/master/UltimaSMS/UltimaSMS_IOC_19-10-2021.pdf
-
Android Security Bulletin — November 2021
https://source.android.com/security/bulletin/2021-11-01?hl=en
-
Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign
https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign
-
Careful: 'Smart TV remote' Android app on Google Play is malware
https://www.bleepingcomputer.com/news/security/careful-smart-tv-remote-android-app-on-google-play-is-malware/
-
New Android malware targets Netflix, Instagram, and Twitter users
https://www.bleepingcomputer.com/news/security/new-android-malware-targets-netflix-instagram-and-twitter-users/
-
Gravity RAT Malware Returns as A Chat Application
https://blog.cyble.com/2021/11/11/gravity-rat-malware-returns-as-a-chat-application/
-
PhoneSpy: The App-Based Cyberattack Snooping South Korean Citizens
https://blog.zimperium.com/phonespy-the-app-based-cyberattack-snooping-south-korean-citizens/
-
BrazKing Android Malware Upgraded and Targeting Brazilian Banks
https://securityintelligence.com/posts/brazking-android-malware-upgraded-targeting-brazilian-banks/
-
Why is my Android phone heating up?
https://blog.avast.com/why-does-my-phone-get-hot
-
Why is my Android phone heating up?
https://blog.avast.com/why-does-my-phone-get-hot (https://blog.avast.com/why-does-my-phone-get-hot)
https://youtu.be/UxSshZ9fnL8
-
New trojan detected on AppGallery app catalog
https://news.drweb.com/show/?i=14360&lng=en
-
Looking for vulnerabilities in MediaTek audio DSP
https://research.checkpoint.com/2021/looking-for-vulnerabilities-in-mediatek-audio-dsp/
-
Finland warns of Flubot malware heavily targeting Android users
https://www.bleepingcomputer.com/news/security/finland-warns-of-flubot-malware-heavily-targeting-android-users/
-
Doctor Web discovered vulnerabilities in children’s smart watches
https://news.drweb.com/show/?i=14350&lng=en
-
Deceive the Heavens to Cross the sea
https://threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html
-
Banking Trojan Targets Banking Users in Malaysia
https://blog.cyble.com/2021/12/01/banking-trojan-targets-banking-users-in-malaysia/
-
Celebrating 10 years of Avast Mobile Security
https://blog.avast.com/10th-anniversary-avast-mobile-security-avast
-
Top 2021 threats include ransomware, pandemic-related scams, and fleeceware
https://blog.avast.com/2021-year-in-review-avast
-
Android Security Bulletin — December 2021
https://source.android.com/security/bulletin/2021-12-01?hl=en
-
Mobile banking fraud: BRATA strikes again
https://www.cleafy.com/cleafy-labs/mobile-banking-fraud-brata-strikes-again
-
Bugs in billions of WiFi, Bluetooth chips allow password, data theft
https://www.bleepingcomputer.com/news/security/bugs-in-billions-of-wifi-bluetooth-chips-allow-password-data-theft/
https://arxiv.org/pdf/2112.05719.pdf
-
Anubis Android malware returns to target 394 financial apps
https://www.bleepingcomputer.com/news/security/anubis-android-malware-returns-to-target-394-financial-apps/
-
Pegasus vs. Predator Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware
https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/
-
Samsung's Galaxy Store is distributing apps that could infect phones with malware
https://www.androidpolice.com/samsung-galaxy-store-malware-movie-piracy-showbox/
-
Malicious App Targets Major Brazilian Bank Itaú Unibanco
https://blog.cyble.com/2021/12/23/malicious-app-targets-major-brazilian-bank-itau-unibanco/
-
Android Security Bulletin — January 2022
https://source.android.com/security/bulletin/2022-01-01?hl=en
-
FluBot’s Authors Employ Creative and Sophisticated Techniques to Achieve Their Goals in Version 5.0 and Beyond
https://www.f5.com/labs/articles/threat-intelligence/flubots-authors-employ-creative-and-sophisticated-techniques-to-achieve-their-goals-in-version-50-and-beyond
-
New FluBot and TeaBot campaigns target Android devices worldwide
https://www.bleepingcomputer.com/news/security/new-flubot-and-teabot-campaigns-target-android-devices-worldwide/
-
How BRATA is monitoring your bank account
https://www.cleafy.com/cleafy-labs/how-brata-is-monitoring-your-bank-account
-
Financially Motivated Mobile Scamware Exceeds 100M Installations
https://blog.zimperium.com/dark-herring-android-scamware-exceeds-100m-installations/
-
Android Security Bulletin — February 2022
https://source.android.com/security/bulletin/2022-02-01?hl=en
-
Roaming Mantis reaches Europe
https://securelist.com/roaming-mantis-reaches-europe/105596/
-
Partners-in-crime: Medusa and Cabassous attack banks side-by-side
https://www.threatfabric.com/blogs/partners-in-crime-medusa-cabassous.html
-
Xenomorph: A newly hatched Banking Trojan
https://www.threatfabric.com/blogs/xenomorph-a-newly-hatched-banking-trojan.html
-
TeaBot is now spreading across the globe
https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe
-
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
-
Android Security Bulletin — March 2022
https://source.android.com/security/bulletin/2022-03-01?hl=en
-
2021 mobile security: Android more vulnerabilities, iOS more zero-days
https://www.bleepingcomputer.com/news/security/2021-mobile-security-android-more-vulnerabilities-ios-more-zero-days/
-
AbereBot Returns as Escobar
https://blog.cyble.com/2022/03/10/aberebot-returns-as-escobar/
-
Android trojan persists on the Google Play Store since January
https://www.bleepingcomputer.com/news/security/android-trojan-persists-on-the-google-play-store-since-january/
-
Spyware dubbed Facestealer infects 100,000+ Google Play users
https://blog.pradeo.com/spyware-facestealer-google-play
-
The Google Play Store isn't always safe — here's what you need to know
https://blog.avast.com/google-play-store-safety
-
The Google Play Store isn't always safe — here's what you need to know
https://blog.avast.com/google-play-store-safety (https://blog.avast.com/google-play-store-safety)
https://youtu.be/koCa6MQZoRo
-
Russian-linked Android malware records audio, tracks your location
https://www.bleepingcomputer.com/news/security/russian-linked-android-malware-records-audio-tracks-your-location/
-
Android Security Bulletin — April 2022
https://source.android.com/security/bulletin/2022-04-01?hl=en
-
Google boosts Android security with new set of dev policy changes
https://www.bleepingcomputer.com/news/security/google-boosts-android-security-with-new-set-of-dev-policy-changes/
https://android-developers.googleblog.com/2022/04/expanding-plays-target-level-api-requirements-to-strengthen-user-security.html
-
Android apps with 45 million installs used data harvesting SDK
https://www.bleepingcomputer.com/news/security/android-apps-with-45-million-installs-used-data-harvesting-sdk/
http://blog.appcensus.io/2022/04/06/the-curious-case-of-coulus-coelib/
-
Yandex is causing data privacy concerns for mobile users
https://blog.avast.com/yandex-and-data-privacy
-
Yandex is causing data privacy concerns for mobile users
https://blog.avast.com/yandex-and-data-privacy (https://blog.avast.com/yandex-and-data-privacy)
https://youtu.be/PsKogYyuFQ0
-
Look out for Octo's tentacles! A new on-device fraud Android Banking Trojan with a rich legacy
https://threatfabric.com/blogs/octo-new-odf-banking-trojan.html
-
Fakecalls: a talking Trojan
https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/
-
Android banking stealer dubbed “Sharkbot” found disguised as legitimate anti-virus apps on the Google Play store
https://blog.checkpoint.com/2022/04/07/android-banking-stealer-dubbed-sharkbot-found-disguised-as-legitimate-anti-virus-apps-on-the-google-play-store/
-
Your iOS app may still be covertly tracking you, despite what Apple says
https://arstechnica.com/information-technology/2022/04/a-year-after-apple-enforces-app-tracking-policy-covert-ios-tracking-remains/
https://arxiv.org/pdf/2204.03556.pdf
-
Critical Chipset Bugs Open Millions of Android Devices to Remote Spying
https://thehackernews.com/2022/04/critical-chipset-bug-opens-millions-of.html
https://blog.checkpoint.com/2022/04/21/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/
-
Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code
https://krebsonsecurity.com/2022/04/leaked-chats-show-lapsus-stole-t-mobile-source-code/
-
Google Play Store now forces apps to disclose what data is collected
https://www.bleepingcomputer.com/news/security/google-play-store-now-forces-apps-to-disclose-what-data-is-collected/
-
Google Play Store now forces apps to disclose what data is collected
https://www.bleepingcomputer.com/news/security/google-play-store-now-forces-apps-to-disclose-what-data-is-collected/ (https://www.bleepingcomputer.com/news/security/google-play-store-now-forces-apps-to-disclose-what-data-is-collected/)
The idea is a good one. Enforcement as usual is not so great.
July 20, 2022: New app submissions and app updates will be rejected in Play Console if there are unresolved issues with the form.
Old apps if they don't have that information ready can simple display
“No info available” in the Data safety section of the app.
I checked quite a few apps and found that "No info available" message.
-
How we fought bad apps and developers in 2021
https://security.googleblog.com/2022/04/how-we-fought-bad-apps-and-developers.html
-
How we fought bad apps and developers in 2021
https://security.googleblog.com/2022/04/how-we-fought-bad-apps-and-developers.html
I haven't read this (yet), but I have seen other reports that aren't so good for google.
Strange how there are still many bad apps being detected in 2022 ?
Still work to be done when apps are being submitted so they don't get on there in the first place.
EDIT: Just read it and it sounds more like a Google Pixel promotion.
-
How we fought bad apps and developers in 2021
https://security.googleblog.com/2022/04/how-we-fought-bad-apps-and-developers.html (https://security.googleblog.com/2022/04/how-we-fought-bad-apps-and-developers.html)
I haven't read this (yet), but I have seen other reports that aren't so good for google.
Strange how there are still many bad apps being detected in 2022 ?
Still work to be done when apps are being submitted so they don't get on there in the first place.
EDIT: Just read it and it sounds more like a Google Pixel promotion.
Since Pixel is the Google Phone, I had expected special consideration.
I own both a Pixel 5 and 6. :)
-
Google Play Store now forces apps to disclose what data is collected
https://www.bleepingcomputer.com/news/security/google-play-store-now-forces-apps-to-disclose-what-data-is-collected/ (https://www.bleepingcomputer.com/news/security/google-play-store-now-forces-apps-to-disclose-what-data-is-collected/)
The idea is a good one. Enforcement as usual is not so great.
July 20, 2022: New app submissions and app updates will be rejected in Play Console if there are unresolved issues with the form.
Old apps if they don't have that information ready can simple display
“No info available” in the Data safety section of the app.
I checked quite a few apps and found that "No info available" message.
https://blog.avast.com/privacy-google-play-store
-
Android Security Bulletin — May 2022
https://source.android.com/security/bulletin/2022-05-01?hl=en
-
Google Play now blocks paid app downloads, updates in Russia
https://www.bleepingcomputer.com/news/google/google-play-now-blocks-paid-app-downloads-updates-in-russia/
-
App permissions and how to protect yourself
https://blog.avast.com/en/secure-browser/app-permissions-and-how-to-protect-yourself
-
How your location is being tracked — and what to do about it
https://blog.avast.com/en/secure-browser/how-your-location-is-being-tracked-and-what-to-do-about-it
-
FluBot Android malware targets Finland in new SMS campaigns
https://www.bleepingcomputer.com/news/security/flubot-android-malware-targets-finland-in-new-sms-campaigns/
-
Mobile subscription Trojans and their little tricks
https://securelist.com/mobile-subscription-trojans-and-their-tricks/106412/
-
Nearly one-third of App Store and Play Store apps may get removed
https://www.neowin.net/news/nearly-one-third-of-apple-and-google-apps-may-get-removed/
-
Nearly one-third of App Store and Play Store apps may get removed
https://www.neowin.net/news/nearly-one-third-of-apple-and-google-apps-may-get-removed/
I actually think this isn't a bad thing, apps that haven't been updated in years, could well be vulnerable, not fully compatible with latest Android/iOS versions.
So I don't feel it is just a privacy/compliance issue.
-
Just because your iPhone is powered off doesn’t mean it can’t be attacked
https://blog.avast.com/iphone-low-power-mode-hack
https://arxiv.org/pdf/2205.06114.pdf
-
Just because your iPhone is powered off doesn’t mean it can’t be attacked
https://blog.avast.com/iphone-low-power-mode-hack
<snip>
Both interesting and disappointing, as in, are other phones, such as Android vulnerable as they too have the find my phone function/app. Many people never actually switch off their phone or have it set to Low Power Mode. I think I feel another article coming :)
-
Canada bans Huawei and ZTE from 5G networks over security concerns
https://www.bleepingcomputer.com/news/security/canada-bans-huawei-and-zte-from-5g-networks-over-security-concerns/
-
Protecting Android users from 0-Day attacks
https://blog.google/threat-analysis-group/protecting-android-users-from-0-day-attacks/
-
Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys
https://www.trendmicro.com/en_us/research/22/e/fake-mobile-apps-steal-facebook-credentials--crypto-related-keys.html
-
Android apps with millions of downloads exposed to high-severity vulnerabilities
https://www.microsoft.com/security/blog/2022/05/27/android-apps-with-millions-of-downloads-exposed-to-high-severity-vulnerabilities/
-
Android apps with millions of downloads exposed to high-severity vulnerabilities
https://www.microsoft.com/security/blog/2022/05/27/android-apps-with-millions-of-downloads-exposed-to-high-severity-vulnerabilities/ (https://www.microsoft.com/security/blog/2022/05/27/android-apps-with-millions-of-downloads-exposed-to-high-severity-vulnerabilities/)
It would be reassuring to know that those of us using Avast
to protect our mobile devices are covered. :)
-
ERMAC Back In Action - Latest Version of Android Banking Trojan Targets over 400 Applications
https://blog.cyble.com/2022/05/25/ermac-back-in-action/
-
Vodafone plans carrier-level user tracking for targeted ads
https://www.bleepingcomputer.com/news/security/vodafone-plans-carrier-level-user-tracking-for-targeted-ads/
https://www.spiegel.de/netzwelt/netzpolitik/trustpid-die-rueckkehr-der-super-cookies-a-6ea53d94-5996-4d6b-aed5-dfb5f51ab942
-
SMSFactory Android Trojan producing high costs for victims
https://blog.avast.com/smsfactory-android-trojan
-
Mobile trojan detections rise as malware distribution level declines
https://www.bleepingcomputer.com/news/security/mobile-trojan-detections-rise-as-malware-distribution-level-declines/
-
Top 10 Android banking trojans target apps with 1 billion downloads
https://www.bleepingcomputer.com/news/security/top-10-android-banking-trojans-target-apps-with-1-billion-downloads/
-
Hackers steal WhatsApp accounts using call forwarding trick
https://www.bleepingcomputer.com/news/security/hackers-steal-whatsapp-accounts-using-call-forwarding-trick/
-
FluBot Android malware operation shutdown by law enforcement
https://www.bleepingcomputer.com/news/security/flubot-android-malware-operation-shutdown-by-law-enforcement/
https://www.europol.europa.eu/media-press/newsroom/news/takedown-of-sms-based-flubot-spyware-infecting-android-phones
-
Android Security Bulletin — June 2022
https://source.android.com/security/bulletin/2022-06-01?hl=en
-
Apple blocked 1.6 millions apps from defrauding users in 2021
https://www.bleepingcomputer.com/news/security/apple-blocked-16-millions-apps-from-defrauding-users-in-2021/
https://www.apple.com/newsroom/2022/06/app-store-stopped-nearly-one-point-five-billion-in-fraudulent-transactions-in-2021/
-
WiFi probing exposes smartphone users to tracking, info leaks
https://www.bleepingcomputer.com/news/security/wifi-probing-exposes-smartphone-users-to-tracking-info-leaks/
https://arxiv.org/pdf/2206.03745.pdf
-
Android malware on the Google Play Store gets 2 million downloads
https://www.bleepingcomputer.com/news/security/android-malware-on-the-google-play-store-gets-2-million-downloads/
-
Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones
https://thehackernews.com/2022/06/researchers-find-bluetooth-signals-can.html
https://jacobsschool.ucsd.edu/news/release/3461
https://cseweb.ucsd.edu/~schulman/docs/oakland22-bletracking.pdf
-
How SeaFlower 藏海花 installs backdoors in iOS/Android web3 wallets to steal your seed phrase
https://blog.confiant.com/how-seaflower-%E8%97%8F%E6%B5%B7%E8%8A%B1-installs-backdoors-in-ios-android-web3-wallets-to-steal-your-seed-phrase-d25f0ccdffce
-
F5 Labs Investigates MaliBot
https://www.f5.com/labs/articles/threat-intelligence/f5-labs-investigates-malibot
-
BRATA is evolving into an Advanced Persistent Threat
https://www.cleafy.com/cleafy-labs/brata-is-evolving-into-an-advanced-persistent-threat
-
Spyware vendor targets users in Italy and Kazakhstan
https://blog.google/threat-analysis-group/italian-spyware-vendor-targets-users-in-italy-and-kazakhstan/
-
Amazon fixes high-severity vulnerability in Android Photos app
https://www.bleepingcomputer.com/news/security/amazon-fixes-high-severity-vulnerability-in-android-photos-app/
-
Amazon fixes high-severity vulnerability in Android Photos app
https://www.bleepingcomputer.com/news/security/amazon-fixes-high-severity-vulnerability-in-android-photos-app/ (https://www.bleepingcomputer.com/news/security/amazon-fixes-high-severity-vulnerability-in-android-photos-app/)
Making old news new again -
Disclosure and fix
Checkmarx reported the issue to Amazon on November 7, 2021,
and the internet giant confirmed the reception the next day,
classifying it as a high-severity vulnerability.
On December 18, 2021, Amazon informed Checkmarx that they had resolved
the issues via a security update deployed into production. However,
users of the app were never informed of the potential exposure.
If you use the app make sure it's been updated.
Unless you've turned off the default settings, that would have happened
automatically.
-
Revive: from spyware to Android banking trojan
https://www.cleafy.com/cleafy-labs/revive-from-spyware-to-android-banking-trojan