Heimadal Security

NOVEMBER 2, 2022

Four Android Applications listed on Google Play with over 1 million downloads were infected with the malware Android/Trojan.HiddenAds.BTGTHB, according to an analysis performed by cybersecurity researchers. The apps are directing users to sites that steal credentials or generate pay-per-click income for the operators.

Malware 97

Malware Cybersecurity 97

Quick Heal Antivirus

MARCH 25, 2021

As an avid smartphone user, do you get frustrated at not finding the app you want on the. The post The risks of downloading apps from unauthorized app stores appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Risk 130

Risk Mobile Malware Cybersecurity 130

Malwarebytes

AUGUST 16, 2023

The FBI has issued a warning that cybercriminals are embedding malicious code in mobile beta-testing apps in attempts to defraud potential victims. Beta-testing apps are new versions of software that are undergoing their final tests and aren't quite ready to be officially released.

Cryptocurrency 95

Cryptocurrency Malware Advertising Mobile 95

Heimadal Security

NOVEMBER 29, 2022

A fake Android app downloaded over 100,000 times on the Google Play store has been found to secretly act as an SMS relay for account creation. The one hundred thousand downloads have been made by users looking to create accounts on Microsoft, Google, Instagram, Telegram, and Facebook.

Accountability 84

Accountability Cybersecurity 84

Security Affairs

JUNE 16, 2022

Researchers at antivirus firm Dr. Web discovered malware in the Google Play Store that was downloaded two million times. 4498 is a trojan that allows operators to steal the contents of other apps’ notifications, download other apps, and prompt users to install them. The Android.Spy.4498 To nominate, please visit:?.

Adware 88

Adware Antivirus Malware Software 88

Malwarebytes

APRIL 4, 2024

In this blog post, we look at a very recent malvertising campaign impersonating the popular VPN software NordVPN. The website looks incredibly convincing, and victims will be tricked into downloading the app from there. This is true here as well, where we have a redirect to besthord-vpn[.]com 216 on port 15647.

VPN 103

VPN Advertising DNS Malware 103

Google Security

NOVEMBER 2, 2023

As users increasingly prioritize their digital privacy and security, we continue to invest in our Data Safety section and transparency labeling efforts to help users make more informed choices about the apps they use. This, in turn, makes it harder for attackers to reach users' devices and improves app quality across the ecosystem.

VPN 97

VPN Mobile Education Risk 97

Malwarebytes

SEPTEMBER 5, 2023

Criminals who buy the toolkit have been distributing it mostly via cracked software downloads but are also impersonating legitimate websites and using ads on search engines such as Google to lure victims in. In this blog post, we will provide details on one campaign targeting TradingView, a popular platform and app to track financial markets.

Phishing 87

Phishing Malware Advertising Marketing 87

Malwarebytes

MARCH 12, 2024

One malware family we have been tracking on this blog is FakeBat. All the incidents described in this blog have been reported to Google. Each downloaded file is an MSIX installer signed with a valid digital certificate (Consoneai Ltd). app open-project[.]org org onenote-download[.]com org Download URLs bezynet[.]com/OBS-Studio-30[.]0[.]2-Full-Installer-x64[.]msix

DNS 114

DNS Malware Software Hacking 114

Krebs on Security

NOVEMBER 28, 2022

A recent scoop by Reuters revealed that mobile apps for the U.S. based company that provides code for software developers to profile smartphone app users based on their online activity, allowing them to send tailor-made notifications. ” The Army app was used by soldiers at one of the nation’s main combat training bases.

Mobile 240

Mobile Malware Technology Government 240

Pen Test Partners

JANUARY 31, 2024

This post is about their EFB management app called Flysmart+ Manager. This how they describe it: “Flysmart+ for iPad FS+ Manager is an application developed by NAVBLUE enabling the synchronization and the installation of the Airline’s data into the other available Flysmart+ for iPad Apps.” “The It affected all users of the app though.

Hacking 121

Hacking Engineering Encryption Software 121

Security Affairs

APRIL 6, 2022

Block disclosed a data breach related to the Cash App investing app and is notifying 8.2 The data breach involved a former employee that downloaded some unspecified reports of its Cash App Investing app that contained some U.S. SecurityAffairs – hacking, Cash App). million current and former US customers.

Data breaches 113

Data breaches Cryptocurrency Accountability Banking 113

Malwarebytes

SEPTEMBER 21, 2021

Last week, security researcher Patrick Wardle released details of a new piece of malware masquerading as the legitimate app iTerm2. The malware was discovered earlier the same day by security researcher Zhi ( @CodeColorist on Twitter), and detailed on a Chinese-language blog. iTerm2 is a popular replacement for the macOS Terminal app.

Malware 141

Malware Passwords Engineering 141

Security Affairs

MAY 21, 2023

The rogue pages are designed to promote fake apps of popular AI services. In the campaign observed by the researchers, threat actors are using BatLoader in the form of MSIX Windows App Installer files to deliver the Redline Stealer. “Both AI services are extremely popular but lack first-party standalone apps (i.e.,

System Administration 94

System Administration Advertising Malware Hacking 94

Hacker's King

JANUARY 6, 2024

At the moment, the RAT is functioning as an Instagram app and a phishing page, both of which are embedded with it. rules_version = '2'; service firebase.storage { match /b/{bucket}/o { match /{allPaths=**} { allow read, write } } } Step 5: Now Go to the project overview create an Android App and download the google-services.json file.

Accountability 52

Accountability Phishing Internet Internet 52

Security Boulevard

MARCH 31, 2023

On March 29th 2023, CrowdStrike published a blog outlining a supply chain attack leveraging the 3CXDesktopApp - a softphone application from 3CX. The shellcode is responsible for calling the export function “DllGetClassObject” of the second stage DLL to execute and download further stage payload. msi” which is signed on March 13, 2023.

Encryption 110

Encryption Manufacturing Technology Malware 110

Krebs on Security

APRIL 20, 2023

In late March 2023, 3CX disclosed that its desktop applications for both Windows and macOS were compromised with malicious code that gave attackers the ability to download and run code on all machines where the app was installed. “This completes Lazarus’s ability to target all major desktop operating systems.

Malware 281

Malware Software Technology Accountability 281

Security Affairs

MAY 14, 2022

A second message suggests affiliates download the official app of the event used to vote. Once downloaded the app, it is possible to use a sniffer to find the servers used to receive the votes, then members could launch DDoS attacks against these servers. Download the Eurovision app [link] 2).

DDOS 117

DDOS Hacking Government Cybersecurity 117

Malwarebytes

DECEMBER 1, 2021

Security researchers have discovered banking Trojan apps on the Google Play Store, and say they have been downloaded by more than 300,000 Android users. So, how do these benign apps become fully malicious? The cybercriminals behind them introduce malicious code as updates to the apps—slowly and surely.

Malware 122

Malware Banking Authentication Cryptocurrency 122

Security Affairs

MAY 27, 2022

A new version of the ERMAC Android banking trojan is able to target an increased number of apps. is able to steal credentials for financial and cryptocurrency apps included in the list of targeted apps that are sent by the C2. The malicious app asks for 43 permissions, of which the TA exploits 12. Permission ? ?

Banking 142

Banking Malware Cybercrime Phishing 142

Security Affairs

MAY 5, 2023

Fleckpe is a new Android subscription Trojan that was discovered in the Google Play Store, totaling more than 620,000 downloads since 2022. Fleckpe is a new Android subscription Trojan that spreads via Google Play, the malware discovered by Kaspersky is hidden in photo editing apps, smartphone wallpaper packs, and other general-purpose apps.

Malware 79

Malware Mobile Antivirus Hacking 79

Malwarebytes

JANUARY 25, 2024

The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead. In this blog post, we share more information about the malicious ads and payloads we have been able to collect. are redirected to google.com.hk

Malware 104

Malware Advertising Accountability Encryption 104

Malwarebytes

APRIL 6, 2021

Users primarily located in Germany are experiencing malware that downloads and installs on their Gigaset mobile devices—right out of the box! The culprit installing these malware apps is the Update app, package name com.redstone.ota.ui, which is a pre-installed system app. and is followed by the name of the app.

Mobile 118

Mobile Malware Manufacturing 118

Security Affairs

NOVEMBER 19, 2022

The DEV-0569 group carries out malvertising campaigns to spread links to a signed malware downloader posing as software installers or fake updates embedded in spam messages, fake forum pages, and blog comments. The downloader, tracked as BATLOADER , shares similarities with another malware called ZLoader. anydeskos[.]com

Ransomware 131

Ransomware Malware Antivirus Phishing 131

Malwarebytes

MARCH 29, 2024

MFA normally requires a user to enter a six-digit code sent by SMS, or generated by an app, or to respond to a push notification, when they enter a username and password. Now, according to this blog by Bran Krebs , these attacks have evolved. It provides an enormous increase in security and makes life much harder for criminals.

Passwords 127

Passwords Accountability Mobile Authentication 127

Malwarebytes

NOVEMBER 21, 2023

Nothing Phone 2 owners were promised a first-of-its-kind app developed in partnership with Sunbird, which allowed them to message other iMessage users via blue bubbles on their Nothing Phone. And, as promised, the beta version was made available for download in the Play Store on Friday November 17, 2023. Thread time!

Encryption 115

Encryption Media Authentication Architecture 115

The Last Watchdog

FEBRUARY 6, 2023

The White House, the Pentagon, the Department of Homeland Security, and the State Department have already banned the social media app, as have more than a dozen other states. No member of the House of Representatives will be allowed to download the TikTok app on any House-issued mobile phone.

Media 189

Media Government Accountability Mobile 189

Malwarebytes

MARCH 29, 2023

Researchers have found that the 3CX desktop app may be compromised and used in supply chain attacks. The 3CX Desktop App is a Voice over Internet Protocol (VoIP) type of application which is available for Windows, macOS, Linux and mobile. The discovered attack is very complex and probably has been going on for months.

Malware 83

Malware Mobile Encryption Internet 83

Heimadal Security

JANUARY 4, 2022

Installers for the cloud-based instant messaging app Telegram have been compromised to distribute the Purple Fox malware to install additional malicious payloads on impacted systems. The post Malicious Telegram Installers Used to Spread Purple Fox Rootkit appeared first on Heimdal Security Blog. What Is Purple Fox? Because […].

Malware 73

Malware Cybersecurity 73

Security Affairs

MAY 28, 2022

In April, GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from several organizations. The attackers abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm.

Backups 140

Backups Passwords Hacking Cybersecurity 140

Malwarebytes

JUNE 29, 2023

Stalkerware-type app LetMeSpy says it has been hacked, with the attacker taking user data with it. To be clear, much of the data that was stolen is the data from the phone which has the tracking app on it, which has likely been installed without the phone owner's knowledge. Polish site Niebezpiecznik first reported the breach.

Spyware 89

Spyware Hacking Antivirus Passwords 89

Security Affairs

JUNE 2, 2022

In past attacks, the malware was spreading by spamming text messages to contacts from infected phones that instruct them to install tainted apps from servers under the control of the attackers. The victim clicks the link and is prompted to install an app. The victim downloads and opens the malicious app that installs FluBot.

Spyware 88

Spyware Malware Banking Cybercrime 88

Security Boulevard

MARCH 12, 2024

It’s not unusual for gamers to download optimization tools from popular platforms like YouTube and Discord to increase their hardware performance – making it more likely that a gamer might unintentionally download the Tweaks malware.Gaming sees more cyber attacksRoblox's significant user base of 71.5

Malware 134

Malware Passwords Antivirus Risk 134

Google Security

MAY 31, 2023

Use Case If a user downloads a malicious file after bypassing a Chrome “Dangerous File” message their managed browser/managed CrOS device should be quarantined. .* Create a (or use an existing) service account and download the JSON representation of the key. You will notice that the Splunk App uses the below directory structure.

Accountability 79

Accountability Passwords Malware Risk 79

Security Affairs

APRIL 17, 2022

GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from several organizations. Threat actors abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm.

Hacking 106

Hacking Accountability Cybersecurity Authentication 106

The Last Watchdog

NOVEMBER 5, 2018

Web browsers vs. apps – Before smart phones existed, “apps” were nonexistent. Anything accessed now through an app, was before accessed through an internet browser. An installed app however can be coded to do anything it wants to gain access to any hardware the user has control of.

Media 174

Media Software Big data Retail 174

Security Affairs

JUNE 18, 2022

MaliBot disguises itself as a cryptocurrency mining app named “Mining X” or “The CryptoApp”, experts also observed the malicious code masqueraded as “MySocialSecurity” and “Chrome” apps. If it detects that the victim has opened an app on the list of targets, it will set up a WebView that displays an HTML overlay to the victim.”

Banking 116

Banking Cryptocurrency Malware Mobile 116