Security Affairs

NOVEMBER 2, 2022

Four malicious Android apps uploaded by the same developer to Google Play totaled at least one million downloads. The apps are infected with the Android/Trojan.HiddenAds.BTGTHB malware, the apps totaled at least one million downloads. 50,000+ downloads Bluetooth Auto Connect (com.bluetooth.autoconnect.anybtdevices).

Phishing 127

Phishing Adware Malware Hacking 127

The Hacker News

FEBRUARY 16, 2023

million weekly downloads has been found vulnerable to an account takeover attack. A popular npm package with more than 3.5 The package can be taken over by recovering an expired domain name for one of its maintainers and resetting the password," software supply chain security company Illustria said in a report.

Passwords 119

Passwords Software Accountability 119

Security Affairs

JUNE 1, 2023

Researchers discovered spyware, dubbed SpinOk, hidden in 101 Android apps with over 400 million downloads in Google Play. Our malware analysts discovered it in 101 apps with at least 421,290,300 cumulative downloads.” The full list of apps is available here.

Spyware 89

Spyware Malware Hacking Advertising 89

Veracode Security

MAY 27, 2023

Insecure code downloads can introduce vulnerabilities that compromise the integrity of your software. In this blog post, we will explore essential steps to secure the supply chain and prevent developers from downloading insecure code from package managers. These measures help ensure the packages you download are from trusted sources.

Software 59

Software Risk 59

Heimadal Security

FEBRUARY 22, 2023

OyeTalk is a voice-chat app that is available in over 100 countries and has five million downloads […] The post Five Million Downloads OyeTalk Android App Leaks Private User Conversations appeared first on Heimdal Security Blog. The database admins did not use a password to secure it, so all the data was open to the public.

Passwords 101

Passwords Cybersecurity 101

Heimadal Security

MARCH 24, 2023

One of the most insidious methods they use is known as a drive-by download attack. This type of attack can happen without you even realizing it, and it has the potential […] The post Drive-by Download Attack – What It Is and How It Works appeared first on Heimdal Security Blog.

Cybersecurity 98

Cybersecurity 98

The Hacker News

SEPTEMBER 2, 2022

In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly one-third of the packages in PyPI, the Python Package Index, trigger automatic code execution upon downloading them. "A

Risk 134

Risk 134

Security Affairs

APRIL 15, 2023

The apps totaled more than 100 million downloads in the ONE store and Google Play stores in South Korea. Below is the list of the apps using the malicious library that had the highest number of downloads: Package Name Application Name GooglePlay Downloads   GP Status com.lottemembers.android L.POINT with L.PAY 10M+ Updated* com.Monthly23.SwipeBrickBreaker

Malware 95

Malware Hacking Cybersecurity Data collection 95

Tech Republic Security

JANUARY 11, 2022

Google took over the top spot for malicious downloads from Microsoft OneDrive as attackers created free accounts, uploaded malware and shared documents with unsuspecting users, says Netskope.

Malware 217

Malware Accountability 217

Malwarebytes

SEPTEMBER 29, 2022

It's no surprise then to see criminals continuing to abuse Zoom's popularity, in the hope of netting interested parties and, potentially, luring current users into downloading and installing malware. Malware @Zoom downloads ? Findings reveal six fake Zoom download sites, but they are no longer accessible.

Spyware 87

Spyware Malware Ransomware Passwords 87

Dark Reading

MAY 30, 2023

A Trojan SDK snuck past Google Play protections to infest 101 Android applications, bent on exfiltrating infected device data.

Spyware 145

Spyware 145

Security Affairs

AUGUST 2, 2021

An attacker could exploit a vulnerability in the WordPress Download Manager plugin, tracked as CVE-2021-34639, to execute arbitrary code under specific configurations. High), its exploitation is not simple because in a real attack scenario the use of an.htaccess file in the downloads directory making it difficult to execute uploaded files.

Hacking 142

Hacking Information Security Data breaches Cybercrime 142

Tech Republic Security

MARCH 4, 2022

The post TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download appeared first on TechRepublic. TechRepublic Premium content helps you solve your toughest IT issues and jumpstart your career or next project.

Artificial Intelligence 178

Artificial Intelligence Big data Software Mobile 178

The Hacker News

APRIL 18, 2023

A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads. An additional eight million installations have been tracked through ONE store, a leading third-party app storefront in South Korea.

Malware 91

Malware Software 91

Tech Republic Security

APRIL 14, 2021

From remote work and social media to ergonomics and encryption, TechRepublic has dozens of ready-made, downloadable IT policy templates.

Encryption 209

Encryption Media 209

Malwarebytes

APRIL 6, 2023

also contains two hard-coded download URLs, both served on the malicious domain infoamanewonliag[.]online. The same IP also hosts the illicit domain the payloads were downloaded from. These include "executing a command and sending its output back to the attackers or downloading additional files onto the computer."

Malware 96

Malware Computers and Electronics Scams Ransomware 96

Malwarebytes

MAY 11, 2022

The sites vary in terms of style or general setup, but all focus on having you download Canon drivers. However, when someone attempts to download the driver, the download fails and the site displays a message with a phone number you can call for assistance. A very testing download. Except not really.

Scams 136

Scams Phishing Cryptocurrency Ransomware 136

Heimadal Security

FEBRUARY 15, 2023

With over one million downloads on Google Play Store and more […] The post 1 Million Downloads Later: How An Android Game Leaked Private Data appeared first on Heimdal Security Blog. Additionally, sensitive data was hardcoded into the client side of the app, making it vulnerable to further leaks.

Cybersecurity 97

Cybersecurity 97

Security Affairs

DECEMBER 8, 2022

Web Explorer – Fast Internet is a browsing app with over five million downloads on the Google Play store. The post <strong>Android app with over 5m downloads leaked user browsing history</strong> appeared first on Security Affairs. It boasts of increasing browsing speed by 30% and has a user rating average of 4.4

Internet 132

Internet Internet Hacking Authentication 132

Security Affairs

MAY 5, 2023

Fleckpe is a new Android subscription Trojan that was discovered in the Google Play Store, totaling more than 620,000 downloads since 2022. Fleckpe is a new Android subscription Trojan that spreads via Google Play, the malware discovered by Kaspersky is hidden in photo editing apps, smartphone wallpaper packs, and other general-purpose apps.

Malware 81

Malware Antivirus Hacking Mobile 81

Security Boulevard

DECEMBER 12, 2022

The post Daniel Stori’s ‘Oracle Downloads Page’ appeared first on Security Boulevard. via the webcomic talent of the inimitable Daniel Stori at Turnoff.U

69

69

Security Boulevard

MAY 19, 2022

The post Surge in Malware Downloads Driven by SEO-Based Techniques appeared first on Security Boulevard. The findings indicated that cybercriminals are leveraging various social engineering techniques—including SEO—and different Trojan families, including those delivered via PDF, to target victims more effectively.

Malware 139

Malware Social Engineering Engineering Cybersecurity 139

Bleeping Computer

JANUARY 29, 2023

A new category of activity tracking applications has been having massive success recently on Google Play, Android's official app store, having been downloaded on over 20 million devices. [.]

Mobile 105

Mobile 105

The Hacker News

OCTOBER 26, 2021

Mozilla on Monday disclosed it blocked two malicious Firefox add-ons installed by 455,000 users that were found misusing the Proxy API to impede downloading updates to the browser.

144

144

Bleeping Computer

AUGUST 2, 2021

A mysterious, one-letter npm package named "-" sitting on the registry since 2020 has received over 700,000 downloads. The package contains no functional code, so what makes it score so many downloads? [.]. What's more?

Software 145

Software 145

Heimadal Security

JUNE 15, 2022

Last month, security specialists found adware and info-stealing malware on the Google Play Store, with at least five threats still obtainable and with more than 2 million downloads. The post Over 2 Million People Have Downloaded Android Malware from the Google Play Store appeared first on Heimdal Security Blog.

Malware 139

Malware Adware Software Cybersecurity 139

We Live Security

JULY 12, 2022

It’s all fun and games until you get hacked – and this is just one risk of downloading cracked games. The post Play it safe: 5 reasons not to download pirated games appeared first on WeLiveSecurity.

Hacking 103

Hacking Risk Cybersecurity 103

Malwarebytes

APRIL 6, 2021

Upon analysis, the obfuscated PowerShell downloader initiated a chain of infection leading to a lesser-known malware called Saint Bot. Saint Bot is a downloader that appeared quite recently, and slowly is getting momentum. Use Electrum to download & save it on your side [link] Password is: privatemoney9999999usd Thank you.

Malware 121

Malware Phishing Passwords Encryption 121

Joseph Steinberg

JANUARY 19, 2021

Last week, shortly before Amazon took the Parler social network offline by terminating the latter’s hosting services, a hacker allegedly facilitated a download of the social media site’s data. ” Vigilantism undermines the rule of law. And, in any case, we must strongly discourage digital vigilantism. Even in the case of Parler.

DDOS 256

DDOS Cybersecurity Media Passwords 256

The Hacker News

NOVEMBER 7, 2021

In what's yet another instance of supply chain attack targeting open-source software repositories, two popular NPM packages with cumulative weekly downloads of nearly 22 million were found to be compromised with malicious code by gaining unauthorized access to the respective developer's accounts.

Software 145

Software Accountability 145

Bleeping Computer

NOVEMBER 21, 2021

Microsoft released Windows 10 21H2, the November 2021 Update, last week and you can now download an ISO image for the new version to put aside for emergencies or clean installs. [.].

145

145

Dark Reading

NOVEMBER 9, 2022

The malicious package downloads an image from the Web, then uses a steganography module to extract and execute the code to download malware.

Malware 100

Malware 100

The Hacker News

MAY 19, 2022

Fraudulent domains masquerading as Microsoft's Windows 11 download portal are attempting to trick users into deploying trojanized installation files to infect systems with the Vidar information stealer malware.

Malware 136

Malware 136

Malwarebytes

FEBRUARY 22, 2022

In reality this application was a Trojan dropper which contacted a remote server and downloaded one of several payloads based on certain parameters. The Fast Cleaner app has now been removed from the Play Store but not before it was downloaded more than 50,000 times. One of these payloads was the banking Trojan Xenomorph.

Banking 121

Banking Malware Backups Cryptocurrency 121

Bleeping Computer

AUGUST 24, 2022

Google Chrome extension 'Internet Download Manager' installed by more than 200,000 users is adware. The extension has been sitting on the Chrome Web Store since at least June 2019, according to the earliest reviews posted by users. [.].

Adware 98

Adware Internet Internet 98

The Hacker News

OCTOBER 20, 2022

As many as 16 malicious apps with over 20 million cumulative downloads have been taken down from the Google Play Store after they were caught committing mobile ad fraud.

Malware 100

Malware Mobile 100

Security Affairs

APRIL 17, 2022

GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from several organizations. Threat actors abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm.

Cybersecurity 128

Cybersecurity Hacking Accountability Information Security 128