Apple’s App Store is considered a reliable platform for downloading apps. So much so, in fact, that users often assume there’s no danger at all: what could possibly be wrong with an app that’s been moderated by Apple? App Store verification is indeed effective, and news about malicious or phishing apps on the platform is uncommon. All the same, malware creators do occasionally … [Read more...] about Beware of scammers! Dangerous apps in the App Store
apps
Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play
Sep 09, 2023THNMobile Security / Spyware Spyware masquerading as modified versions of Telegram have been spotted in the Google Play Store that's designed to harvest sensitive information from compromised Android devices. According to Kaspersky security researcher Igor Golovin, the apps come with nefarious features to capture and exfiltrate names, user IDs, contacts, phone … [Read more...] about Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play
Two Spyware Apps on Google Play with 1.5 Million Users Sending Data to China
Jul 08, 2023Swati KhandelwalMobile Security / Spyware Two file management apps on the Google Play Store have been discovered to be spyware, putting the privacy and security of up to 1.5 million Android users at risk. These apps engage in deceptive behaviour and secretly send sensitive user data to malicious servers in China. Pradeo, a leading mobile security company, has … [Read more...] about Two Spyware Apps on Google Play with 1.5 Million Users Sending Data to China
Sneaky DogeRAT Trojan Poses as Popular Apps, Targets Indian Android Users
May 30, 2023Ravie LakshmananMobile Security / Android A new open source remote access trojan (RAT) called DogeRAT targets Android users primarily located in India as part of a sophisticated malware campaign. The malware is distributed via social media and messaging platforms under the guise of legitimate applications like Opera Mini, OpenAI ChatGOT, and Premium versions of … [Read more...] about Sneaky DogeRAT Trojan Poses as Popular Apps, Targets Indian Android Users
Microsoft Fixes New Azure AD Vulnerability Impacting Bing Search and Major Apps
Apr 01, 2023Ravie LakshmananAzure / Active Directory Microsoft has patched a misconfiguration issue impacting the Azure Active Directory (AAD) identity and access management service that exposed several "high-impact" applications to unauthorized access. "One of these apps is a content management system (CMS) that powers Bing.com and allowed us to not only modify search … [Read more...] about Microsoft Fixes New Azure AD Vulnerability Impacting Bing Search and Major Apps
Even Top-Ranked Android Apps in Google Play Store Provide Misleading Data Safety Labels
Feb 24, 2023Ravie LakshmananPrivacy / Data Safety An investigation into data safety labels for Android apps available on the Google Play Store has uncovered "serious loopholes" that allow apps to provide misleading or outright false information. The study, conducted by the Mozilla Foundation as part of its *Privacy Not Included initiative, compared the privacy policies and … [Read more...] about Even Top-Ranked Android Apps in Google Play Store Provide Misleading Data Safety Labels
Hackers Abused Microsoft’s “Verified Publisher” OAuth Apps to Breach Corporate Email Accounts
Feb 01, 2023Ravie LakshmananEnterprise Security / Authentication Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network (MPN) accounts that were used for creating malicious OAuth applications as part of a malicious campaign designed to breach organizations' cloud environments and steal email. "The applications created by these fraudulent actors were … [Read more...] about Hackers Abused Microsoft’s “Verified Publisher” OAuth Apps to Breach Corporate Email Accounts
Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps
Jan 23, 2023Ravie LakshmananMobile Security / Malvertising Researchers have shut down an "expansive" ad fraud scheme that spoofed more than 1,700 applications from 120 publishers and impacted roughly 11 million devices. "VASTFLUX was a malvertising attack that injected malicious JavaScript code into digital ad creatives, allowing the fraudsters to stack numerous invisible … [Read more...] about Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps
Hackers Sign Android Malware Apps with Compromised Platform Certificates
Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. The findings were first discovered and reported by Google reverse engineer Łukasz Siewierski on Thursday. "A platform certificate is the application signing certificate used to sign the 'android' application on the system image," a report … [Read more...] about Hackers Sign Android Malware Apps with Compromised Platform Certificates
These Dropper Apps On Play Store Targeting Over 200 Banking and Cryptocurrency Wallets
Five malicious dropper Android apps with over 130,000 cumulative installations have been discovered on the Google Play Store distributing banking trojans like SharkBot and Vultur, which are capable of stealing financial data and performing on-device fraud. "These droppers continue the unstopping evolution of malicious apps sneaking to the official store," Dutch mobile security … [Read more...] about These Dropper Apps On Play Store Targeting Over 200 Banking and Cryptocurrency Wallets