Fake Antivirus Websites Deliver Malware to Android and Windows Devices

Fake Antivirus Websites Deliver Malware to Android and Windows Devices Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. “Hosting malicious software through sites which look Read more…

Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials

Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials

Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed to steal users’ credentials from compromised devices. “This malware uses famous Android app icons to mislead users and trick victims into installing the Read more…

Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components

Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components

Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android. “The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, Read more…

Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw

Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw

Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app’s home directory. “The implications of this vulnerability pattern include arbitrary Read more…

Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers

Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers

Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses compromised WordPress sites as relays for its actual command-and-control (C2) servers for detection evasion. The malware, codenamed Wpeeper, is an ELF binary that leverages the HTTPS protocol Read more…

New 'Brokewell' Android Malware Spread Through Fake Browser Updates

New 'Brokewell' Android Malware Spread Through Fake Browser Updates

New 'Brokewell' Android Malware Spread Through Fake Browser Updates Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. “Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware,” Dutch security firm ThreatFabric said in an analysis published Thursday. The malware is said Read more…

Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies

Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies

Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows – CVE-2024-29745 – An information disclosure flaw in the bootloader component Read more…