All news with #android tag

Google ships September Android patches for 120 flaws

🔒 Google has released its September 2025 Android security updates addressing 120 vulnerabilities, including two issues that Google says have been exploited in limited, targeted attacks. The two highlighted flaws are CVE-2025-38352 (CVSS 7.4), affecting the Linux Kernel, and CVE-2025-48543, impacting the Android Runtime; both can enable local privilege escalation with no user interaction. Google issued patch levels 2025-09-01 and 2025-09-05 to let partners deploy common fixes more quickly and credited Benoît Sevens of TAG with reporting the kernel issue.

Brokewell Android Malware Spread via Fake TradingView Ads

⚠️Cybercriminals are abusing Meta advertising to distribute a malicious Android app impersonating TradingView Premium. Bitdefender says the campaign, active since at least July 22, redirects Android users to a counterfeit site that serves a trojanized tw-update.apk and requests accessibility rights while simulating an OS update to capture PINs. The installed Brokewell variant escalates privileges to exfiltrate credentials and 2FA codes, hijack SMS, record screens and audio, and accept remote commands for theft and device control.

Hook Android Trojan Evolves with Ransomware Features

🛡️Researchers at Zimperium zLabs have detected a new variant of the Hook Android banking Trojan that expands beyond banking fraud to include ransomware-style overlays and advanced surveillance tools. The sample supports 107 remote commands, 38 of which are newly introduced, enabling fake NFC prompts, lock-screen bypasses, transparent gesture-capturing overlays and real-time screen streaming. Operators are distributing malicious APKs via GitHub repositories and continue to exploit Android Accessibility Services for automated fraud and persistent control. Industry observers warn the campaign is global and rapidly escalating, increasing risks to both enterprises and individual users.

HOOK Android Trojan Adds Ransomware Overlays, Expands

🔒 Cybersecurity researchers at Zimperium zLabs have identified a new HOOK Android banking trojan variant that deploys full-screen ransomware-style overlays to extort victims. The overlay is remotely triggered via the command "ransome" and displays a warning, wallet address and amount, and can be dismissed by the attacker with "delete_ransome". An offshoot of ERMAC, the latest HOOK builds on banking malware techniques and now supports 107 remote commands, introducing transparent gesture-capture overlays, fake NFC and payment screens, and deceptive unlock prompts to harvest credentials and crypto recovery phrases.

Google to Verify Android Developers in Four Countries

🛡️ Google will require identity verification for all developers who distribute Android apps, including those that sideload software outside the Google Play ecosystem. Invitations begin October 2025, verification opens to all developers in March 2026, and enforcement starts September 2026 in Brazil, Indonesia, Singapore, and Thailand. The policy aims to curb impersonation, stop repeat malicious actors, and strengthen developer accountability while preserving user choice.

Android pKVM Achieves SESIP Level 5 Certification Milestone

🔒 Google announced that protected KVM (pKVM) has achieved SESIP Level 5 certification, making it the first software security system for large-scale consumer electronics to reach this assurance. The certification followed a hands-on evaluation by Dekra under the TrustCB SESIP scheme compliant to EN-17927 and includes AVA_VAN.5 vulnerability analysis. pKVM will enable high-criticality isolated workloads such as on-device AI and provides an open-source, verifiable foundation for device manufacturers.

Android adware: risks, techniques and removal advice

📱 Android adware can range from benign ad‑supported apps to intrusive PUAs that harvest data, perform click fraud, or hide to prevent removal. Detections rose by 160% in H1 2025, and sophisticated campaigns such as Kaleidoscope — which uses identical “evil twin” apps across official and third‑party stores — accounted for a substantial share of incidents. To reduce risk, only install apps from reputable developers and the Google Play Store, keep software updated, enable PUA detection in mobile security tools, and if infected disconnect, reboot to Safe Mode and remove suspicious apps or run a trusted scanner.

Is Your Phone Spying on You? Inside Modern Spyware

🔍 In this Unlocked 403 episode host Becks speaks with ESET malware researcher Lukas Stefanko to explain how modern spyware operates and why commonplace apps can become surveillance tools. They examine ESET’s discovery of BadBazaar, describe common infection vectors, persistence techniques and permissions abuse, and note that some tools can compromise devices without any user interaction. Lukas outlines practical detection signals and step‑by‑step removal advice. The conversation also points listeners to a prior episode for deeper Android threat analysis.

Chrome on Android: Advanced Protection Enhancements

🔒 Android's Advanced Protection extends Google's device-level security and integrates with Chrome on Android, enabling three core protections to guard high-risk users such as journalists and officials. It forces HTTPS via the Always Use Secure Connections mode, turns on full Site Isolation for devices with 4GB+ RAM, and reduces attack surface by disabling V8's higher-level JavaScript optimizers. Settings are available on Android 16 in Chrome 137+, and enterprises can control behaviors via policies while affected users should enable automatic updates and join the Advanced Protection Program for maximum defense. These measures trade some performance for stronger exploitation resistance.

ESET Threat Report H1 2025: Key Cyberthreat Findings

🛡️ The ESET research team has released the H1 2025 Threat Report, summarizing cyberthreat activity from December 2024 through May 2025. The report highlights a rapid rise in a new social engineering technique, ClickFix, with detections increasing more than fivefold, and a 160% surge in Android adware linked to evil twin fraud and PUAs. It also notes growing numbers of ransomware attacks and gangs even as overall payment values trended downward. Watch ESET Chief Security Evangelist Tony Anscombe's video overview and consult the full report for details and mitigation guidance.

Secure Age Assurance for Europe and Global Internet

🔒 Google outlines a privacy-forward approach to online age assurance that emphasizes interoperability and targeted protections for children, teens, and parents. The post highlights the new Credential Manager API on Android, which enables sites and apps to request only necessary age information from trusted credential holders. Backed by zero-knowledge proofs, the system can verify age thresholds (for example, over 18) without exposing identity or additional personal data. Google urges standards development and cross-sector collaboration to extend and adopt this secure infrastructure.