< ciso
brief />
Tag Banner

All news with #mobile security tag

205 articles · page 10 of 11

Klopatra Android Banking Trojan Hits 3,000+ Devices

🔒 Cleafy has uncovered Klopatra, a previously undocumented Android banking trojan that has infected over 3,000 devices—predominantly in Spain and Italy. The malware leverages Hidden VNC for remote device control and dynamic overlays to harvest credentials, while integrating the commercial Virbox protection suite and native libraries to evade detection and analysis. Operators distribute Klopatra via social-engineered IPTV droppers, abuse Android accessibility permissions to persist and perform actions, and use a black-screen VNC mode and stolen PINs or patterns to unlock devices and execute rapid fraudulent transfers.
read more →

Datzbro Android Trojan Targets Seniors for DTO Fraud

🛡️ThreatFabric disclosed a newly observed Android banking trojan named Datzbro that targets elderly users via Facebook groups promoting senior activities. Attackers lure victims to install purported community apps (Android APKs and placeholder iOS TestFlight links) via Messenger or WhatsApp; payloads either install Datzbro directly or use a Zombinder dropper to bypass Android 13+ protections. Datzbro abuses Android Accessibility services to perform device takeover, overlay attacks, keylogging and remote control, enabling credential theft and fraudulent transactions. The malware is tied to a Chinese-language desktop C2 and contains Chinese debug strings, suggesting origin and potential wider distribution.
read more →

Kaspersky adds notification anti-phishing for Android

🔒 Kaspersky has added a Notification Protection layer to Kaspersky for Android that detects and blocks malicious links embedded in app notifications. The feature automatically hides suspected links and replaces them with a Kaspersky notice titled 'Dangerous link detected,' preserving the original text minus the link. Kaspersky says scanning is automated and no employee reads private messages. Users must enable Accessibility and notification permissions and can combine this with Safe Messaging and Safe Browsing for fuller protection.
read more →

Unpatched OnePlus flaw exposes SMS data to rogue apps

🔒 Rapid7 disclosed an unpatched vulnerability in OnePlus's OxygenOS (CVE-2025-10184) that allows any installed app to access SMS content and metadata without SMS permissions. The fault arises from modified Telephony content providers whose manifests omit a required write permission and accept unsanitized input. By abusing a blind SQL-injection vector an attacker can infer SMS text one character at a time. OnePlus has acknowledged the report and is investigating; users should minimize installed apps and avoid SMS-based 2FA.
read more →

Apple Adds Always-On Memory Integrity Enforcement Feature

🔒 Apple has introduced Memory Integrity Enforcement in the iPhone 17, a hardware-aware, always-on defense against memory-safety exploits used by spyware like Pegasus. Building on Arm’s MTE and its 2022 Enhanced Memory Tagging Extension, Apple’s implementation tags allocations with secrets and verifies them on every access. The company says the protection runs continuously without noticeable performance loss. Apple collaborated with Arm and tuned the chip-level design to make exploitation of memory-corruption bugs significantly harder while preserving compatibility with existing code.
read more →

CISA Details Two Java Loaders Exploiting Ivanti EPMM Flaws

🔒 CISA released details of two malicious toolsets found on an organization's server after attackers chained zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). Each set contains a Java loader that installs an HTTP listener to decode, decrypt and execute arbitrary payloads and maintain persistence. CISA urges updating EPMM, monitoring for suspicious activity, and restricting access to MDM systems.
read more →

One in Three Android Apps Expose Sensitive Data to Attackers

🔒 The 2025 Zimperium Global Mobile Threat Report finds that one in three Android apps and more than half of iOS apps leak sensitive information through insecure APIs, and nearly half of apps contain hardcoded secrets such as API keys. Client-side weaknesses let attackers tamper with apps, intercept traffic and bypass perimeter defences. The report recommends API hardening and app attestation to ensure API calls originate from genuine, untampered apps.
read more →

SlopAds Ad-Fraud Ring Exploits 224 Android Apps Globally

🔍 A coordinated ad and click-fraud operation named SlopAds ran 224 Android apps that amassed roughly 38 million downloads across 228 countries, according to HUMAN's Satori Threat Intelligence and Research Team. The campaign generated up to 2.3 billion bid requests per day and primarily targeted traffic from the U.S., India, and Brazil. Google removed the offending apps from the Play Store after the investigation, which found sophisticated evasion tactics including steganography and conditional payloads.
read more →

Apple Alerts French Users to Fourth 2025 Spyware Campaign

🔔 Apple has notified users in France that devices linked to some iCloud accounts may have been compromised in a fourth spyware campaign this year, CERT-FR confirmed on September 3, 2025. The agency said the alerts target high-profile individuals — journalists, lawyers, activists, politicians and senior officials — and follow prior notices on March 5, April 29 and June 25. Recent disclosures also link WhatsApp and iOS vulnerabilities exploited in zero-click chains, while Apple’s Memory Integrity Enforcement aims to harden new iPhones against such memory-corruption attacks.
read more →

Apple adds Memory Integrity Enforcement to iPhone 17

🔒 Apple introduced Memory Integrity Enforcement (MIE) on the new iPhone 17 and iPhone Air, implemented in the A19 and A19 Pro chips to deliver always-on memory safety across the kernel and more than 70 userland processes. MIE combines secure memory allocators, an enhanced synchronous Memory Tagging system called EMTE, and Tag Confidentiality Enforcement (TCE) to detect and block buffer overflows and use-after-free bugs. Apple says the design preserves performance while hardening devices against targeted mercenary spyware and exploitation of memory-corruption vulnerabilities.
read more →

RatOn Android RAT Evolves with NFC Relay and ATS Capabilities

🛡️ ThreatFabric has identified a new Android remote access trojan, RatOn, that combines NFC relay attacks with automated money-transfer (ATS) and overlay capabilities to target cryptocurrency wallets and conduct device fraud. Attackers distribute droppers via fake Play Store listings (masquerading as a TikTok 18+ app) aimed at Czech and Slovak users, then request accessibility and device-admin permissions. RatOn deploys a third-stage NFSkate module for Ghost Tap NFC relays, presents overlay or ransom-style screens, captures PINs and seed phrases, records keystrokes, and exfiltrates sensitive data to attacker servers to drain accounts.
read more →

SNI5GECT: 5G Downgrade Attack Enables 4G Tracking Now

🔒 Researchers demonstrated SNI5GECT, an over‑the‑air injection attack targeting unencrypted initial exchanges in 5G that can crash device modems or force a fallback to 4G. By observing the plain‑text handshake and injecting a crafted information block at precise timing, an attacker within roughly 20 meters can trigger a reboot or downgrade. The technique enabled 4G‑based tracking and spoofing on multiple handsets across different modem vendors, and arises from protocol characteristics rather than a single vendor implementation.
read more →

Android droppers now pushing SMS stealers and spyware

🛡️ Security researchers warn that Android dropper apps are increasingly used to deliver not only banking trojans but also SMS stealers, spyware and lightweight payloads. According to ThreatFabric, attackers in India and parts of Asia are packaging payloads behind benign "update" screens to evade targeted Play Protect Pilot Program checks, fetching and installing the real payload only after user interaction. Google says it found no such apps on Play and continues to expand protections, while Bitdefender links malvertising campaigns to Brokewell distribution.
read more →

WhatsApp Patches Zero-Click Zero-Day Exploit in iOS

🔒 WhatsApp has patched a critical zero-day (CVE-2025-55177) affecting linked-device synchronization that could allow processing of content from an arbitrary URL on a target device. The vendor says the flaw, when combined with an Apple OS-level out-of-bounds write (CVE-2025-43300), may have been exploited in a targeted, sophisticated zero-click attack. Apple patched the related OS issue on August 20. Users should apply the updated WhatsApp and WhatsApp Business iOS and Mac clients immediately.
read more →

Brokewell Android Malware Spread via Fake TradingView Ads

⚠️Cybercriminals are abusing Meta advertising to distribute a malicious Android app impersonating TradingView Premium. Bitdefender says the campaign, active since at least July 22, redirects Android users to a counterfeit site that serves a trojanized tw-update.apk and requests accessibility rights while simulating an OS update to capture PINs. The installed Brokewell variant escalates privileges to exfiltrate credentials and 2FA codes, hijack SMS, record screens and audio, and accept remote commands for theft and device control.
read more →

Hook Android Trojan Evolves with Ransomware Features

🛡️Researchers at Zimperium zLabs have detected a new variant of the Hook Android banking Trojan that expands beyond banking fraud to include ransomware-style overlays and advanced surveillance tools. The sample supports 107 remote commands, 38 of which are newly introduced, enabling fake NFC prompts, lock-screen bypasses, transparent gesture-capturing overlays and real-time screen streaming. Operators are distributing malicious APKs via GitHub repositories and continue to exploit Android Accessibility Services for automated fraud and persistent control. Industry observers warn the campaign is global and rapidly escalating, increasing risks to both enterprises and individual users.
read more →

HOOK Android Trojan Adds Ransomware Overlays, Expands

🔒 Cybersecurity researchers at Zimperium zLabs have identified a new HOOK Android banking trojan variant that deploys full-screen ransomware-style overlays to extort victims. The overlay is remotely triggered via the command "ransome" and displays a warning, wallet address and amount, and can be dismissed by the attacker with "delete_ransome". An offshoot of ERMAC, the latest HOOK builds on banking malware techniques and now supports 107 remote commands, introducing transparent gesture-capture overlays, fake NFC and payment screens, and deceptive unlock prompts to harvest credentials and crypto recovery phrases.
read more →

Google to Verify Android Developers in Four Countries

🛡️ Google will require identity verification for all developers who distribute Android apps, including those that sideload software outside the Google Play ecosystem. Invitations begin October 2025, verification opens to all developers in March 2026, and enforcement starts September 2026 in Brazil, Indonesia, Singapore, and Thailand. The policy aims to curb impersonation, stop repeat malicious actors, and strengthen developer accountability while preserving user choice.
read more →

Mesh Messaging Apps: Use Cases, Risks, and Best Practices

📡 Decentralized peer-to-peer "mesh" messaging apps let nearby phones communicate without internet using Bluetooth or Wi‑Fi Direct. Popular and emerging apps — including BitChat, Bridgefy, Briar, and White Mouse — offer offline messaging with varying privacy features and tradeoffs. While useful for disasters, festivals, or local coordination, these tools have limited range, higher battery use, and mixed encryption reliability; favor open-source and independently audited projects.
read more →

Android pKVM Achieves SESIP Level 5 Certification Milestone

🔒 Google announced that protected KVM (pKVM) has achieved SESIP Level 5 certification, making it the first software security system for large-scale consumer electronics to reach this assurance. The certification followed a hands-on evaluation by Dekra under the TrustCB SESIP scheme compliant to EN-17927 and includes AVA_VAN.5 vulnerability analysis. pKVM will enable high-criticality isolated workloads such as on-device AI and provides an open-source, verifiable foundation for device manufacturers.
read more →