< ciso
brief />
Tag Banner

All news with #mobile security tag

205 articles · page 3 of 11

New SparkCat Malware Variant Targets iOS and Android

🛡️Security researchers have discovered an updated SparkCat trojan on both the Apple App Store and Google Play Store, hiding inside seemingly benign apps such as enterprise messengers and food delivery services. Kaspersky said it found two infected iOS apps and one Android app that primarily target cryptocurrency users in Asia. The iOS variant scans photo galleries for English wallet mnemonic phrases, while the Android version employs code virtualization, cross-platform languages and regional keyword scanning for Japanese, Korean and Chinese. Both samples use an OCR module to exfiltrate images containing recovery phrases to attacker-controlled servers, underscoring a rapidly evolving threat.
read more →

WhatsApp Alerts 200 Users After Fake iOS App Spyware

⚠️ Meta-owned WhatsApp said it alerted about 200 users, largely in Italy, who were fooled into installing a counterfeit iOS app infected with spyware. The company logged affected accounts out, advised victims to uninstall the malicious app and reinstall the official WhatsApp client, and said it is taking action against Italian firm Asigint, an alleged SIO subsidiary. The alert follows earlier campaigns targeting users with Graphite and chained zero-day exploits in 2025, highlighting persistent misuse of surveillance tools in Europe.
read more →

Apple Expands iOS 18.7.7 Availability to More Devices

🔒Apple expanded iOS 18.7.7 and iPadOS 18.7.7 availability on April 1, 2026, to protect a broader range of devices from the web-based exploit kit DarkSword. The release now covers many iPhone models from XR through the 16 series and multiple iPad mini, Air and Pro configurations, including devices capable of running iOS 26 but still on older releases. The backported fixes let users with Automatic Updates receive protections without upgrading to iOS 26; users without auto-update can choose the patched iOS 18 build or move to iOS 26. Apple also began issuing Lock Screen alerts to urge installations of the security patches.
read more →

Apple Widens iOS 18 Patch Support to Block DarkSword

🔒 Apple has expanded availability of iOS 18.7.7 to a broader set of iPhones and iPads to ensure devices remaining on iOS 18 receive protections against the actively exploited DarkSword exploit kit. The update delivers fixes for multiple vulnerabilities first mitigated in 2025 and addresses additional CVEs disclosed through 2026. Users with Automatic Updates enabled on eligible devices will receive these protections automatically. Researchers observed deployment of information-stealing and backdoor malware families including GhostBlade, GhostKnife, and GhostSaber in attacks exploiting these flaws.
read more →

NoVoice Android Malware on Google Play Infects Millions

📱 Researchers at McAfee uncovered NoVoice, an Android rootkit hidden in more than 50 Google Play apps that were downloaded at least 2.3 million times. The apps requested no suspicious permissions and used steganography to hide an encrypted APK payload that exploits historically patched kernel and driver vulnerabilities to gain root. Once rooted, the implant replaces system libraries, disables SELinux, and installs persistent recovery scripts and a watchdog so the rootkit survives factory resets. McAfee reported the apps and Google removed them, but previously infected devices should be considered compromised.
read more →

Google rolls out Android developer verification plan

🔒 Google has begun rolling out a new Android developer verification system designed to reduce malicious apps and strengthen platform security. The scheme requires developers to verify their identities and register apps, notably when distributing software outside Google Play; eligible Play apps will be auto-registered. Unregistered apps may later require an advanced sideloading flow or ADB, while Google stages enforcement from April 2026 and expands globally after 2027.
read more →

FBI Advises Caution Using Chinese Mobile Apps Over Privacy

🔒 The FBI has issued a public service announcement warning Americans about privacy and data-security risks posed by foreign-developed mobile applications, particularly those maintained by Chinese companies. The bureau says some apps may collect extensive personal data — even when only active — and may store information on servers in China or require consent to share data. The FBI recommends disabling unnecessary sharing, updating device software, and installing apps only from official app stores.
read more →

Android Developer Verification Rolls Out Ahead of Mandate

🔒 Google has begun rolling out Android developer verification, requiring developers who distribute apps outside Google Play to create an account in the Android Developer Console to confirm their identity. The rollout precedes a September enforcement in Brazil, Indonesia, Singapore, and Thailand, with global expansion planned next year. Sideloading of unregistered APKs remains possible for power users via an advanced flow that includes an authentication step and a one-off 24-hour waiting period to deter scammers.
read more →

Apple's Camera Indicator Lights: Design and Security

🔒 Apple has implemented a camera-indicator approach that carefully blends hardware and system design to ensure users are alerted when the camera is active. While a dedicated LED appears inherently more tamper-resistant than an on-screen widget, Apple addresses overlay and spoofing concerns through integrated hardware–software controls and system-level protections. The result is a thoughtfully engineered notification mechanism that substantially reduces the risk of unnoticed camera use.
read more →

TA446 Uses Leaked DarkSword iOS Exploit in Email Campaign

🔒 Proofpoint disclosed a targeted email campaign by Russia-linked TA446 that leverages the leaked DarkSword iOS exploit kit to target iPhones. The group used spoofed "discussion invitation" messages impersonating the Atlantic Council to deliver the GHOSTBLADE dataminer and, in some instances, the MAYBEROBOT backdoor via password-protected ZIPs. Proofpoint noted sharply increased message volume and server-side filtering that routes only iPhone browsers to the exploit chain. Apple has issued lock-screen warnings urging immediate updates to block the threat.
read more →

WhatsApp adds AI tools, iOS multi-account and transfers

🤖 WhatsApp is rolling out several usability and AI-driven features, including a Writing Help reply assistant that uses Private Processing, and photo touch-up powered by Meta AI. The update also enables two accounts on iOS, a chat history transfer from iOS to Android, and a utility to locate and remove large media. Meta has also expanded anti-scam protections and introduced parent-managed accounts and a lockdown security mode for high-risk users.
read more →

Coruna iOS Exploit Framework Linked to Triangulation

🔒 Coruna is an evolved iOS exploit framework tied to the earlier Operation Triangulation espionage campaign and now includes support for modern Apple silicon such as A17 and M3 chips and iOS builds up to 17.2. Kaspersky found five exploit chains leveraging 23 vulnerabilities, including CVE-2023-32434 and CVE-2023-38606, and determined parts of the kernel exploit are maintained revisions of Triangulation code. The attack begins via a Safari stager that fingerprints the device, selects tailored RCE and PAC exploits, downloads encrypted components decrypted with ChaCha20 and decompressed with LZMA, then loads payloads appropriate to ARM64/ARM64E architectures. Kaspersky also observed Coruna’s use in financially motivated campaigns that impersonate crypto exchanges; Apple has released fixes and users should apply updates promptly.
read more →

Google adds Advanced Flow for safer APK sideloading

🔒 Google is introducing Advanced Flow, a new Android mechanism that lets power users sideload APKs from unverified developers while adding multi-step protections. The one-time process requires enabling Developer Mode, confirming you are not being coached by a threat actor, restarting and reauthenticating, then waiting one day to validate the changes. After completion users may enable installations for a week or indefinitely, and Android will display a warning that the app is from an unverified developer. The flow is intended to add friction and disrupt urgency-driven scam tactics.
read more →

Predator spyware disables iOS camera and mic indicators

🔎 Cybersecurity researchers analyzed Predator, a commercial spyware component developed by Intellexa, and revealed how it disables iOS camera and microphone recording indicators. The malware intercepts communications between the system component that tracks module activity and SpringBoard, exploiting Objective‑C behavior to suppress status signals so the green/orange dots never appear. The report outlines the techniques, traces earlier dead code attempts, and offers practical mitigations for users at elevated risk.
read more →

Google adds 24-hour wait for unverified Android apps

🔐Google announced a new advanced flow for Android sideloading that imposes a mandatory 24-hour wait and biometric or PIN confirmation before permitting installs from unverified developers. The measure complements a developer verification mandate and is intended to make social‑engineering and rapid coercion attacks harder. Google will also offer free limited distribution accounts for hobbyists and students and says the flow does not apply to ADB installs; the changes roll out in August 2026 ahead of verification rules.
read more →

Five Ways Google Helps You Avoid Tax Season Scammers

🔒Google outlines five practical defenses to help users spot and avoid tax‑season scams. It describes on‑device AI protections on Pixel phones including Call Screen and optional real‑time Scam Detection alerts, plus text‑vetting with Circle to Search and Lens. The post highlights real‑time Safe Browsing, high‑visibility Gmail warning banners and security steps like Passkeys and 2‑Step Verification to reduce fraud risk.
read more →

Global Surge in Mobile Banking Malware Targets 1,243 Brands

📱 Zimperium zLabs reports a global surge in mobile banking malware targeting 1,243 financial brands across 90 countries. The firm analysed 34 active malware families affecting apps with more than three billion downloads and found industrialised campaigns exploiting weak app protections and widespread code sharing. Attacks now intercept authentication codes, hijack live sessions and can take control of devices, undermining traditional backend fraud controls.
read more →

Perseus Android Banking Malware Targets Europe and Mideast

🔒 ThreatFabric researchers disclosed a new Android banking malware family named Perseus that enables device takeover and financial fraud through dropper apps promoted on phishing and IPTV sideloading sites. Built on code from Cerberus and Phoenix, Perseus leverages Accessibility-based remote sessions to monitor, interact with, and fully control infected devices. It targets users across Turkey, Italy and other European and Middle Eastern markets, and adds note‑scanning to harvest high-value personal data. Operators can issue remote commands, stream screens, run HVNC sessions, and authorize fraudulent transactions via a command-and-control panel.
read more →

Perseus Android Malware Harvests Secrets from Notes

🔐 Researchers at ThreatFabric have discovered a new Android malware family called Perseus that scans user note-taking apps to steal passwords, recovery phrases, and financial data. Distributed via sideloaded IPTV-themed apps, Perseus abuses Accessibility Services to gain full remote control, capture screenshots, and deploy overlays and keyloggers. The threat uses a dropper capable of bypassing Android 13+ sideloading restrictions and performs extensive anti-analysis checks before exfiltration. Users are advised to avoid sideloading APKs, keep Play Protect enabled, and install apps only from the Google Play Store.
read more →

Remote Control Glitch Exposes Thousands of Robot Vacuums

🤖 A user attempting to remotely control his own DJI Romo robot vacuum inadvertently gained control of approximately 7,000 devices around the world. The incident highlights how insecure many consumer IoT devices remain and how a single action can cascade into widespread exposure. Beyond mere nuisance, such mass control raises privacy and safety concerns if exploited at scale. The episode underscores the urgent need for stronger device authentication, secure update mechanisms, and clearer vendor responsibility.
read more →