< ciso
brief />
Tag Banner

All news with #mobile security tag

205 articles · page 5 of 11

Massiv Android banking malware disguises as IPTV app

🔒 A new Android banking trojan called Massiv is being distributed as a fake IPTV application to harvest credentials, perform keylogging, and seize remote control of infected devices. Researchers at ThreatFabric observed campaigns that targeted a Portuguese government app integrated with Chave Móvel Digital, enabling fraudsters to bypass KYC checks and open accounts in victims' names. Massiv supports live screen streaming via Android's MediaProjection API and a UI-tree mode using the Accessibility Service to extract interface elements, click controls, and bypass screen-capture protections.
read more →

Keenadu Preinstalled Android Malware Compromises Firmware

⚠️ Kaspersky researchers have uncovered Keenadu, a multifaceted Android malware family that can be embedded in device firmware and run with system-level privileges from first boot. Detected on more than 13,000 devices across multiple countries, the backdoor impersonates legitimate system components (including face-unlock and home-screen apps) and can infect other apps, install APKs, and harvest sensitive data. It may remain dormant under certain locales and lacks easy removal through standard user tools. Kaspersky recommends checking firmware updates, running security scans, disabling suspect apps, and coordinating with vendors to address supply chain integrity.
read more →

Keenadu Firmware Backdoor Infects Android Tablets Worldwide

🔒 Kaspersky researchers have identified a firmware-embedded backdoor named Keenadu that can run in the context of every Android app and grant remote control over infected tablets. The implant was discovered in Alldocube iPlay 50 mini Pro firmware dating to August 18, 2023, and the compromised images carried valid digital signatures. Kaspersky observed delivery via signed OTA updates, preinstalled system apps, and trojanized apps distributed through third-party stores and official marketplaces.
read more →

Android 17 Beta Adds Secure-by-Default Architecture

🔐 Android 17 public beta introduces a secure-by-default architecture that tightens app protections and refines developer workflows. The release deprecates the android:usesCleartextTraffic attribute and will block cleartext by default for apps targeting API level 37 without a network security configuration. It also adds a public SPI for HPKE hybrid cryptography, enables certificate transparency by default and introduces install-time permissions for localhost interactions. Large-screen behavior changes, a lock-free MessageQueue and generational garbage collection in ART target performance, while Google replaces the traditional Developer Preview with a continuous Canary channel for earlier feature access and streamlined testing.
read more →

Apple beta adds RCS E2EE and expanded Memory Integrity

🔐 Apple has released an iOS and iPadOS 26.4 developer beta that introduces end-to-end encryption (E2EE) for RCS conversations between compatible Apple devices, with a wider rollout planned for iOS, iPadOS, macOS and watchOS in a future update. The feature is currently in beta and limited to Apple devices and supported carriers. The update also expands Memory Integrity Enforcement (MIE), allowing applications to opt in to full protections beyond Soft Mode. Additionally, iOS 26.4 is expected to enable Stolen Device Protection by default and the SDK is available via Xcode 26.4.
read more →

Keenadu backdoor found in Android firmware and apps

🛡️ Keenadu is a sophisticated Android backdoor discovered embedded in device firmware and in apps distributed through Google Play and other channels. Kaspersky reports multiple distribution vectors — compromised OTA firmware, system apps, modified APKs and even Play Store apps — with the firmware-integrated variant being the most powerful. That variant can operate inside every installed app, silently install APKs with broad permissions, and exfiltrate media, messages, credentials and location data. Kaspersky has confirmed roughly 13,000 infected devices and warns that firmware-resident instances cannot be removed by standard Android tools; users should reflash clean firmware or replace affected devices.
read more →

ZeroDayRAT toolkit sells cross-platform mobile spyware

📱 ZeroDayRAT is a commercially marketed, cross-platform spyware toolkit distributed openly via Telegram that targets Android and iOS devices. iVerify traced initial activity to 2 February and found the offering includes an APK for Android, an iOS payload, a web-based management panel, documentation, and customer support channels. The malware harvests messages, call logs, contacts, location, photos, files, notifications, and enumerates accounts across popular services, enabling sustained surveillance and potential financial theft. Infection relies on social engineering—sideloading or iOS provisioning profiles—so iVerify recommends mobile EDR, stricter controls on unauthorized installs, and detection across BYOD and managed fleets.
read more →

Apple Tests End-to-End Encrypted RCS in iOS 26.4 Beta

🔒 Apple has introduced end-to-end encryption for RCS messaging in the iOS and iPadOS 26.4 developer beta, enabling encrypted conversations between Apple devices during testing. The feature remains in beta and is not available for all devices or carriers, and it currently does not extend to non-Apple platforms such as Android. The release also introduces an opt-in for full Memory Integrity Enforcement and signals forthcoming Stolen Device Protection defaults.
read more →

ZeroDayRAT: Commercial Mobile Spyware Targets Android, iOS

🕵️‍♂️ZeroDayRAT is a commercial mobile spyware platform advertised on Telegram that enables extensive data collection and real-time surveillance on Android and iOS devices. The developer offers a builder to generate malicious binaries and an online or self-hosted control panel that exposes device metadata, GPS location history, accounts and notification previews. Operators can capture keystrokes, SMS (including OTPs), live camera and microphone streams, and perform hands-on remote operations. Additional modules swap clipboard crypto addresses and target mobile payment apps to facilitate direct financial theft.
read more →

ZeroDayRAT Mobile Spyware Targets Android and iOS Users

📱 ZeroDayRAT is a newly documented cross-platform mobile spyware operation targeting Android and iOS, according to iVerify. The toolkit grants persistent access to messages, precise GPS history, notifications, camera, microphone and keystroke capture, and exposes a dedicated web dashboard for rapid device profiling. Infections are commonly initiated via smishing, counterfeit app stores, phishing emails and links shared through messaging apps.
read more →

ZeroDayRAT Spyware Offers Full Remote Control of Devices

🔐 ZeroDayRAT is a commercial mobile spyware being sold on Telegram that grants attackers comprehensive remote control over Android (5–16) and iOS (up to 26) devices. The toolkit provides a management panel displaying device metadata and supports data theft, live audio/video capture, location tracking, SMS interception for OTPs, keylogging, and modules targeting cryptocurrency wallets and banking apps. iVerify warns it can enable enterprise breaches if employee devices are compromised and advises installing apps only from official stores and enabling protections such as Lockdown Mode on iOS and Advanced Protection on Android.
read more →

ZOLL ePCR iOS App Vulnerability Exposes Local Data

🔒 The ZOLL ePCR iOS mobile application (version 2.6.7) contains a WebView input-sanitization flaw (CVE-2025-12699) that can reflect attacker-controlled strings into rendered HTML/JavaScript. Proof-of-concept testing shows injected scripts may read local application files, potentially exposing device telemetry and protected health information (PHI). CISA assigns a CVSS v3.1 base score of 5.5 (MEDIUM), notes the issue is not remotely exploitable, and reports no known public exploitation. ZOLL decommissioned the iOS app in May 2025 and has no replacement planned.
read more →

iPhone Lockdown Mode Blocks FBI Extraction, Shows Limits

🔒 A court filing shows the FBI's Computer Analysis Response Team (CART) could not extract a Washington Post reporter's iPhone because Apple's Lockdown Mode was enabled. The raid and seizure occurred in January during an investigation into leaks of classified information tied to a government contractor. The filing contrasts devices the FBI could access with the iPhone that resisted standard forensic tools, suggesting Lockdown Mode can impede common extraction techniques.
read more →

Samsung Knox Enhances Mobile Network Security Controls

🔒 Samsung Knox provides built‑in, per‑app network controls, detailed access logs, and a Zero Trust Network Access framework that complements existing VPN deployments. Its firewall supports IPv4/IPv6 filtering, domain and subdomain rules, split DNS tunneling, and context-rich logging (app package, domain/IP, timestamp) to accelerate investigations and reduce false positives. Integrated device health signals and hardware‑backed lockdowns enable dynamic policy enforcement without multiple agents. Certified for SOC 2 and compatible with leading MDM/UEM and SIEM platforms, Knox simplifies deployment while improving visibility for security teams.
read more →

Smartphones Now Central to Nearly Every Police Probe

🔍 A Cellebrite 2026 Industry Trends Report based on 1,200 law enforcement respondents across 63 countries finds digital evidence — particularly from smartphones — has become central to almost all investigations. Some 95% of practitioners say digital evidence is key to solving cases and 97% point to smartphones as a top source. Agencies report increasing complexity, locked devices in over half of cases, and growing resource reallocations to handle digital work, while many see AI as useful but constrained by policy.
read more →

Apple adds carrier-level option to limit precise location

🛡️ Apple has added a Limit Precise Location setting in iOS 26.3 and later that restricts the location information mobile carriers receive via cell-tower connections, sharing only an approximate area rather than a precise street address. The toggle applies to specific models — iPhone Air, iPhone 16e, and iPad Pro (M5) Wi‑Fi + Cellular — and requires carrier support; currently supported networks include Telekom (Germany), EE and BT (UK), Boost Mobile (US), and AIS and True (Thailand). Apple says the feature does not affect Location Services or location sharing with friends and family, and it does not change emergency-call location data; users enable it in Settings → Cellular → Cellular Data Options and a restart may be required.
read more →

Google strengthens Android theft protection features

🔒 Google has introduced stronger authentication safeguards and enhanced recovery tools to make smartphones harder targets for thieves. The update adds granular controls for Failed Authentication Lock, expands Identity Check to protect all apps using the Android Biometric Prompt (including Google Password Manager and third‑party banking apps), and introduces longer lockout times to slow guessing attempts. Remote Lock now offers an optional security challenge to verify ownership, and for new devices in Brazil Google will enable Theft Detection Lock and Remote Lock by default. Authentication safeguards require Android 16+; recovery tools require Android 10+.
read more →

WhatsApp Launches Strict Account Settings Lockdown

🔒 Meta has begun rolling out a new WhatsApp feature called Strict Account Settings that provides lockdown-style protections for journalists, public figures, and other high-risk users. The option, enabled only from a user's primary device under Settings > Privacy > Advanced, enforces the strictest privacy controls, including mandatory two-step verification and blocking media and calls from unknown senders. It also hides profile data, disables link previews, and limits features that could expose users to sophisticated spyware. Meta said the feature is intended for the small number of users who face targeted, high-risk campaigns.
read more →

GhostChat romance-scam: targeted Android spyware in Pakistan

🔍 ESET researchers disclosed a targeted Android espionage campaign (published 28 Jan 2026) that used a fake dating app called GhostChat (detected as Android/Spy.GhostChat.A) to lure victims in Pakistan. The app, never on Google Play and requiring manual install from unknown sources, presents locked female profiles with hardcoded access codes and embedded WhatsApp numbers to drive victims into operator-controlled chats. Once executed it requests broad permissions, immediately exfiltrates device identifiers, contacts and a wide range of files, and continues to upload newly created images and documents on a scheduled basis. ESET linked related Windows activity using the same C2 infrastructure, published IoCs and sample hashes (for example SHA-1 B15B1F3F2227EBA4B69C85BDB638DF34B9D30B6A), and shared findings with Google; known variants are blocked by Play Protect on devices with Google Play Services.
read more →

Android Theft Protection Updates: Smarter, Stronger

🔒 The Android Security Team announced a set of theft protection updates designed to make devices harder targets for criminals. Available on devices running Android 16+ and recovery tools on Android 10+, the changes add a dedicated toggle for Failed Authentication Lock, expand Identity Check coverage to all apps using the Biometric Prompt, and increase lockout times while preventing identical repeated guesses from counting toward retries. Remote Lock gains an optional security challenge, and new devices activated in Brazil will ship with Theft Detection Lock and Remote Lock enabled by default.
read more →