UC Browser downloaded a third-party app store over unsecured channels
https://www.zscaler.com/blogs/research/uc-browser-app-abuses-may-have-exposed-500-million-users
https://www.zscaler.com/blogs/research/uc-browser-app-abuses-may-have-exposed-500-million-users
Zscaler
UC Browser app abuses and exposed 500 million users | Blog
As we began to analyze the UC Browser app, we found requests were being made to download an additional APK over an unsecured channel.
HiddenApp found on Google Play with 500,000+ installs
https://twitter.com/ReBensk/status/1185188429518139392?s=19
https://twitter.com/ReBensk/status/1185188429518139392?s=19
Twitter
Re-ind
Hiddad app Packed with Jiagu packer found on Google Play 500,000+ Installs after install hides it's icon from the App Drawer and running in the background. https://t.co/0cPl31uuhN
Joker Trojan found on Google Play
Three apps with 20,000+ installs
https://twitter.com/ReBensk/status/1186227496460513280
Three apps with 20,000+ installs
https://twitter.com/ReBensk/status/1186227496460513280
Twitter
Re-ind
Three Joker app's found on Google Play: https://t.co/apqhtPsAcp https://t.co/QZgD6Yj6Nt https://t.co/UBXuVj4nW3
More Joker Trojans on Google Play
8 apps with 196,000+ installs
https://twitter.com/m0br3v/status/1186277973923696641
https://twitter.com/sh1shk0va/status/1186291616769814529
8 apps with 196,000+ installs
https://twitter.com/m0br3v/status/1186277973923696641
https://twitter.com/sh1shk0va/status/1186291616769814529
Twitter
I.Zhilyakov
And more #joker samples: com.billiards.wallpapers - October 18, 2019, 10,000+ com.peculiarwallpaper.wpshow - October 15, 2019, 50,000+ com[.de.sourceforge.opencamera - October 16, 2019, 10,000+ com.zima.latest.gamelist - October 15, 2019, 100,000+ #malware…
Remove Snaptube app, based on the research it's adfraud
https://www.upstreamsystems.com/secure-d-uncovers-non-human-clicks-subnoscriptions-popular-android-app-snaptube/
https://www.upstreamsystems.com/secure-d-uncovers-non-human-clicks-subnoscriptions-popular-android-app-snaptube/
Upstream
Secure-D uncovers non-human clicks and subnoscriptions from popular Android app Snaptube - Upstream
Fake Swisscom CSIRT app luring credentials found on Google Play
https://twitter.com/swisscom_csirt/status/1186528018740793344
https://twitter.com/swisscom_csirt/status/1186528018740793344
Twitter
Swisscom CSIRT
Neue Fake Bluewin App ist im Google Play Store aufgetaucht. Bitte nicht installieren und auf keinen Fall Zugangsdaten eingeben. Auftrag zur Entfernung ist bereits unterwegs. #staysafe #bluewin ^Mike
Joker Trojan found on Google Play
Joker misuses notificaiton access to steal received SMS containing verification codes to subscribe for services
Found: 29 apps with 280,000+ installs
https://blog.trendmicro.com/trendlabs-security-intelligence/fake-photo-beautification-apps-on-google-play-can-read-sms-verification-code-to-trigger-wireless-application-protocol-wap-carrier-billing/
Joker misuses notificaiton access to steal received SMS containing verification codes to subscribe for services
Found: 29 apps with 280,000+ installs
https://blog.trendmicro.com/trendlabs-security-intelligence/fake-photo-beautification-apps-on-google-play-can-read-sms-verification-code-to-trigger-wireless-application-protocol-wap-carrier-billing/
Trend Micro
Adware Apps Seen With Optimized Evasion Features
We found 49 new adware apps on the Google Play Store, disguised as games and stylized cameras. Before they were taken down, the total number of downloads for these apps was more than 3 million.
New Android Banking Trojan Family - Gnip
https://twitter.com/sh1shk0va/status/1186968376930897926
https://twitter.com/sh1shk0va/status/1186968376930897926
Twitter
Tatyana Shishkova
New Android banking Trojan family #Ginp targeting Spain 🇪🇸 and UK 🇬🇧. Latest versions imitate Adobe Flash Player and decrypt payload from assets. Abuses Accessibility Service, sets itself as default SMS app, gets phishing injects from C&C server. (1/2)
Tracking down the developer of Android adware affecting millions of users #OSINT
42 Android adware apps on Google Play with 8,000,000+ installs
https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/
42 Android adware apps on Google Play with 8,000,000+ installs
https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/
WeLiveSecurity
Tracking down the developer of Android adware affecting millions of users
ESET researchers have uncovered 42 popular adware-laced Android apps in Google Play and tracked down the rogue developer.
Discovered 17 apps on the Apple App Store that are infected with clicker Trojan malware
https://www.wandera.com/mobile-security/ios-trojan-malware/
https://www.wandera.com/mobile-security/ios-trojan-malware/
Jamf
Trojan malware infecting 17 apps on the App Store
Wandera’s threat research team has discovered 17 apps on the Apple App Store that are infected with clicker trojan malware.
NFC Beaming could bypass “install unknown application” prompt to install apps on Android 8 and higher - CVE-2019-2114
https://wwws.nightwatchcybersecurity.com/2019/10/24/nfc-beaming-bypasses-security-controls-in-android-cve-2019-2114/
https://wwws.nightwatchcybersecurity.com/2019/10/24/nfc-beaming-bypasses-security-controls-in-android-cve-2019-2114/
Nightwatch Cybersecurity
NFC Beaming Bypasses Security Controls in Android [CVE-2019-2114]
Summary NFC beaming of applications between devices using Android OS bypasses some security controls (the “install unknown application” prompt). A rogue device like a payment terminal c…
ANDROID HACKING WITH TERMUX
How to setup and install all the necessary tools
https://dotweak.com/2019/10/12/android-hacking-with-termux-QldEN2RLSU9rc2VOZUJjREEzeWlSdz09
How to setup and install all the necessary tools
https://dotweak.com/2019/10/12/android-hacking-with-termux-QldEN2RLSU9rc2VOZUJjREEzeWlSdz09
Mobile Malware and APT Espionage: Prolific, Pervasive, and Cross-Platform
https://threatvector.cylance.com/en_us/home/mobile-malware-and-apt-espionage-prolific-pervasive-and-cross-platform.html
https://threatvector.cylance.com/en_us/home/mobile-malware-and-apt-espionage-prolific-pervasive-and-cross-platform.html
Four Joker Trojans found on Google Play with 16,000+ installs
https://twitter.com/sh1shk0va/status/1188754354779672576
https://twitter.com/sh1shk0va/status/1188754354779672576
Twitter
Tatyana Shishkova
#Joker Trojans are appearing on Google Play almost every day. More fake apps added on Oct 26 and still available: https://t.co/2QtrVAooXh https://t.co/0WAMRGjy6t https://t.co/rCLbI9vQVA https://t.co/CnwFbokLV7
102 adware apps with over 440,000 installs on Google Play
https://twitter.com/0xabc0/status/1189132270256513025
https://twitter.com/0xabc0/status/1189132270256513025
Twitter
Ahmet Bilal Can
moreee https://t.co/8YJVE5bDgJ
Xhelper: Persistent Android dropper app infects 45K devices in past 6 months
Functionality: it hide itself, can download additional apps and display ads
https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware
Functionality: it hide itself, can download additional apps and display ads
https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware
Security
Xhelper: Persistent Android Dropper App Infects 45K Devices in Past 6 Months
Malicious app hides itself, downloads other threats, displays ads, and is mainly targeting users in India, U.S., and Russia.
Analysis of Joker Trojans found on Google Play
https://labs.k7computing.com/?p=19247
https://labs.k7computing.com/?p=19247
Top Android malware threats of October, 2019
Full list: http://skptr.me/malware_timeline_2019.html
Download: - https://github.com/sk3ptre/AndroidMalware_2019
Full list: http://skptr.me/malware_timeline_2019.html
Download: - https://github.com/sk3ptre/AndroidMalware_2019
ai.type keyboard app from Google Play contained AdFraud functionality to make ad clicks and unwanted purchases
https://www.upstreamsystems.com/secure-d-uncovers-suspicious-mobile-transactions-android-keyboard-app-ai-type-generating-non-human-clicks-making-unwanted-purchases/
https://www.upstreamsystems.com/secure-d-uncovers-suspicious-mobile-transactions-android-keyboard-app-ai-type-generating-non-human-clicks-making-unwanted-purchases/
Upstream
Secure-D uncovers suspicious mobile transactions from Android Keyboard app ai.type - Upstream
Over a recent period, Upstream’s security platform Secure-D has blocked millions of suspicious mobile transaction requests coming from popular Android Emoji app ai.type.