Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Summary: A new banking Trojan called Antidot has been discovered by Cyble Research and Intelligence Labs, targeting Android devices with sophisticated malware features.
Threat Actor: Antidot Trojan | Antidot Trojan Victim: Android users | Android users
Key Point :
The Antidot Trojan disguises itself as a Google Play update application and displays a fake update page in multiple languages to target Android users in different regions.…Summary: Google is introducing new anti-theft and data protection features for Android devices, including a Theft Detection Lock, Offline Device Lock, and Remote Lock.
Threat Actor: N/A
Victim: N/A
Key Points:
Google is introducing multiple anti-theft and data protection features for Android devices. The Theft Detection Lock will lock the screen if it detects abrupt motions associated with theft attempts.…Summary: Apple and Google have announced an industry specification for Bluetooth tracking devices that will alert users to unwanted tracking.
Threat Actor: Unwanted tracking | unwanted tracking Victim: Users | users
Key Point :
Apple and Google have collaborated on a specification called “Detecting Unwanted Location Trackers” to alert users if their device is being used to track them.…Summary: This content discusses a cyber campaign conducted by Russian-speaking threat actors who used legitimate internet services to deploy various malware variants, posing challenges for tracking and defense against this type of threat.
Threat Actor: Russian-speaking threat actors | Russian-speaking threat actors Victim: Multiple victims | Multiple victims
Key Point :
Russian-speaking threat actors utilized legitimate internet services like GitHub and FileZilla to distribute multiple malware variants, demonstrating their adaptability and advanced capabilities.…Summary: This content discusses BLint, a Binary Linter that evaluates the security properties and capabilities of executables and can produce Software Bill-of-Materials (SBOM) for compatible binaries.
Threat Actor: N/A
Victim: N/A
Key Point :
BLint is an open-source tool that aids in generating an SBOM for binary executables, allowing for the identification of overlooked security weaknesses and vulnerable software.…Research by: Antonis Terefos
IntroductionPDF (Portable Document Format) files have become an integral part of modern digital communication. Renowned for their universality and fidelity, PDFs offer a robust platform for sharing documents across diverse computing environments. PDFs have evolved into a standard format for presenting text, images, and multimedia content with consistent layout and formatting, irrespective of the software, hardware, or operating system used to view them.…
Summary: Apple has backported security patches to older iPhones and iPads, fixing an iOS zero-day vulnerability that was actively exploited in attacks.
Threat Actor: Unknown | Unknown Victim: Apple | Apple
Key Point :
Apple has addressed a memory corruption issue in its RTKit real-time operating system that allowed attackers to bypass kernel memory protections.…AhnLab’s Mobile Analysis Team has confirmed cases of romance scams where perpetrators establish rapport by posing as overseas friends or romantic partners. They exploit this connection to solicit money under the guise of cryptocurrency investments.
A romance scam is a type of fraud that involves emotional manipulation to solicit money through various means. …
Infostealers targeting macOS devices have been on the rise for well over a year now, with variants such as Atomic Stealer (Amos), RealStealer (Realst), MetaStealer and others widely distributed in the wild through malicious websites, cracked applications and trojan installers. These past few weeks have seen a new macOS malware family appear that researchers have dubbed ‘Cuckoo Stealer’, drawing attention to its abilities to act both as an infostealer and as spyware.…
In late 2023 and early 2024, the NCC Group Hardware and Embedded Systems practice undertook an engagement to reverse engineer baseband firmware on several smartphones. This included MediaTek 5G baseband firmware based on the nanoMIPS architecture. While we were aware of some nanoMIPS modules for Ghidra having been developed in private, there was no publicly available reliable option for us to use at the time, which led us to develop our own nanoMIPS disassembler and decompiler module for Ghidra.…
Summary: This content discusses a novel attack called TunnelVision that targets virtual private network (VPN) applications, compromising their ability to protect user traffic.
Threat Actor: Researchers have discovered this attack technique.
Victim: Users of VPN applications.
Key Point:
TunnelVision is an attack that forces VPN applications to send and receive traffic outside of the encrypted tunnel, undermining their purpose of protecting user data.…Summary: Finland’s Transport and Communications Agency (Traficom) has warned about an ongoing Android malware campaign that targets online bank accounts. Scammers send SMS messages instructing recipients to call a number and install a fake McAfee app, which is actually malware that allows threat actors to access victims’ bank accounts.…
Summary: Android devices have been found to leak DNS queries when switching VPN servers, even with the “Always-on VPN” feature enabled.
Threat Actor: Android bug
Victim: Mullvad VPN users
Key Point :
Android devices leak DNS queries when switching VPN servers, despite having the “Always-on VPN” feature enabled.…Summary: This content discusses the identification of vulnerabilities in Android apps from smartphone maker Xiaomi and Google’s Android Open Source Project (AOSP) by Oversecured, a business that scans mobile apps for security issues.
Threat Actor: Oversecured | Oversecured Victim: Xiaomi and Google’s Android Open Source Project (AOSP) | Xiaomi and Google’s Android Open Source Project (AOSP)
Key Point:
Oversecured has identified more than two dozen vulnerabilities in Android apps from Xiaomi and Google’s AOSP.…Summary: This content discusses a path traversal-affiliated vulnerability pattern found in multiple popular Android applications, which could lead to arbitrary code execution and token theft.
Threat Actor: Microsoft | Microsoft Victim: Multiple popular Android applications | popular Android applications
Key Point :
A path traversal-affiliated vulnerability pattern was discovered in multiple popular Android applications, allowing a malicious application to overwrite files in the vulnerable application’s home directory.…On April 24, 2024, we found a previously undetected malicious Mach-O binary programmed to behave like a cross between spyware and an infostealer. We have named the malware Cuckoo, after the bird that lays its eggs in the nests of other birds and steals the host’s resources for the gain of its young. …
Published On : 2024-05-03
EXECUTIVE SUMMARYThe team at CYFIRMA recently intercepted Android malware suspected to have been delivered by a Pakistan-based APT group targeting Indian defense personnel. Surprisingly, the campaign has been active for over a year. The unidentified threat actor possibly utilized Spynote, or its modified version known by Craxs Rat, obfuscating the app with a high level of complexity, making it difficult to understand.…
Summary: A new Android backdoor malware named ‘Wpeeper’ has been discovered in unofficial app stores, using compromised WordPress sites as relays for its command and control servers.
Threat Actor: Wpeeper | Wpeeper Victim: Android users who downloaded apps from unofficial app stores | Android users
Key Point :
A new Android backdoor malware named ‘Wpeeper’ has been spotted in at least two unofficial app stores mimicking the Uptodown App Store.…