Archives for 

Android Vulnerability

Ransomeware (Doxware) disguises itself as Battery Monitoring App on Google Play infects millions

One of Checkpoint’s customer’s employee downloaded a malicious app called “EnergyRescue” which consisted of zero day mobile ransomeware (Doxware)from Google Play store. The ransomeware dubbed “Charger” and has appeared to be downloaded by millions of Android users.

The ransomeware infected app gets access to contacts and SMS messages from the user’s device requesting admin permissions appears to be genuine. Once the admin permission is granted, the ransomware locks the device and requests the ransom from the victim for .2 bitcoins which is almost 180$. This amount is pretty high for the same category which has been seen lately.

The ransomware demands the money or else threatens to post the user data online every 30 minutes.

You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes,WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT. WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER!TURNING OFF YOUR PHONE IS MEANINGLESS, ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS! WE STILL CAN SELLING IT FOR SPAM, FAKE, BANK CRIME etc… We collect and download all of your personal data. All information about your social networks, Bank accounts, Credit Cards. We collect all data about your friends and family.

The malware contains a dropper which attracts real malicious components to the mobile device.

Hence the real impact is unknown but this app has infected millions of users worldwide. Recommendation can be found here

Share Button

New Variant of HummingBad malware found inside more than 20 apps on Google play infects millions

New Variant of HummingBad malware found inside more than 20 apps on Google play infects millions Researchers from Checkpoint have discovered a dubbed HummingWhale Android malware, Hummingbad was found inside more than 20 Google play apps. One of the apps inside Google play with Hummingbad infection appears to have been downloaded more than a millions […]
Share Button
Continue reading →

Android.BankBot.149.origin – First Android Banking trojan of 2017 can download apps and installs itself

The first Android banker malware (Android.BankBot.149.origin) of 2017 is already out and its source code is put on the web. This Android malware can steal users banking information and send it to CnC servers. The source code available on the web also means more variants of this malware will be seen in the wild very […]
Share Button
Continue reading →

Gooligan malware campaign steals more than 1 Million Google Accounts using Android phones – Checkpoint

Researchers from Checkpoint have identified that a dubbed malware Gooligan has infected more than 1.3 million Android users globally. Android targeted malware campaign infects devices and steals authentication tokens which is then used to access data from Google apps such as Google play, Gmail, google photos google docs, google drive and many others. The malware […]
Share Button
Continue reading →

Android devices hijacked by Chinese company for guaranteed Clicks around the world

A mobile app development company has been identified as the perpetrator of distributing malicious applications globally and hacking the Android phones of users on whose devices these apps are installed. The apps grant complete access to the Android devices of the users and the attackers can gain total control over these devices. These malware apps […]
Share Button
Continue reading →

Elevation of Privilege Vulnerability Could Bypass “Screen Lock” Of Android 5.0 (CVE-2015-3860)

UT Austin ISO (Information Security Office) has detected a bug in Android 5.x that allows hackers to bypass the locked screen of the phone and access the home screen or other functions of the phone. For the purpose of the attack however the attacker must have physical access to the phone and the screen should […]
Share Button
Continue reading →

Stagefright Security patch leaves more than 950 million Android devices vulnerable hacked by a text- CVE-2015-3824

Stagefright Security patch leaves more than 950 million devices vulnerable hacked by a text The Stagefright vulnerability allows attacker to hack a phone with a text. Wiki (CVE-2015-3824) The patch issued by Google for Stagefright doesn’t fix the vulnerability leaving more than 95% of the Android devices vulnerable. The Android devices running version 2.2 to […]
Share Button
Continue reading →

Android serialization vulnerability (CVE-2015-3825) gives super user status to a underprivileged user

IBM researchers have identified that more than 55% of Android users appeared to have impacted with Android serialization vulnerability – CVE-2015-3825.  This basically means Android versions 4.3 and newer are vulnerable to this vulnerability. An advanced attackers could exploit this vulnerability to give a malicious app with no or least privileges the ability to become a super […]
Share Button
Continue reading →

Android’s Certifi-Gate remote access securit vulnerability exploited in the wild – Checkpoint

Last week Check Point discovered Certifi-Gate-based vulnerability which could take complete control of Android devices. This serious security vulnerability has made millions of Android devices vulnerable and are open in the wild.The mRTS plugin allows malicious applications to gain  privileged access rights, even if your device is not rooted . The vulnerability is in the authorization […]
Share Button
Continue reading →