Archives for 

Mobile Malware

More than 800 Android Apps on Google Play potentially infected with Xavier Trojan – Trend

Trend micro researchers have discovered a Android Trojan ad library named Xavier that steals user’s information without user knowledge. More than 800 Android apps which embedded the ad library appears to have infected with the malware. Xavier has self-protect mechanism that allows it to escape both static and dynamic analysis making it harder to detect. It can also download additional pieces of codes or scripts which can be very dangerous based on the intention of malware actions.
These identified Android apps have been downloaded by millions of people around the world which puts the entire Android ecosystem to risk.

Xavier Trojan is a member of the AdDown family, which has existed since 2015. The first version was called as joymobile which had the capability of remote code execution.

The current version can evade detection and adds information stealing module in addition to previous remote code execution. The infected apps appears to be found primarily in South Asian countries such as Vietnam, Philippines, Indonesia, Thailand, Taiwan and few others.

Pic from TrendMicro

Technical details of this malware can be found at Trend blog here

Indicators of Compramise : https://documents.trendmicro.com/assets/appendix-analyzing-xavier-an-information-stealing-ad-library-on-android.pdf

Share Button

New Variant of HummingBad malware found inside more than 20 apps on Google play infects millions

New Variant of HummingBad malware found inside more than 20 apps on Google play infects millions Researchers from Checkpoint have discovered a dubbed HummingWhale Android malware, Hummingbad was found inside more than 20 Google play apps. One of the apps inside Google play with Hummingbad infection appears to have been downloaded more than a millions […]
Share Button
Continue reading →

Gooligan malware campaign steals more than 1 Million Google Accounts using Android phones – Checkpoint

Researchers from Checkpoint have identified that a dubbed malware Gooligan has infected more than 1.3 million Android users globally. Android targeted malware campaign infects devices and steals authentication tokens which is then used to access data from Google apps such as Google play, Gmail, google photos google docs, google drive and many others. The malware […]
Share Button
Continue reading →

Pokemon Go servers down by DDoS attack- OurMine claims credit

PokemonGO was released two weeks back and its already making names all over the world. Last weekend Pokemon was targeted by a group of hackers named “OurMine” took the site down with massive DDoS. The users might have had difficulty logging to the Pokemon and the company displayed the messaged a below. In a post of Ourmine , the […]
Share Button
Continue reading →

Smartphone browsers can deliver powerful DDoS attack with 4.5billion requests causing Flood Attack

One of the most malicious attacks that can ever be launched on a website is being flooded with multiple requests that it cannot handle, otherwise known as DDoS’es. According to internet security researchers, this nightmare may have recently become a reality after one site was targeted in such a manner with an aim of overwhelming […]
Share Button
Continue reading →

Google Chrome can be crashed with 16 characters

If you use Google Chrome 45 or any of the older versions, it can crash by simply typing a 16 character URL. The bug was first detected by Andris Atteka who reported it to Google, but he was not rewarded since it is not a security issue but a DOS vulnerability. The issue reported by […]
Share Button
Continue reading →

Elevation of Privilege Vulnerability Could Bypass “Screen Lock” Of Android 5.0 (CVE-2015-3860)

UT Austin ISO (Information Security Office) has detected a bug in Android 5.x that allows hackers to bypass the locked screen of the phone and access the home screen or other functions of the phone. For the purpose of the attack however the attacker must have physical access to the phone and the screen should […]
Share Button
Continue reading →

Android serialization vulnerability (CVE-2015-3825) gives super user status to a underprivileged user

IBM researchers have identified that more than 55% of Android users appeared to have impacted with Android serialization vulnerability – CVE-2015-3825.  This basically means Android versions 4.3 and newer are vulnerable to this vulnerability. An advanced attackers could exploit this vulnerability to give a malicious app with no or least privileges the ability to become a super […]
Share Button
Continue reading →

Android’s Certifi-Gate remote access securit vulnerability exploited in the wild – Checkpoint

Last week Check Point discovered Certifi-Gate-based vulnerability which could take complete control of Android devices. This serious security vulnerability has made millions of Android devices vulnerable and are open in the wild.The mRTS plugin allows malicious applications to gain  privileged access rights, even if your device is not rooted . The vulnerability is in the authorization […]
Share Button
Continue reading →

Remote Code Execution vulnerability on Google store allows Hackers to remotely install malware apps on your Android Device

Researchers from Metaspolit have discovered a major flow on devices running Android 4.3 (Jelly Bean) & prior versions that no longer receive official security updates from Android security team for WebView. Webview is one of core component for Google store. Attackers can easily install the malware app and perform malicious actions. Due to a lack […]
Share Button
Continue reading →