⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More
It’s Monday again
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
It’s Monday again
Rokarolla Android malware targets 217 banking and crypto apps, steals credentials, blocks bank calls, intercepts SMS, and disables Play Protect. Zimperium’s zLabs researchers have published a detailed analysis of Rokarolla, a new Android banking trojan named after its command-and-control infrastructure. It spreads through malicious websites masquerading as TikTok and Chrome, one confirmed distribution point being […]
Malware Targets Banks, Crypto Platforms and Social MediaNewly surfaced Android-based banking Trojan gives threat actors near-total control over infected devices, letting them steal user credentials for direct access to financial accounts, says researchers. Rokarolla tricks users into side-loading malicious versions of popular, high traffic apps.
New Trojan May Soon Be Offered for Sale to Criminal UndergroundSecurity researchers warn of "Massiv," an Android Trojan - disguised as an IPTV app - targeting users who sideload streaming apps. The malware enables screen capture, overlays and credential theft - and may soon be marketed on criminal underground forums as malware as a service.
A new Android malware campaign is using the Hugging Face platform as a repository for thousands of variations of an APK payload that collects credentials for popular financial and payment services. [...]
Cybersecurity researchers have disclosed details of a new Android banking trojan called Sturnus that enables credential theft and full device takeover to conduct financial fraud
Trojan Poised for Use in Campaigns Across the GlobeAndroid malware advertised as "Herodotus" on cybercrime forums injects a randomized pause of up to three seconds whenever a hacker bypasses the keyboard on an infected device to enter account credentials. Systems that rely on indicators such as input timing may wave through the transaction.
Google on Tuesday announced that its new Google Pixel 10 phones support the Coalition for Content Provenance and Authenticity (C2PA) standard out of the box to verify the origin and history of digital content
Google is integrating C2PA Content Credentials into the Pixel 10 camera and Google Photos, to help users distinguish between authentic, unaltered images and those generated or edited with artificial intelligence technology. [...]
Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey
Over 300 malicious Android applications downloaded 60 million items from Google Play acted as adware or attempted to steal credentials and credit card information. [...]
New AppLite Banker malware targets Android devices, employing advanced phishing techniques to steal credentials and data
A new Android banking malware named 'DroidBot' attempts to steal credentials for over 77 cryptocurrency exchanges and banking apps in the UK, Italy, France, Spain, and Portugal. [...]
A new Android banking malware named 'DroidBot' attempts to steal credentials for over 77 cryptocurrency exchanges and banking apps in the UK, Italy, France, Spain, and Portugal. [...]
Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a new Android device
Azure Blob Storage, AWS, and Twilio keys all up for grabs An analysis of widely used mobile apps offered on Google Play and the Apple App Store has found hardcoded and unencrypted cloud service credentials, exposing millions of users to major security problems.…
Multiple popular mobile applications for iOS and Android come with hardcoded, unencrypted credentials for cloud services like Amazon Web Services (AWS) and Microsoft Azure Blob Storage, exposing user data and source code to security breaches. [...]
Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims' banking credentials
Threat actors started to use progressive web applications to impersonate banking apps and steal credentials from Android and iOS users. [...]
Also: The US Supreme Court; Polyfill; BEC Compromise for Frozen ChickenThis week, cyber insurance policies fell short, the Supreme Court rejected efforts to fight disinformation, Polyfill apparently was hijacked, cybercriminals stole chicken, Levi warned of a credential stuffing attack, hackers targeted Android devices, and a lab in South Africa was hit by ransomware.