Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Android. Show all posts
SeedSnatcher
Android ClayRat FvncBot malware SeedSnatcher

New Android Malware SeedSnatcher and FvncBot Found By Experts


New Android malware found

Researchers have revealed details of two Android malware strains called SeedSnatcher and FvncBot. Upgraded version of ClayRat was also found in the wild. 

About the malware 

FvncBot works as a security app built by mBank and attacks mobile banking users in Poland. The malware is written from scratch and is different from other banking trojans such as ERMAC whose source codes have been leaked.

According to Intel 471, the malware "implemented multiple features including keylogging by abusing Android's accessibility services, web-inject attacks, screen streaming and hidden virtual network computing (HVNC) to perform successful financial fraud."

Like the Albiriox banking malware, this trojan is shielded by a service called apk0day that Golden Crypt offers.

Attack tactic 

After the dropper app is launched, users are asked to download a Google Play component for security of the app. But in reality, it deploys the malware via session-based approach which other actors adopt to escape accessibility restrictions on Android devices version 13 and above.

According to Intel 471, "During the malware runtime, the log events were sent to the remote server at the naleymilva.it.com domain to track the current status of the bot." After this, the malware asks victims for accessibility services permission, it then gets privileges and connects to an external server. 

Malware capabilities 

FvncBot also triggers a text mode to analyze the device screen layout and content even in cases where an app doesn't allow screenshots by setting the FLAG_SECURE option. 

Experts don't yet know how FvncBot is getting widespread, but Android banking trojans leverage third-party app stores and SMS phishing as a distribution vector. 

According to Intel 471, "Android's accessibility service is intended to aid users with disabilities, but it also can give attackers the ability to know when certain apps are launched and overwrite the screen's display." 

The firm added that the sample was built to "target Polish-speaking users, it is plausible we will observe this theme shifting to target other regions or to impersonate other Polish institutions."


Beyond the immediate threat to banking and cryptocurrency users, the emergence of FvncBot, SeedSnatcher, and the upgraded ClayRat underscores a troubling evolution in mobile-malware design: an increasing shift toward “full-device takeover” rather than mere credential theft. By exploiting legitimate features, such as Android’s accessibility services, screen-streaming APIs, and overlay permissions, these trojans can invisibly hijack almost every function of a smartphone: logging keystrokes, intercepting SMS-delivered 2FA codes, capturing screen contents even when apps try to block screenshots, and executing arbitrary commands as though the real user were interacting with the device. 

This marks a new class of threat in which a compromised phone becomes a proxy tool for remote attackers: they don’t just steal data, they can impersonate the user, conduct fraudulent transactions, or monitor every digital activity. Hence, users worldwide, not only in Poland or crypto-heavy regions, must remain vigilant: the architecture these threats use is platform-wide, not region-specific, and could easily be repurposed for broader global campaigns.
Read more »
Spyware
Android Cyber Phishing Financial Data iOS malware Personal Information Spyware

How To Tell If Spyware Is Hiding On Your Phone And What To Do About It

 



Your smartphone stores personal conversations, financial data, photos, and daily movements. This concentration of information makes it attractive to attackers who rely on spyware. Spyware is malicious software that pretends to be a useful app while silently collecting information. It can arrive through phishing messages, deceptive downloads, fake mobile tools, or through legitimate apps that receive harmful updates. Even monitoring tools designed for parents or employers can be misused to track someone without their knowledge.

Spyware exists in multiple forms. One common category is nuisanceware, which appears with legitimate apps and focuses on showing unwanted ads, altering browser settings, and gathering browsing data for advertisers. Although it does not usually damage the device, it still disrupts user activity and profits from forced ad interactions. Broader mobile spyware goes further by pulling system information, clipboard content, login credentials, and data linked to financial accounts. These threats rely on tricking users through harmful emails, unsafe attachments, social media links, fake text messages, or direct physical access.

A more aggressive class of spyware overlaps with stalkerware and can monitor nearly every action on a victim’s device. These tools read messages across different platforms, intercept calls, capture audio from the environment, trigger the camera, take screenshots, log keystrokes, track travel routes, and target social media platforms. They are widely associated with domestic abuse because they allow continuous surveillance of a person’s communication and location. At the highest end is commercial spyware sold to governments. Tools like Pegasus have been used against journalists, activists, and political opponents, although everyday users are rarely targeted due to the high cost of these operations.

There are several early signs of an attempted spyware install. Strange emails, unexpected social media messages, or SMS alerts urging you to click a link are often the first step. Attackers frequently use urgent language to pressure victims into downloading malicious files, including fake delivery notices or warnings framed as bank or tax office messages. Sometimes these messages appear to come from a trusted contact. Stalkerware may require physical access, which means a phone that briefly goes missing and returns with new settings or apps could have been tampered with.

Once spyware is installed, your phone may behave differently. Rapid battery drain, overheating, sudden reboots, location settings turning on without reason, or a sharp increase in mobile data use can indicate that data is being transmitted secretly. Some variants can subscribe victims to paid services or trigger unauthorized financial activity. Even harmless apps can turn malicious through updates, so new problems after installing an app deserve attention.

On Android devices, users can review settings that control installations from outside official stores. This option usually appears in Settings > Security > Allow unknown sources, although the exact location depends on the manufacturer. Another path to inspect is Apps > Menu > Special Access > Install unknown apps, which lists anything permitted to install packages. This check is not completely reliable because many spyware apps avoid appearing in the standard app view.

Some spyware hides behind generic names and icons to blend in with normal tools such as calculators, calendars, utilities, or currency converters. If an unfamiliar app shows up, running a quick search can help determine whether it belongs to legitimate software.

For iPhones that are not jailbroken, infection is generally harder unless attackers exploit a zero-day or an unpatched flaw. Risks increase when users delay firmware updates or do not run routine security scans. While both platforms can show signs of compromise, sophisticated spyware may remain silent.

Some advanced surveillance tools operate without leaving noticeable symptoms. These strains can disguise themselves as system services and limit resource use to avoid attention.

Removing spyware is challenging because these tools are designed to persist. Most infections can be removed, but some cases may require a full device reset or, in extreme scenarios, replacing the device. Stalkerware operators may also receive alerts when their access is disrupted, and a sudden halt in data flow can signal removal.

If removing spyware could put someone at physical risk, they should avoid tampering with the device and involve law enforcement or relevant support groups.

Several approaches can help remove mobile spyware:

1. Run a malware scan: Reputable mobile antivirus tools can detect many common spyware families, though they may miss advanced variants.

2. Use dedicated removal tools: Specialized spyware removal software can help, but it must only be downloaded from trusted sources to avoid further infection.

3. Remove suspicious apps: Reviewing installed applications and deleting anything unfamiliar or unused may eliminate threats.

4. Check device administrator settings: Spyware may grant itself administrator rights. If such apps cannot be removed normally, a factory reset might be necessary.

5. Boot into Safe Mode: Safe Mode disables third-party apps temporarily, making removal easier, though advanced spyware may still persist.

6. Update the operating system: Patches often close security gaps that spyware relies on.


After discovering suspicious activity, users should take additional security steps. First, change passwords and enable biometrics: Resetting passwords on a separate device and enabling biometric locks strengthens account and device security. Secondly, create a new email address: A private email account can help regain control of linked services without alerting a stalkerware operator.

Advanced, commercial spyware demands stronger precautions. Research-based recommendations include:

• Reboot the device daily to disrupt attacks that rely on temporary exploits.

• Disable iMessage and FaceTime on iOS, as they are frequent targets for exploitation.

• Use alternative browsers such as Firefox Focus or Tor Browser to reduce exposure from browser-based exploits.

• Use a trusted VPN and jailbreak detection tools to protect against network and system-level intrusion.

• Use a separate secure device like those running GrapheneOS for sensitive communication.

Reducing the risk of future infections requires consistent precautions:

• Maintain physical device security through PINs, patterns, or biometrics.

• Install system updates as soon as they are released.

• Run antivirus scans regularly.

• Avoid apps from unofficial sources.

• Enable built-in security scanners for new installations.

• Review app permissions routinely and remove intrusive apps.

• Be cautious of suspicious links.

• Avoid jailbreaking the device.

• Enable multi-factor authentication, keeping in mind that spyware may still capture some verification codes.



Read more »
pins
Android ATM Banks debit cards Financial Breach malware NFC pins

New Android Malware Steals Debit Card Data And PINs To Enable ATM Withdrawals

 




Security researchers have identified an Android malware operation that can collect debit card details and PINs directly from a victim’s mobile device and use that information to withdraw cash from an ATM. What makes this attack particularly dangerous is that criminals never need to handle the victim’s physical bank card at any point. Instead, the entire theft is carried out through the victim’s compromised phone, wireless communication features, and a coordinated cashout attempt at an ATM.

The threat relies on a combination of social engineering and near field communication, a short-range wireless feature widely used for contactless payments on smartphones and payment cards. Once the malware is in place, it quietly monitors NFC activity on the compromised phone, captures the temporary transaction data, and sends this information to an accomplice positioned near an ATM. Because these NFC codes change quickly and are valid only for a short period, the cash withdrawal must be carried out almost immediately for the fraud to succeed.

The attackers cannot begin the operation until they convince the target to install the malicious application. To achieve this, they commonly send deceptive text messages or emails that pretend to come from a bank. These messages warn the user about false account issues or security concerns and direct them to install an app from a link. Victims are sometimes contacted through follow-up calls to reinforce the urgency and to make the request appear more legitimate. The app itself does not come from an official store and often asks for permissions it does not need, including access to financial inputs. Once a user enters their card information and PIN, the malware is ready to operate in the background.

When the victim completes a contactless transaction on their phone, the malware intercepts the NFC exchange and sends the captured data to the waiting accomplice. That person uses a phone or smartwatch to simulate the victim’s payment credential at a nearby ATM and withdraws money before the dynamic code becomes invalid. Because all steps are interconnected and time sensitive, the criminals typically coordinate their roles in advance.

This technique stands out because it exploits features designed for convenience. It does not rely on physical skimming devices or stolen cards. Instead, it abuses trusted communication processes inside the victim’s own device. The combination of fake alerts, misleading calls, unauthorized apps, and wireless data relays makes the attack appear legitimate to those who are not familiar with these tactics.


Practical steps readers should take :

• Only install banking or payment apps from official app stores or verified developer pages.

• Treat unsolicited messages or calls claiming to be from your bank as suspicious; verify alerts using the phone number printed on your card or official statements.

• Never share card numbers or PINs in response to unsolicited contacts.

• Review installed apps and revoke permissions for unknown or unnecessary apps, particularly those that request accessibility or payment access.

• Use reputable mobile security software and keep the device and apps updated; some security products can detect malicious installers and block phishing links. 

• Any suspicious alerts should be verified by contacting the bank using official phone numbers printed on cards or statements.


As cybercriminals continue to grow more layered and coordinated attacks, staying informed about these methods is essential. Understanding how such schemes operate can help individuals protect themselves and warn others before they become victims.

Read more »
Spyware
AI Android Data Internet malware Pegasus Spyware

How Spyware Steals Your Data Without You Knowing About It


You might not be aware that your smartphone has spyware, which poses a risk to your privacy and personal security. However, what exactly is spyware? 

This type of malware, often presented as a trustworthy mobile application, has the potential to steal your data, track your whereabouts, record conversations, monitor your social media activity, take screenshots of your activities, and more. Phishing, a phony mobile application, or a once-reliable software that was upgraded over the air to become an information thief are some of the ways it could end up on your phone.

Types of malware

Legitimate apps are frequently packaged with nuisanceware. It modifies your homepage or search engine settings, interrupts your web browsing with pop-ups, and may collect your browsing information to sell to networks and advertising agencies.

Nuisanceware

Nuisanceware is typically not harmful or a threat to your fundamental security, despite being seen as malvertising. Rather, many malware packages focus on generating revenue by persuading users to view or click on advertisements.

Generic mobile spyware

Additionally, there is generic mobile spyware. These types of malware collect information from the operating system and clipboard in addition to potentially valuable items like account credentials or bitcoin wallet data. Spray-and-pray phishing attempts may employ spyware, which isn't always targeted.

Stalkerware

Compared to simple spyware, advanced spyware is sometimes also referred to as stalkerware. This spyware, which is unethical and frequently harmful, can occasionally be found on desktop computers but is becoming more frequently installed on phones.

The infamous Pegasus

Lastly, there is commercial spyware of governmental quality. One of the most popular variations is Pegasus, which is sold to governments as a weapon for law enforcement and counterterrorism. 

Pegasus was discovered on smartphones owned by lawyers, journalists, activists, and political dissidents. Commercial-grade malware is unlikely to affect you unless you belong to a group that governments with ethical dilemmas are particularly interested in. This is because commercial-grade spyware is expensive and requires careful victim selection and targeting.

How to know if spyware is on your phone?

There are signs that you may be the target of a spyware or stalkerware operator.

Receiving strange or unexpected emails or messages on social media could be a sign of a spyware infection attempt. You should remove these without downloading any files or clicking any links.

Read more »
Technology
Android Google iOS Scams Technology

New Google Study Reveals Threat Protection Against Text Scams


As Cybersecurity Awareness Month comes to an end, we're concentrating on mobile scams, one of the most prevalent digital threats of our day. Over $400 billion in funds have been stolen globally in the past 12 months as a result of fraudsters using sophisticated AI tools to create more convincing schemes. 

Google study about smartphone threat protection 

Android has been at the forefront of the fight against scammers for years, utilizing the best AI to create proactive, multi-layered defenses that can detect and stop scams before they get to you. Every month, over 10 billion suspected malicious calls and messages are blocked by Android's scam defenses. In order to preserve the integrity of the RCS service, Google claims to conduct regular safety checks. It has blocked more than 100 million suspicious numbers in the last month alone.

About the research 

To highlight how fraud defenses function in the real world, Google invited consumers and independent security experts to compare how well Android and iOS protect you from these dangers. Additionally, Google is releasing a new report that describes how contemporary text scams are planned, giving you insight into the strategies used by scammers and how to identify them.

Key insights 

  • Those who reported not receiving any scam texts in the week before the survey were 58% more likely to be Android users than iOS users. The benefit was even greater on Pixel, where users were 96% more likely to report no scam texts than iPhone owners.
  • Whereas, reports of three or more scam texts in a week were 65% more common among iOS users than Android users. When comparing iPhone and Pixel, the disparity was even more noticeable, with 136% more iPhone users reporting receiving a high volume of scam messages.
  • Compared to iPhone users, Android users were 20% more likely to say their device's scam protections were "very effective" or "extremely effective." Additionally, iPhone users were 150% more likely to say their device was completely ineffective at preventing mobile fraud.  

Android smartphones were found to have the strongest AI-powered protections in a recent assessment conducted by the international technology market research firm Counterpoint Research.  

Read more »
SMiShing
Android Android Trojans Banking Google Herodotus malware SMiShing

Herodotus Trojan Mimics Human Typing to Steal Banking Credentials

 



A newly discovered Android malware, Herodotus, is alarming cybersecurity experts due to its unique ability to imitate human typing. This advanced technique allows the malware to avoid fraud detection systems and secretly steal sensitive financial information from unsuspecting users.

According to researchers from Dutch cybersecurity firm ThreatFabric, Herodotus combines elements from older malware families like Brokewell with newly written code, creating a hybrid trojan that is both deceptive and technically refined. The malware’s capabilities include logging keystrokes, recording screen activity, capturing biometric data, and hijacking user inputs in real time.


How users get infected

Herodotus spreads mainly through side-loading, a process where users install applications from outside the official Google Play Store. Attackers are believed to use SMS phishing (smishing) campaigns that send malicious links disguised as legitimate messages. Clicking on these links downloads a small installer, also known as a dropper, that delivers the actual malware to the device.

Once installed, the malware prompts victims to enable Android Accessibility Services, claiming it is required for app functionality. However, this permission gives the attacker total control,  allowing them to read content on the screen, click buttons, swipe, and interact with any open application as if they were the device owner.


The attack mechanism

After the infection, Herodotus collects a list of all installed apps and sends it to its command-and-control (C2) server. Based on this data, the operator pushes overlay pages, fake screens designed to look identical to genuine banking or cryptocurrency apps. When users open their actual financial apps, these overlays appear on top, tricking victims into entering login details, card numbers, and PINs.

The malware can also intercept one-time passwords (OTPs) sent via SMS, record keystrokes, and even stream live footage of the victim’s screen. With these capabilities, attackers can execute full-scale device takeover attacks, giving them unrestricted access to the user’s financial accounts.


The human-like typing trick

What sets Herodotus apart is its behavioral deception technique. To appear human during remote-control sessions, the malware adds random time delays between keystrokes, ranging from 0.3 to 3 seconds. This mimics natural human typing speed instead of the instant input patterns of automated tools.

Fraud detection systems that rely solely on input timing often fail to recognize these attacks because the malware’s simulated typing appears authentic. Analysts warn that as Herodotus continues to evolve, it may become even harder for traditional detection tools to identify.


Active regions and underground sale

ThreatFabric reports that the malware has already been used in Italy and Brazil, disguising itself as apps named “Banca Sicura” and “Modulo Seguranca Stone.” Researchers also found fake login pages imitating popular banking and cryptocurrency platforms in the United States, United Kingdom, Turkey, and Poland.

The malware’s developer, who goes by the alias “K1R0” on underground forums, began offering Herodotus as a Malware-as-a-Service (MaaS) product in September. This means other cybercriminals can rent or purchase it for use in their own campaigns, further increasing the likelihood of global spread.

Google confirmed that Play Protect already blocks known versions of Herodotus. Users can stay protected by avoiding unofficial downloads, ignoring links in unexpected text messages, and keeping Play Protect active. It is also crucial to avoid granting Accessibility permissions unless an app’s legitimacy is verified.

Security professionals advise enabling stronger authentication methods, such as app-based verification instead of SMS-based codes, and keeping both system and app software regularly updated.


Read more »
Privacy Issues
Android data security Data tracking Google Maps iOS Open Source Privacy Privacy Issues

CoMaps: The Open-Source, Privacy-Focused Google Maps Alternative You’ll Actually Want to Use

 

Google Maps may be convenient, but for some users, its constant tracking and battery drain are reason enough to look for an alternative. One such option is CoMaps, an open-source navigation app built for privacy and efficiency. Users frustrated by Google’s monthly location reports or the high battery consumption of Maps may find CoMaps to be a refreshing change. 

CoMaps is a fork of Organic Maps, which itself evolved from the earlier project MapsWithMe, later acquired by the Russian-based Maps.ru group. Like its predecessors, CoMaps uses OpenStreetMap data — a community-driven platform that emphasizes transparency and collaboration. The app, available for both Android and iOS, stands out for its offline usability and no-tracking policy. 

Unlike Google Maps, CoMaps collects no personal information, doesn’t serve ads, and doesn’t require a constant internet connection. It offers offline search, route planning, and voice-guided navigation while consuming far less battery power. Users can download regional maps, mark and save favorite spots, view subway maps, and even access offline Wikipedia articles for added context. Another standout feature is CoMaps’ outdoor mode, designed for hiking and biking. 

This mode highlights trails, campsites, points of interest, and even water sources — making it ideal for travelers and adventurers who prefer staying disconnected from the grid. The built-in map editor also lets users contribute directly to improving OpenStreetMap data, reinforcing the app’s community-driven philosophy. Setting up CoMaps is simple. Users can download only the maps they need, saving space and allowing seamless offline use. Once downloaded, navigation feels intuitive — nearly identical to Google Maps. 

Directions are clear, and the app supports distance measurements in both kilometers and miles, customizable through the settings. Since its release on the Google Play Store and Apple App Store in July, CoMaps has quickly gained attention as a reliable Google Maps replacement. Its focus on privacy, performance, and transparency appeals to users who are increasingly wary of data tracking. 

For those who value privacy and want a lighter, more ethical alternative to big tech navigation tools, CoMaps offers a balanced blend of simplicity, functionality, and digital independence. It’s free, open-source, and ready to use — without following you everywhere you go.
Read more »
Phone
Android Apple Bank Accounts Cyber Security Data Email Identity Theft MFA Phone

Lost or Stolen Phone? Here’s How to Protect Your Data and Digital Identity

 



In this age, losing a phone can feel like losing control over your digital life. Modern smartphones carry far more than contacts and messages — they hold access to emails, bank accounts, calendars, social platforms, medical data, and cloud storage. In the wrong hands, such information can be exploited for financial fraud or identity theft.

Whether your phone is misplaced, stolen, or its whereabouts are unclear, acting quickly is the key to minimizing damage. The following steps outline how to respond immediately and secure your data before it is misused.


1. Track your phone using official recovery tools

Start by calling your number to see if it rings nearby or if someone answers. If not, use your device’s official tracking service. Apple users can access Find My iPhone via iCloud, while Android users can log in to Find My Device.

These built-in tools can display your phone’s current or last known location on a map, play a sound to help locate it, or show a custom message on the lock screen with your contact details. Both services can be used from another phone or a web browser. Avoid third-party tracking apps, which are often unreliable or insecure.


2. Secure your device remotely

If recovery seems unlikely or the phone may be in someone else’s possession, immediately lock it remotely. This prevents unauthorized access to your personal files, communication apps, and stored credentials.

Through iCloud’s “Mark as Lost” or Android’s “Secure Device” option, you can set a new passcode and display a message requesting the finder to contact you. This function also disables features like Apple Pay until the device is unlocked, protecting stored payment credentials.


3. Contact your mobile carrier without delay

Reach out to your mobile service provider to report the missing device. Ask them to suspend your SIM to block calls, texts, and data usage. This prevents unauthorized charges and, more importantly, stops criminals from intercepting two-factor authentication (2FA) messages that could give them access to other accounts.

Request that your carrier blacklist your device’s IMEI number. Once blacklisted, it cannot be used on most networks, even with a new SIM. If you have phone insurance, inquire about replacement or reimbursement options during the same call.


4. File an official police report

While law enforcement may not always track individual devices, filing a report creates an official record that can be used for insurance claims, fraud disputes, or identity theft investigations.

Provide details such as the model, color, IMEI number, and the time and place where it was lost or stolen. The IMEI (International Mobile Equipment Identity) can be found on your phone’s box, carrier account, or purchase receipt.


5. Protect accounts linked to your phone

Once the device is reported missing, shift your focus to securing connected accounts. Start with your primary email, cloud services, and social media platforms, as they often serve as gateways to other logins.

Change passwords immediately, and if available, sign out from all active sessions using the platform’s security settings. Apple, Google, and Microsoft provide account dashboards that allow you to remotely sign out of all devices.

Enable multi-factor authentication (MFA) on critical accounts if you haven’t already. This adds an additional layer of verification that doesn’t rely solely on your phone.

Monitor your accounts closely for unauthorized logins, suspicious purchases, or password reset attempts. These could signal that your data is being exploited.


6. Remove stored payment methods and alert financial institutions

If your phone had digital wallets such as Apple Pay, Google Pay, or other payment apps, remove linked cards immediately. Apple’s Find My will automatically disable Apple Pay when a device is marked as lost, but it’s wise to verify manually.

Android users can visit payments.google.com to remove cards associated with their Google account. Then, contact your bank or card issuer to flag the loss and monitor for fraudulent activity. Quick reporting allows banks to block suspicious charges or freeze affected accounts.


7. Erase your device permanently (only when recovery is impossible)

If all efforts fail and you’re certain the device won’t be recovered, initiate a remote wipe. This deletes all data, settings, and stored media, restoring the device to factory condition.

For iPhones, use the “Erase iPhone” option under Find My. For Androids, use “Erase Device” under Find My Device. Once wiped, you will no longer be able to track the device, but it ensures that your personal data cannot be accessed or resold.


Be proactive, not reactive

While these steps help mitigate damage, preparation remains the best defense. Regularly enable tracking services, back up your data, use strong passwords, and activate device encryption. Avoid storing sensitive files locally when possible and keep your operating system updated for the latest security patches.

Losing a phone is stressful, but being prepared can turn a potential disaster into a controlled situation. With the right precautions and quick action, you can safeguard both your device and your digital identity.



Read more »
Subscribe to: Comments (Atom)