Trending

#androidtrojan

Latest posts tagged with #androidtrojan on Bluesky

Latest Top
Trending
#Ukraine Conflict #U.S. Foreign Policy #F1 #Chinese Grand Prix #SNL #Venezuela Baseball #AEW Collision #Six Nations #Newcastle United #Arsenal vs Everton #Ukraine Conflict #U.S. Foreign Policy #F1 #Chinese Grand Prix #SNL #Venezuela Baseball #AEW Collision #Six Nations #Newcastle United #Arsenal vs Everton

Posts tagged #androidtrojan

Cybersecurity News Everyday
Cybersecurity News Everyday
@hendryadrian.bsky.social
3 days ago
Preview
PixRevolution: The Agent-Operated Android Trojan Hijacking Brazil’s PIX Payments in Real Time PixRevolution is a novel Android banking trojan that streams victims' screens in real time and uses an operator (human or AI) to replace PIX recipients during a transfer, redirecting funds instantly. It is distributed via convincing fake Google Play Store pages and impersonated Brazilian brands, exploiting Accessibility and MediaProjection APIs to operate stealthily and evade signature-based detection. #PixRevolution #PIX

PixRevolution is an Android trojan that hijacks Brazil’s PIX payments by streaming victims’ screens in real time and replacing transfer recipients via operator control using Accessibility and MediaProjection APIs. #PIXFraud #AndroidTrojan #Brazil

0 0 0 0
CySecurity News
CySecurity News
@cysecuritynews.bsky.social
3 months ago
Preview
Android Users Face New WhatsApp Malware Threat  Cybersecurity researchers at security firm Cleafy have issued a warning regarding a high risk malware campaign aimed at Android users via WhatsApp messages that could jeopardize users' cryptocurrency wallets and bank information. The researchers tracked the threat as Albiriox, a new emerging Android malware family being marketed as malware-as-a-service (MaaS) on underground cybercrime forums.  Modus operandi  The malware propagate through WhatsApp messages which include links to malicious websites that impersonate Google Play Store pages. Currently, they are impersonating a popular discount retail app, but this could quickly change both in terms of campaigns and targets. Rather than having the app delivered directly, victims are persuaded to submit their phone number, on the premise that an installation link will be sent to them on WhatsApp.  After users tap on and download the trojanised app, Albiriox is able to take full control of the compromised device. The malware overlays attacks on more than 400 cryptocurrency wallet and banking apps — displaying fake login screens on top of the legitimate apps to capture credentials as users input them.  Albiriox is an advanced, rapidly evolving malware. The malware also features Vnc-based remote access, which gives the attackers the ability to directly control the infected machines. Initially, campaigns were targeted at Austrian citizens with German-language messages, but is now broadening its reach. The malware is obfuscated with JSONPacker and also it tricks users into allowing the "Install Unknown Apps" permission. When it is running, it contacts its command servers through unencrypted TCP and stays on the bot forever, maintaining active control through a regular series of ping-pong heartbeat messages.  Mitigation tips Security experts emphasize that users should never agree to install apps through phone number submission on websites. Any WhatsApp messages requesting app installations should be immediately deleted without clicking links. This distribution method represents exactly why Google is strengthening measures against sideloading, requiring app developers to register and verify their identities. Cleafy highlights that Albiriox demonstrates the ongoing evolution and increasing sophistication of mobile banking threats. However, users can protect themselves effectively by following several key practices: only install apps from the official Google Play Store, ensure Play Protect is activated, and remain skeptical of any unsolicited installation requests received through messaging apps.  The campaign highlights broader security concerns affecting WhatsApp and similar platforms, particularly as attackers combine social engineering with technical malware capabilities to compromise both devices and accounts.

Android Users Face New WhatsApp Malware Threat #Albiriox #AndroidTrojan #malware

0 0 0 0
CySecurity News
CySecurity News
@cysecuritynews.bsky.social
3 months ago
Preview
New Android Malware ‘Sturnus’ Bypasses Encrypted Messaging Protections  Researchers at MTI Security have unearthed a particularly advanced strain of Android malware called Sturnus, which threatens to compromise the data and security of mobile phone owners. The malware reportedly employs advanced interception techniques to capture data and circumvent even the best application-level encryption, making the security features of popular messaging apps like WhatsApp, Telegram and Signal pointless.  The Sturnus malware does not need to crack encryption, according to MTI. Instead, it uses a sophisticated trick: the malware takes a screenshot once the messages have been decrypted for viewing.By exploiting a device’s ability to read the on-screen contents in real time, Sturnus can steal private message texts without leaving a trace. This means that scammers can access sensitive chats, and potentially collect personally identifiable information (PII) or financial data if shared in secure chats.  In addition to message interception, Sturnus employs complex social engineering to steal credentials. The malware is capable to display fake login screens that looks like real banking apps, and can be very convincing. Users can inadvertently provide their information to the hackers if they use their login details on these fake sites.  Sturnus can also simulate an Android system update screen, making the victim believe a normal update is being installed while malicious operations take place in the background. Perhaps most disturbingly, the researchers warn that Sturnus can also increase its privileges by tracking unlock attempts and recording device passwords or PINs. This allows the malware to gain root access which lets the attackers prevent the victims from removing the malicious code or regaining control of their devices.  The majority of Sturnus infections detected so far are positively grouped in Southern and Central Europe, according to surveillance and analysis by the cybersecurity firm Threat Fabric. Such a restricted geography suggests that threat actors are still experimenting with the capabilities of the malware and the way it operates before potentially launching a worldwide campaign.  Experts recommend users of Android to be cautious, refrain from downloading apps from unknown sources and be wary when asked accessibility or overlay permissions to apps they don’t know. But with its progress, Sturnus also exhibits the increasing complexity of Android malware and the difficulty in keeping users safe in a landscape of continuously evolving mobile threats.

New Android Malware ‘Sturnus’ Bypasses Encrypted Messaging Protections #AndroidTrojan #EncryptedChats #malware

1 0 0 0
ReconBee
ReconBee
@reconbee.bsky.social
3 months ago
Preview
New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices institutions in Southern and Central Europe read more about New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices

New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices reconbee.com/new-sturnus-...

#Android #androidtrojan #hijack #trojan #chats #cybersecurity #cyberattack

1 0 0 0
ReconBee
ReconBee
@reconbee.bsky.social
4 months ago
Preview
Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers as it targets financial workflows read more about Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers

Android Trojan ‘Fantasy Hub’ Malware Service Turns Telegram Into a Hub for Hackers reconbee.com/android-troj...

#android #androidtrojan #fantasyhub #malware #malwareattack #telegram #hackers

0 0 0 0
ReconBee
ReconBee
@reconbee.bsky.social
4 months ago
Preview
Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data approved or supported models read more about Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data

Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data reconbee.com/researchers-...

#BankBot #YNRK #DeliveryRAT #androidtrojan #trojan #android #financialdata #cyberattack #cyberattacks #cybersecurity

0 0 0 0
ReconBee
ReconBee
@reconbee.bsky.social
4 months ago
Preview
New Android Trojan 'Herodotus' Outsmarts Anti-Fraud Systems by Typing Like a Human obfuscation tactic employed read more about New Android Trojan 'Herodotus' Outsmarts Anti-Fraud Systems by Typing Like a Human

New Android Trojan ‘Herodotus’ Outsmarts Anti Fraud Systems by Typing Like a Human reconbee.com/new-android-...

#androidtrojan #android #trojan #herodotus #antifraudsystem #human #CyberSecurity #CybersecurityNews #CyberSecurityAwareness

0 0 0 0
ReconBee
ReconBee
@reconbee.bsky.social
5 months ago
Preview
New Android Trojan "Datzbro" Tricking Elderly with AI-Generated Facebook Travel Events sign up for events read more about New Android Trojan "Datzbro" Tricking Elderly with AI-Generated Facebook Travel Events

New Android Trojan “Datzbro” Tricking Elderly with AI-Generated Facebook Travel Events reconbee.com/new-android-...

#android #androidtrojan #Datzbro #artificialintelligence #facebook #facebooktravelevents #cyberattack

1 0 0 0
Approov Mobile Security
Approov Mobile Security
@approov.bsky.social
6 months ago
Preview
Anatsa Unleashed | Android Banking Trojan Targets Over 830 Financial Apps Globally Episode Title: Anatsa Unleashed: How a Sophisticated Android Banking Trojan Targets Over 830 Financial Apps Globally In this episode of "Upwardly Mobile," we dive deep into the alarming evolution of Anatsa, a potent Android banking trojan that has significantly expanded its reach, now setting its sights on over 830 financial applications worldwide . First identified in 2020, Anatsa (also known as Teabot or Troddler) grants its operators full control over infected devices, enabling them to perform fraudulent transactions and steal critical bank information, cryptocurrencies, and various other data on behalf of victims. What You'll Learn in This Episode: • Anatsa's Expanded Targets: Discover how the Anatsa banking trojan has broadened its scope to include more than 150 new banking and cryptocurrency applications, extending its malicious campaigns to mobile users in new countries like Germany and South Korea . • Deceptive Distribution Methods: Understand the cunning ways Anatsa spreads, primarily through decoy applications found on the official Google Play Store . These seemingly harmless apps often masquerade as useful tools like PDF viewers, QR code scanners, or phone cleaners, accumulating over 50,000 downloads in some cases. Once installed, they silently fetch a malicious payload disguised as an update from Anatsa's command-and-control (C&C) server. • Advanced Evasion Techniques: Learn about Anatsa's sophisticated anti-analysis and anti-detection mechanisms, designed to evade security measures. These include decrypting strings at runtime using dynamically generated Data Encryption Standard (DES) keys, performing emulation and device model checks, and periodically altering package names and installation hashes . The malware even hides its DEX payload within corrupted archives that bypass standard static analysis tools. • How Anatsa Compromises Devices: Find out how Anatsa requests and automatically enables critical accessibility permissions upon installation. This allows it to display overlays on top of legitimate applications, tamper with notifications, receive and read SMS messages, and ultimately present fake banking login pages to steal credentials . The trojan also incorporates keylogging capabilities. • Industry Response: Hear about the efforts of cybersecurity firms like Zscaler, which identified and reported 77 nefarious applications distributing Anatsa and other malware families, collectively accounting for over 19 million downloads . While Google has since removed these reported applications and states that Google Play Protect offers automatic protection, the continuous evolution of Anatsa highlights the ongoing threat. Protect Yourself: Cybersecurity experts advise Android users to always verify the permissions that applications request and ensure they align with the intended functionality of the app . -------------------------------------------------------------------------------- Relevant Links to Source Materials: • Source 1: SecurityWeek Article on Anatsa: https://www.google.com/url?sa=E&q=https%3A%2F%2Fsecurityweek.com%2Fanatsa-android-banking-trojan-now-targeting-830-financial-apps%2F • Source 2: Zscaler ThreatLabz Report: https://www.google.com/url?sa=E&q=https%3A%2F%2Fwww.zscaler.com%2Fblogs%2Fsecurity-research%2Fanatsas-latest-updates-android-document-readers-and-deception • Source 3: BSI Report on Anatsa: https://www.google.com/url?sa=E&q=https%3A%2F%2Fwww.bsi.bund.de%2FEN%2FTheBSI%2FCybernationGermany%2FITsecurityIncident%2FAnatsa_Teabot%2Fanatsa_teabot_node.html -------------------------------------------------------------------------------- Sponsor: This episode of "Upwardly Mobile" is brought to you by https://approov.io. Learn more about securing your mobile applications at approov.io. -------------------------------------------------------------------------------- Keywords: Anatsa, Android banking trojan, mobile security, cybersecurity, financial apps, Google Play, malware, credential theft, keylogging, fraudulent transactions, Zscaler, threat intelligence, Android malware, cryptocurrency, mobile banking, data protection, Teabot, Troddler, anti-analysis, C&C server.

📣 New Podcast! "Anatsa Unleashed | Android Banking Trojan Targets Over 830 Financial Apps Globally" on @Spreaker #anatsa #androidmalware #androidtrojan #bankingtrojan #cryptosecurity #googleplay #mobilebanking #securityweek #threatlabz #zscaler

0 0 0 0
ReconBee
ReconBee
@reconbee.bsky.social
7 months ago
Preview
PlayPraetor Android Trojan Infects 11000+ Devices via Fake Google Play Pages and Meta Ads carry out a coordinated read more about PlayPraetor Android Trojan Infects 11000+ Devices via Fake Google Play Pages and Meta Ads

PlayPraetor Android Trojan Infects 11000+ Devices via Fake Google Play Pages and Meta Ads reconbee.com/playpraetor-...

#PlayPraetor #androidtrojan #googleplay #MetaAds #Google #cyberattack

0 0 0 0
ReconBee
ReconBee
@reconbee.bsky.social
9 months ago
Preview
Android Trojan Crocodilus Now Active in 8 Countries Targeting Banks and Crypto Wallets were retrieved from an external server read more about Android Trojan Crocodilus Now Active in 8 Countries Targeting Banks and Crypto Wallets

Android Trojan Crocodilus Now Active in 8 Countries Targeting Banks and Crypto Wallets reconbee.com/android-troj...

#androidtrojan #crocodilus #banks #cryptowallet #trojan #android #cybersecurity #cyberattack

0 0 0 0
ReconBee
ReconBee
@reconbee.bsky.social
11 months ago
Preview
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials pose as Google Chrome read more about New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials

New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials reconbee.com/new-android-...

#androidtrojan #crocodilus #trojan #banking #crypto #cryptocurrency #CryptoNews

2 0 0 0