Malware Alert! Hackers Attacking Indian Android users


A new malware campaign has been identified targeting Android users in India.

This sophisticated attack distributes malicious APK packages to compromise personal and financial information. The malware, available as a Malware-as-a-Service (MaaS) offering, underscores the evolving threat landscape in the digital age.

Symantec, a global leader in cybersecurity, has stepped up to protect users from this emerging threat.

The Rise of Malicious APKs

The campaign has been meticulously designed to spread malware through APK packages disguised as legitimate applications.

Document

Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

:

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

These applications, which appear to offer services such as customer support, online bookings, billing, or courier services, are vehicles for a range of malicious activities.

Once installed, the malware targets the theft of banking information, SMS messages, and other confidential data from victims’ devices.

This strategy of disguising malicious software as harmless applications is not new but remains highly influential.

The attackers exploit the trust users place in app downloads, particularly those offering valuable services.

Broadcom has recently released a report on a Malware-as-a-Service (MaaS) campaign specifically targeting Android users in India.

The attack represents a threat to the security of Android devices in the region and can potentially cause significant damage to individuals and organizations.

Symantec has identified the malware through its robust security systems, classifying it under two main categories:

Mobile-based Threats:

  • Android.Reputation.2
  • AppRisk: Generisk

Web-based Threats:

The campaign’s infrastructure, including observed domains and IPs, falls under security categories protected by…

Source…

This sneaky Android malware has an all-new way to avoid being detected


Cybersecurity researchers have found a new version of a well-known Android banking trojan malware which sports quite a creative method of hiding in plain sight.

PixPirate targets mostly Brazilian consumers with accounts on the Pix instant payment platform, which allegedly counts more than 140 million customers, and services transactions north of $250 billion.

The campaign’s goal was to divert the cash to attacker-owned accounts. Usually, banking trojans on Android would try to hide by changing their app icons and names. Often, the trojans would assume the “settings” icon, or something similar, tricking the victims into looking elsewhere, or simply into being too afraid to remove the app from their device. PixPirate, on the other hand, gets rid of all of that by not having an icon in the first place.

Running the malware

The big caveat here is that without the icon, the victims cannot launch the trojan, so that crucial part of the equation is left to the attackers.

The campaign consists of two apps – the dropper, and the “droppee”. The dropper is being distributed on third-party stores, shady websites, and via social media channels, and is designed to deliver the final payload – droppee – and to run it (after asking for Accessibility and other permissions).

Droppee, which is PixPirate’s filename, exports a service to which other apps can connect to. The dropper connects to that service, allowing it to run the trojan. Even after removing the dropper, the malware can still run on its own, on certain triggers (for example, on boot, on network change, or on other system events).

The entire process, from harvesting user credentials, to initiating money transfer, is automated, and done in the background without the victim’s knowledge or consent. The only thing standing in the way, the researchers claim, are Accessibility Service permissions.

It is also worth mentioning that this method only works on older versions of Android, up to Pie (9).

Via BleepingComputer

More from TechRadar Pro

Source…

What we know so far and what features we want to see


Android 15 logo on smartphone on coffee table stock photo (6)

Edgar Cervantes / Android Authority

Android 14 was publicly launched with the Pixel 8 series back in October 2023. We’re a few months into the new year, and Google has begun testing the next version of Android with the release of Android 15 Developer Preview 1 for Pixel devices. This is the first available update for Android 15 and is intended for developer use. Still, it gives us a good look at what to expect in the next major release to the Android platform.

Android 15: Name and release date

Google used to name Android versions with dessert codenames, but it strayed away from that tradition with the release of Android 10, where it decided to stick with only the version number for all future releases. So Android 15 is simply known as Android 15. However, Google still uses the dessert codenames internally. Android 15’s internal codename is Vanilla Ice Cream.

Google has begun testing Android 15 through Developer Previews, though the final stable release is still several months away. Android 15’s release schedule includes developer previews running through mid-March, followed by beta releases up to May. Android 15 will reach platform stability in June-July, meaning that no new features or APIs will be added to the platform so that app developers can begin testing their apps against these public APIs. The next few releases will be focused on ironing out bugs.

Google hasn’t mentioned when the stable Android 15 builds will be released, but we presume it will happen alongside the Pixel 9 series launch, possibly in October 2024.

If you use a recent Google Pixel device, you will be the first in line to receive the Android 15 update. OEMs will take a little longer to release their functional Android UX skins on top of the Android 15 platform. We are likely to see developer preview builds surface in the coming months for select phones. For those who don’t mind taking matters into their own hands, you can follow our guide and install Android 15 on your phone by yourself.

Once Android 15 is released publicly, OEMs will run their own beta programs for their skins, followed by stable releases. You can check if your phone has received the update through our Android 15 update tracker.

Source…

Multiple Security Vulnerabilities Patched in Latest Android Update


The Indian Computer Emergency Response Team (CERT-In) has published an advisory on multiple security holes in devices running recent versions of Android. As part of this month’s Android Security Bulletin, the cybersecurity agency cautioned consumers about vulnerabilities that Google and smartphone component vendors such as Qualcomm and MediaTek had just patched. Samsung has also released patches for nine Samsung Vulnerabilities and Exposures (SVE) that were privately disclosed and have moderate severity ratings as part of the most recent security update.

CERT-In released an advisory

CERT-In released an advisory on Tuesday highlighting many vulnerabilities discovered across various sections of the Android operating system, including the “Framework, System, AMLogic, Arm components, MediaTek components, Qualcomm components, and Qualcomm closed-source components.” The advisory has a “High” severity level and specifies that the issues affect Android 12 (and 12L), Android 13, and Android 14.

According to the cybersecurity agency, Google has fixed vulnerabilities in its Android operating system that might allow an attacker to get unauthorised access to sensitive data on an afflicted device. An attacker might exploit the vulnerabilities to gain privileged access to the device, run malicious code, or perform a denial of service (DoS) attack.

 

 

Google has released detailed information about specific components

Meanwhile, Google has released detailed information about specific components that have been patched with the latest Android Security Bulletin, such as fixes for bootloader vulnerabilities on devices with AMLogic components, flaws in Mali (Arm) components, and security issues affecting Wi-Fi and kernels on Qualcomm devices.

 

Samsung has said that the newest Security Maintenance Release (SMR) Mar-2024 Release 1 update will defend its devices from nine SVEs that affect Wi-Fi, AppLock, other operating system components, and the bootloader. The company also claims to have given remedies for other SVE items that are currently undisclosed.

Users should keep their cell phones up to date with the most recent monthly security…

Source…