Category: Mobile

BTMOB Android malware service generates custom phishing payloads An Android remote access trojan named BTMOB is offered to cybercriminals with a builder interface for generating malware payloads tailored to phishing lures. […] Bill Toulas Go to bleepingcomputer

ScarCruft hackers push BirdCall Android malware via game platform The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain attack through a video game platform. […] Bill Toulas Go to bleepingcomputer

NGate Android malware uses HandyPay NFC app to steal card data A new variant of the NGate malware that steals NFC payment data is targeting Android users by hiding in a trojanized version of HandyPay, a legitimate mobile payments processing tool. […] Bill Toulas Go to bleepingcomputer

PromptSpy is the first known Android malware to use generative AI at runtime Researchers have discovered the first known Android malware to use generative AI in its execution flow, using Google’s Gemini model to adapt its persistence across different devices. […] Lawrence Abrams Go to bleepingcomputer

Hugging Face abused to spread thousands of Android malware variants A new Android malware campaign is using the Hugging Face platform as a repository for thousands of variations of an APK payload that collects credentials for popular financial and payment services. […] Bill Toulas Go to bleepingcomputer

Cellik Android malware builds malicious versions from Google Play apps A new Android malware-as-a-service (MaaS) named Cellik is being advertised on underground cybercrime forums offering a robust set of capabilities that include the option to embed it in any app available on the Google Play Store. […] Bill Toulas Go to bleepingcomputer

New DroidLock malware locks Android devices and demands a ransom A new Android malware called DroidLock has emerged with capabilities to lock screens for ransom payments, erase data, access text messages, call logs, contacts, and audio data. […] Bill Toulas Go to bleepingcomputer

Multi-threat Android malware Sturnus steals Signal, WhatsApp messages A new Android banking trojan named Sturnus can capture communication from end-to-end encrypted messaging platforms like Signal, WhatsApp, and Telegram, as well as take complete control of the device. […] Bill Toulas Go to bleepingcomputer

New LandFall spyware exploited Samsung zero-day via WhatsApp messages A threat actor exploited a zero-day vulnerability in Samsung’s Android image processing library to deploy a previously unknown spyware called ‘LandFall’ using malicious images sent over WhatsApp. […] Bill Toulas Go to bleepingcomputer

Malicious Android apps on Google Play downloaded 42 million times Hundreds of malicious Android apps on Google Play were downloaded more than 40 million times between June 2024 and May 2025, notes a report from cloud security company Zscaler. […] Bill Toulas Go to bleepingcomputer

Massive surge of NFC relay malware steals Europeans’ credit cards Near-Field Communication (NFC) relay malware has grown massively popular in Eastern Europe, with researchers discovering over 760 malicious Android apps using the technique to steal people’s payment card information in the past few months. […] Bill Toulas Go to bleepingcomputer

New Android Pixnapping attack steals MFA codes pixel-by-pixel A new side-channel attack called Pixnapping enables a malicious Android app with no permissions to extract sensitive data by stealing pixels displayed by applications or websites, and reconstructing them to derive the content. […] Bill Toulas Go to bleepingcomputer

New Android spyware ClayRat imitates WhatsApp, TikTok, YouTube A new Android spyware called ClayRat is luring potential victims by posing as popular apps and services like WhatsApp, Google Photos, TikTok, and YouTube. […] Bill Toulas Go to bleepingcomputer

Android malware uses VNC to give attackers hands-on access A new Android banking and remote access trojan (RAT) dubbed Klopatra disguised as an IPTV and VPN app has infected more than 3,000 devices across Europe. […] Bill Toulas Go to bleepingcomputer

Unpatched flaw in OnePlus phones lets rogue apps text messages A vulnerability in multiple OnePlus OxygenOS versions allows any installed app to access SMS data and metadata without requiring permission or user interaction. […] Bill Toulas Go to bleepingcomputer

Malicious Android apps with 19M installs removed from Google Play Seventy-seven malicious Android apps containing different types of malware were found on Google Play after being downloaded more than 19 million times. […] Bill Toulas Go to bleepingcomputer

ERMAC Android malware source code leak exposes banking trojan infrastructure The source code for version 3 of the ERMAC Android banking trojan has been leaked online, exposing the internals of the malware-as-a-service platform and the operator’s infrastructure. […] Bill Toulas Go to bleepingcomputer

Samsung announces major security enhancements coming to One UI 8 Samsung has announced multiple data security and privacy enhancements for its upcoming Galaxy smartphones running One UI 8, its custom user interface on top of Android. […] Bill Toulas Go to bleepingcomputer

New Android TapTrap attack fools users with invisible UI trick A novel tapjacking technique can exploit user interface animations to bypass Android’s permission system and allow access to sensitive data or trick users into performing destructive actions, such as wiping the device. […] Bill Toulas Go to bleepingcomputer

AT&T rolls out “Wireless Lock” feature to block SIM swap attacks AT&T has launched a new security feature called “Wireless Lock” that protects customers from SIM swapping attacks by preventing changes to their account information and the porting of phone numbers while the feature is enabled. […] Lawrence Abrams Go to bleepingcomputer

Godfather Android malware now uses virtualization to hijack banking apps A new version of the Android malware “Godfather” creates isolated virtual environments on mobile devices to steal account data and transactions from legitimate banking apps. […] Bill Toulas Go to bleepingcomputer

Mobile carrier Cellcom confirms cyberattack behind extended outages Wisconsin wireless provider Cellcom has confirmed that a cyberattack is responsible for the widespread service outage and disruptions that began on the evening of May 14, 2025. […] Lawrence Abrams Go to bleepingcomputer

Russian army targeted by new Android malware hidden in mapping app A new Android malware has been discovered hidden inside trojanized versions of the Alpine Quest mapping app, which is reportedly used by Russian soldiers as part of war zone operational planning. […] Bill Toulas Go to bleepingcomputer

New Android malware steals your credit cards for NFC relay attacks A new malware-as-a-service (MaaS) platform named ‘SuperCard X’ has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment card data. […] Bill Toulas Go to bleepingcomputer

E-ZPass toll payment texts return in massive phishing wave An ongoing phishing campaign impersonating E-ZPass and other toll agencies has surged recently, with recipients receiving multiple iMessage and SMS texts to steal personal and credit card information. […] Bill Toulas Go to bleepingcomputer

Verizon Call Filter API flaw exposed customers’ incoming call history A vulnerability in Verizon’s Call Filter feature allowed customers to access the incoming call logs for another Verizon Wireless number through an unsecured API request. […] Bill Toulas Go to bleepingcomputer

New FireScam Android data-theft malware poses as Telegram Premium app A new Android malware named ‘FireScam’ is being distributed as a premium version of the Telegram app via phishing websites on GitHub that mimick the RuStore, Russia’s app market for mobile devices. […] Bill Toulas Go to bleepingcomputer

New EagleMsgSpy Android spyware used by Chinese police, researchers say A previously undocumented Android spyware called ‘EagleMsgSpy’ has been discovered and is believed to be used by law enforcement agencies in China to monitor mobile devices. […] Bill Toulas Go to bleepingcomputer