Security
Headlines
HeadlinesLatestCVEs

Tag

#android

New 'Brokewell' Android Malware Spread Through Fake Browser Updates

Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis published Thursday. The malware is said to be in active development,

The Hacker News
Open in Source
#android#The Hacker News
Chinese Keyboard Apps Open 1B People to Eavesdropping

Eight out of nine apps that people use to input Chinese characters into mobile devices have weakness that allow a passive eavesdropper to collect keystroke data.

Popular Keyboard Apps Leak User Data: Billion Potentially Exposed

By Waqas Popular keyboard apps leak user data! Citizen Lab reports 8 out of 9 Android IMEs expose keystrokes. Change yours & protect passwords! This is a post from HackRead.com Read the original post: Popular Keyboard Apps Leak User Data: Billion Potentially Exposed

GHSA-hvp5-5x4f-33fq: JADX file override vulnerability

### Summary when jadx parses a resource file, there is an escape problem with the style file, which can overwrite other files in the directory when saving the decompile result. Although I don't think this vulnerability realizes path traversal in the true sense of the word , I reported it anyway ### Details I see that getResAlias does something with the filename. ```java private String getResAlias(int resRef, String origKeyName, @Nullable FieldNode constField) { ``` but type style will return the original filename directly. ![img](https://quan9i.oss-cn-beijing.aliyuncs.com/img/202401232212491.jpeg) so our goal is to take a malicious file that was originally of type raw, modify its type to style, trick jadx into #### step1 create an android project using androidstudio and create a raw folder with the name attack_file_sayhiiiiiiiiiiiii, it doesn't matter what the content is! ![img](https://quan9i.oss-cn-beijing.aliyuncs.com/img/202401232212073.jpg) generate an initial APK #### s...

Where Hackers Find Your Weak Spots

The five intelligence sources that power social engineering scams.

Tuta Mail (Tutanota) Accuses Google of Censoring Its Search Results

By Deeba Ahmed Shadowboxing in Search Results: Tuta Mail De-ranked and Disappearing on Google! This is a post from HackRead.com Read the original post: Tuta Mail (Tutanota) Accuses Google of Censoring Its Search Results

Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?

At most, someone who intentionally or repeatedly shares information on their social platform that’s misleading or downright false may have their account blocked, suspended or deleted.

New Android Trojan 'SoumniBot' Evades Detection with Clever Tricks

A new Android trojan called SoumniBot has been detected in the wild targeting users in South Korea by leveraging weaknesses in the manifest extraction and parsing procedure. The malware is "notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest," Kaspersky researcher Dmitry Kalinin said in a technical analysis.

CVE-2024-29986: Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.

Dangerous ICS Malware Targets Orgs in Russia and Ukraine

"Kapeka" and "Fuxnet" are the latest examples of malware to emerge from the long-standing conflict between the two countries.