Android malware known as Gooligan has compromised and stolen login tokens from over one million Android devices, Check Point researchers announced today.
The way users move fingers across a phone's touchscreen alters the WiFi signals transmitted by a mobile phone, causing interruptions that an attacker can intercept, analyze, and reverse engineer to accurately guess what the user has typed on his phone or in password input fields.
In the month of October 2016, for the first time in history, traffic from mobile internet browsers surpassed traffic from desktop browsers, according to web analytics company StatCounter.
Google released today Android's Security Bulletin for the month of November, which among a total of 83 security vulnerabilities has also patched two high profile bugs identified as Drammer and Dirty COW.
Crooks distributing the Svpeng Android banking trojan have discovered a flaw in how Google Chrome for Android handles file downloads and have used it to forcibly and secretly download their malicious payload on the devices of over 318,000 users in the span of three months, starting with July 2016.
Three researchers from the Chinese University of Hong Kong discovered a flaw in how app developers and identity providers support Single-Sign-On (SSO) via the OAuth 2.0 protocol, a flaw that allows an attacker to assume the identity of another person.
Over the course of three months, more than 200,000 users have downloaded apps infected with an Android malware derived from the source code of the GM Bot, Czech security firm Avast reports.