Two years after being outted, a criminal operation that has been inserting malware in the firmware of low-cost Android devices is still up and running, and has even expanded its reach.
Security researchers from Pangu Lab, a well-known company that provides iOS jailbreaks, said on Monday that they have found a vulnerability that they believe affects around 10% of all iOS apps.
A large number of Android manufacturers (OEMs) are skipping security patches but are lying to users about it, according to the team at Security Research Lab (SRL), a Berlin-based cyber-security firm.
Security researchers have found a new Android malware strain that has been designed to steal data from mobile instant messaging clients.
Android P, the next major version of the Android operating system, will block idle (background) applications from accessing a smartphone's camera or microphone.
A new botnet appeared over the weekend, and it's targeting Android devices by scanning for open debug ports so it can infect victims with malware that mines the Monero cryptocurrency.
A OnePlus spokesperson has officially confirmed a card breach incident affecting its online store, about which rumors started circulating online earlier in the week.
Google has removed 36 Android apps that snuck into the official Play Store, posing as security and performance boosting apps, but which only contained code to mimic the behavior of such apps.
Malicious applications can freely access sensor data on modern smartphones and use this highly sensitive data stream to collect vasts amounts of intel on the phone's owner, information that they can later use to guess the user's phone PIN.
Today, the Freedom of the Press Foundation and the Guardian Project have launched a new Android application named Haven that will transform a phone into a mini-surveillance kit that can be used to record nearby surroundings in case of intrusions.
Many Android users may still have a backdoor on their device, according to new revelations made today by the Malwarebytes' mobile security research team.
A malware strain known as Loapi will damage phones if users don't remove it from their devices. Left to its own means, this modular threat will download a Monero cryptocurrency miner that will overheat and overwork the phone's components, which will make the battery bulge, deform the phone's cover, or even worse.
Android smartphones running Lolipop, Marshmallow, and Nougat, are vulnerable to an attack that exploits the MediaProjection service to capture the user's screen and record system audio
A security researcher has found a second factory app that was included on OnePlus devices delivered to customers, and this one can be abused to dump the user's photos and videos, but also GPS, WiFi, Bluetooth, and various other logs.
Some OnePlus devices, if not all, come preinstalled with an application named EngineerMode that can be used to root the device and may be converted into a fully-fledged backdoor by clever attackers.