android

Google Fixes Android Zero-days Exploited in Attacks, 60 Other Flaws

Google patched 62 Android vulnerabilities in April 2025, including two zero-days exploited in targeted attacks, one linked to a Serbian police operation using Cellebrite tools. The first zero-day (CVE-2024-53197) involved a privilege escalation in the Linux kernel's USB-audio driver. The second zero-day (CVE-2024-53150) allowed attackers access to sensitive information via an out-of-bounds read. The updates were shared with OEM partners in January, and additional security flaws were addressed in the monthly patches.

https://www.bleepingcomputer.com/news/security/google-fixes-android-zero-days-exploited-in-attacks-60-other-flaws/

Phishing Platform ‘Lucid’ Behind Wave of iOS, Android SMS Attacks

, ,

Phishing platform ‘Lucid,' operated by the XinXin group, targets 169 entities across 88 countries using iMessage and RCS for SMS attacks. Sold on a subscription model, it provides phishing domains and tools to attackers. Lucid sends 100,000 smishing messages daily, bypassing spam filters with encrypted messaging tech. The operation employs device farms and impersonates legitimate services to steal personal data, including financial information, often demonstrating ease of use through public videos.

https://www.bleepingcomputer.com/news/security/phishing-platform-lucid-behind-wave-of-ios-android-sms-attacks/

Exposing Crocodilus: New Device Takeover Malware Targeting Android Devices

Crocodilus Malware Summary: Crocodilus is a newly identified Android banking Trojan featuring advanced techniques such as overlay attacks, keylogging, and remote control. Unlike other Trojans, it deploys a sophisticated dropper to bypass Android restrictions, aims at banks primarily in Spain and Turkey, and exploits Accessibility Services to capture user credentials and sensitive information. It employs social engineering to manipulate victims into revealing wallet keys. Analysts trace potential links to the “sybra” threat actor, suggesting a connection to known malware families. The emergence of Crocodilus highlights the need for enhanced security measures in financial institutions.

https://www.threatfabric.com/blogs/exposing-crocodilus-new-device-takeover-malware-targeting-android-devices

FBI Warning For All iPhone, Android Users—Hang Up Now, Use This Code

, ,

FBI warns iPhone and Android users about AI-powered deepfake scams. Users should hang up on suspicious calls and create a secret code for verification with close family to combat voice cloning threats. Social media poses risks as it provides voice samples for cybercriminals. Ongoing AI attacks are reshaping crime, making scams increasingly sophisticated and difficult to detect.

https://www.forbes.com/sites/daveywinder/2025/03/22/fbi-warns-iphone-and-android-users-hang-up-now-use-this-code/

Google’s ‘consent-less’ Android Tracking Probed by Academics • The Register

, ,

Google's Android tracking has been criticized by researchers for using identifiers to track users without consent. Research by Doug Leith from Trinity College Dublin highlights that data collection occurs before users open any apps, primarily through pre-installed services like Google Play. Key identifiers, such as the “DSID” cookie and Android ID, are created during the startup process and track users even after they log out, with no opt-out option available. Leith's findings suggest possible violations of data protection laws, which Google disputes, emphasizing a commitment to user privacy. Users have expressed frustration, especially regarding a recent system feature that scans images without consent.

https://www.theregister.com/2025/03/04/google_android/

Badbox Is Back and a Million Android Devices Were Backdoored • The Register

,

Badbox botnet resurfaces, infecting up to a million Android devices via malware. Originating with off-brand devices, it targets cheap hardware running AOSP. The malware operates through infected apps on third-party stores, deceiving users. Human Security reports a rise in complexity and collaboration among criminals, increasing device variety and fraud tactics. Infected devices are traced globally; the botnet’s revenue comes from disguised ad fraud. Though number of infected devices has halved due to intervention, ongoing risks remain as criminals adapt their strategies.

https://www.theregister.com/2025/03/07/badbox_botnet_returns/

Scroll to Top