android

Microsoft 365 Android Apps Account Takeover Vulnerability Impacted Billions of Android Users

A critical vulnerability called FlagLeft was discovered in six major Microsoft 365 Android apps, where a debug flag left enabled in production allowed any app on the device to silently obtain valid Microsoft account tokens without user consent. This flaw exposed billions of users to account takeover risks, enabling attackers to access emails, files, and calendar data under the victim's identity; Microsoft has since patched the issue and urged users to update affected apps immediately.

https://cybersecuritynews.com/microsoft-365-android-apps-account-takeover-vulnerability/

Google Blocked Over 1.75 Million Play Store App Submissions in 2025

Google blocked over 1.75 million Play Store app submissions in 2025 due to policy violations, enhancing app security. They implemented 10,000 safety checks, identified malicious patterns using AI, and banned 80,000 bad developer accounts. Additionally, Play Protect scanned over 350 billion apps, identifying millions of risks, while new protections against fraudulent activities were added. Google continues to invest in AI for future app safety.

https://www.bleepingcomputer.com/news/security/google-blocked-over-175-million-play-store-app-submissions-in-2025/

Android Malware Taps Gemini to Navigate Infected Devices

Android malware named PromptSpy employs generative AI (Gemini) for adaptive navigation on infected devices. It mainly functions to deploy remote access via VNC, utilizing natural language prompts to interact with user interfaces, enhancing the malware's versatility across different devices. Developed by Chinese speakers, PromptSpy is still largely theoretical, with no live telemetry reports from ESET, but suspected distribution domains hint at potential real-world application. The malware can intercept security codes, record screens, and prevent uninstallation, indicating a disturbing evolution in Android threats.

https://www.theregister.com/2026/02/19/genai_malware_android/

New Android Malware Uses AI to Click on Hidden Browser Ads

New Android malware utilizes AI with TensorFlow to automatically click on hidden ads, enhancing click fraud mechanisms. Distributed via Xiaomi’s app store and third-party sites, it uses a ‘phantom’ mode for covert actions and a ‘signalling’ mode for real-time control. Affected apps initially lack malicious intent but receive updates adding harmful features, misleading users. Users are advised to avoid non-Google Play apps to mitigate risks.

https://www.bleepingcomputer.com/news/security/new-android-malware-uses-ai-to-click-on-hidden-browser-ads/

Android Mobile Adware Surges in Second Half of 2025

Android adware surged in late 2025, with detections nearly doubling and malicious threats becoming more organized. Cybercriminals shifted from simple scams to sophisticated frameworks, employing tools like MobiDash and Triada for ongoing data theft and fraud. Users should prioritize mobile security by using trusted app stores, scrutinizing permissions, avoiding sideloaded apps, and employing real-time security software.

https://www.malwarebytes.com/blog/mobile/2025/12/android-threats-in-2025-when-your-phone-becomes-the-main-attack-surface

New DroidLock Malware Locks Android Devices and Demands a Ransom

New DroidLock malware targets Android users, locks screens for ransom, and can access personal data. It spreads via fake apps, gaining permissions to control devices. It can wipe data, change passwords, and threaten file destruction. Android users are advised to avoid sideloading apps and check permissions.

https://www.bleepingcomputer.com/news/security/new-droidlock-malware-locks-android-devices-and-demands-a-ransom/

New Android Malware Lets Criminals Control Your Phone and Drain Your Bank Account

New Android malware, Albiriox, allows attackers remote control of infected phones to siphon money from bank and crypto accounts. It operates as Malware-as-a-Service (MaaS), targeting over 400 financial apps globally. Albiriox employs advanced techniques like live streaming, automated clicks, and stealth operations to evade detection, making it a significant threat. Users should only install trusted apps, verify permissions, and utilize up-to-date anti-malware solutions for protection.

https://www.malwarebytes.com/blog/news/2025/12/new-android-malware-lets-criminals-control-your-phone-and-drain-your-bank-account

CISA Warns iPhone And Android Users — Secure Your Smartphone Now

CISA and UK security agencies warn smartphone users of rising cyber threats, particularly via spyware targeting messaging apps. They recommend iPhone and Android owners immediately apply strict security measures: enable advanced device modes, use only trustworthy services, restrict app permissions, and keep devices and apps up to date. Both agencies caution against using personal VPNs due to the risk of malware and poor privacy from many VPN providers. Official app stores are the safest place to get apps. Additional advice includes using strong passwords, enabling device tracking, and avoiding unknown Wi-Fi networks unless necessary.

https://www.forbes.com/sites/daveywinder/2025/11/28/cisa-warns-iphone-and-android-users—secure-your-smartphone-now/

Breaking: Google Is Easing up on Android’s New Sideloading Restrictions!

Google will simplify sideloading for experienced Android users, allowing them to install unverified apps with an “advanced flow” that includes risk warnings. This follows backlash against new restrictions limiting such installations. The change aims to enhance safety while allowing user choice. Developer verification will also become mandatory to combat scams, but a lower barrier account type will be available for hobbyists.

https://www.androidauthority.com/android-power-users-install-unverified-apps-3615310/

Google to Verify All Android Developers in 4 Countries to Block Malicious Apps

Google will verify all Android developers to enhance app security, starting invitations in October 2025 and enforcement in September 2026 across Brazil, Indonesia, Singapore, and Thailand. This aims to curb malicious apps and bolster developer accountability while maintaining user choice. Existing Play Store developers may face fewer changes due to prior compliance, while new accounts will require a D-U-N-S number.

https://thehackernews.com/2025/08/google-to-verify-all-android-developers.html

Google Fixes Android Zero-days Exploited in Attacks, 60 Other Flaws

Google patched 62 Android vulnerabilities in April 2025, including two zero-days exploited in targeted attacks, one linked to a Serbian police operation using Cellebrite tools. The first zero-day (CVE-2024-53197) involved a privilege escalation in the Linux kernel's USB-audio driver. The second zero-day (CVE-2024-53150) allowed attackers access to sensitive information via an out-of-bounds read. The updates were shared with OEM partners in January, and additional security flaws were addressed in the monthly patches.

https://www.bleepingcomputer.com/news/security/google-fixes-android-zero-days-exploited-in-attacks-60-other-flaws/

Phishing Platform ‘Lucid’ Behind Wave of iOS, Android SMS Attacks

Phishing platform ‘Lucid,' operated by the XinXin group, targets 169 entities across 88 countries using iMessage and RCS for SMS attacks. Sold on a subscription model, it provides phishing domains and tools to attackers. Lucid sends 100,000 smishing messages daily, bypassing spam filters with encrypted messaging tech. The operation employs device farms and impersonates legitimate services to steal personal data, including financial information, often demonstrating ease of use through public videos.

https://www.bleepingcomputer.com/news/security/phishing-platform-lucid-behind-wave-of-ios-android-sms-attacks/

Exposing Crocodilus: New Device Takeover Malware Targeting Android Devices

Crocodilus Malware Summary: Crocodilus is a newly identified Android banking Trojan featuring advanced techniques such as overlay attacks, keylogging, and remote control. Unlike other Trojans, it deploys a sophisticated dropper to bypass Android restrictions, aims at banks primarily in Spain and Turkey, and exploits Accessibility Services to capture user credentials and sensitive information. It employs social engineering to manipulate victims into revealing wallet keys. Analysts trace potential links to the “sybra” threat actor, suggesting a connection to known malware families. The emergence of Crocodilus highlights the need for enhanced security measures in financial institutions.

https://www.threatfabric.com/blogs/exposing-crocodilus-new-device-takeover-malware-targeting-android-devices

FBI Warning For All iPhone, Android Users—Hang Up Now, Use This Code

FBI warns iPhone and Android users about AI-powered deepfake scams. Users should hang up on suspicious calls and create a secret code for verification with close family to combat voice cloning threats. Social media poses risks as it provides voice samples for cybercriminals. Ongoing AI attacks are reshaping crime, making scams increasingly sophisticated and difficult to detect.

https://www.forbes.com/sites/daveywinder/2025/03/22/fbi-warns-iphone-and-android-users-hang-up-now-use-this-code/

Scroll to Top