Xiaomi Phone Bug Allowed Payment Forgery
Mobile transactions could’ve been disabled, created and signed by attackers. link: https://threatpost.com/xiaomi-phones-found-vulnerable-to-payment-forgery/180416/ Author: Nate Nelson
Google Boots Multiple Malware-laced Android Apps from Marketplace
Google removed eight Android apps, with 3M cumulative downloads, from its marketplace for being infected with a Joker spyware variant. link: https://threatpost.com/google-boots-malware-marketplace/180241/ Author: Elizabeth Montalbano
Google Warns Spyware Being Deployed Against Android, iOS Users
The company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs. link: https://threatpost.com/google-hermit-spyware-android-ios/180062/ Author: Elizabeth Montalbano
Kazakh Govt. Used Spyware Against Protesters
Researchers have discovered that a Kazakhstan government entity deployed sophisticated Italian spyware within its borders. link: https://threatpost.com/kazakh-govt-used-spyware-against-protesters/180016/ Author: Nate Nelson
TeaBot Trojan Haunts Google Play Store, Again
Malicious Google Play apps have circumvented censorship by hiding trojans in software updates. link: https://threatpost.com/teabot-trojan-haunts-google-play-store/178738/ Author: Nate Nelson
Zenly Social-Media App Bugs Allow Account Takeover
A pair of bugs in the Snap-owned tracking app reveal phone numbers and allow account hijacking. link: https://threatpost.com/zenly-bugs-account-takeover/178646/ Author: Tara Seals
iPhones Vulnerable to Attack Even When Turned Off
Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware. link: https://threatpost.com/iphones-attack-turned-off/179641/ Author: Elizabeth Montalbano
Mozilla: Lack of Security Protections in Mental-Health Apps Is ‘Creepy’
Popular apps to support people’s psychological and spiritual well-being can harm them by sharing their personal and sensitive data with third parties, among other privacy offenses. link: https://threatpost.com/mozilla-security-health-apps-creepy/179463/ Author: Elizabeth…
‘CatalanGate’ Spyware Infections Tied to NSO Group
Citizen Lab uncovers multi-year campaign targeting autonomous region of Spain, called Catalonia. link: https://threatpost.com/catalangate-spyware/179336/ Author: Threatpost
Google Play Bitten by Sharkbot Info-stealer ‘AV Solution’
Google removed six different malicious Android applications targeting mainly users in the U.K. and Italy that were installed about 15,000 times. link: https://threatpost.com/google-play-bitten-sharkbot/179252/ Author: Elizabeth Montalbano