Tag: mobile security
107 articles

Malware Exploits Android App to Harvest NFC Card Data
A new malware called NGate is putting NFC payment card users in Brazil at risk, exploiting the popular HandyPay app to steal sensitive card data and PINs. This sneaky attack leaves cardholders vulnerable to financial loss and compromised personal info.

NGate Malware Targets Brazil, Trojanizes HandyPay for NFC Data Theft
Security researchers have uncovered a sneaky new Android malware, NGate, that has been hiding in plain sight by infecting a legitimate app called HandyPay, used for NFC data relay, and using AI-generated code to steal payment credentials. This cleverly crafted malware has set its sights on Brazil, putting unsuspecting users at risk of NFC data theft.

Malicious Apps Infiltrate Apple's China Store, Target Crypto Wallets
Scammers have infiltrated Apple's China App Store with 26 fake cryptocurrency wallet apps, cleverly disguised as popular wallets like Metamask and Coinbase, to steal sensitive recovery phrases and drain users' digital assets. These malicious apps put unsuspecting crypto investors at risk of losing their hard-earned money.

Malicious iOS Apps Expose Crypto Users to FakeWallet Threat
Beware of scammers on the official app store: over 20 fake cryptocurrency wallet apps were recently discovered on the Apple App Store, masquerading as legit software to steal user credentials and secrets. These malicious apps, dubbed FakeWallet, put unsuspecting crypto users at risk of losing their digital assets.

Apple Rushes Fix for iPhone Passcode Bug
Locked out of your iPhone for months? Apple is finally on the case, rushing to fix a frustrating passcode bug that's left some users feeling stuck - and even considering a switch to Android.

Malware Exploits APK Flaws to Evade Android Static Analysis
Malware developers have found a sneaky trick to evade detection on Android devices, exploiting APK flaws to hide their malicious code from static analysis - and over 3,000 malware samples have already adopted this tactic. This widespread technique allows malware to fly under the radar, posing a significant threat to Android users.

Mirax RAT Exploits Meta Apps to Infiltrate Android Devices
Beware of fake ads on Meta apps - a sneaky new malware called Mirax RAT is using them to secretly take control of Android devices, with a focus on Spanish-speaking nations. This remote access Trojan is part of a growing Malware-as-a-Service economy that's putting unsuspecting users at risk.

Mirax RAT Exploits Meta Ads to Hijack 220,000 Devices
Meet Mirax RAT, a sneaky Android malware that's hijacked over 220,000 devices by exploiting Meta Ads, giving strangers full control over unsuspecting users' phones. This malicious code has rapidly spread to hundreds of thousands of social accounts, showcasing the alarming power of mainstream ad platforms in the wrong hands.

Mirax Trojan Hijacks Android Devices for Proxy Network
Meet Mirax, a sneaky new Android banking trojan that's not only stealing credentials, but also hijacking devices to create a powerful proxy network - putting European users at risk. This emerging malware is a triple threat, combining a malware-as-a-service model, remote access capabilities, and residential proxies to wreak havoc on infected phones.

Gmail Bolsters Security with Mobile End-to-End Encryption Rollout
Google just supercharged Gmail security with end-to-end encryption now available on all Android and iOS devices, giving enterprise users a seamless way to send and receive secure emails. This rollout promises stronger protections without the need for extra tools.

EngageLab SDK Flaw Compromises 50M Android Users
A security flaw in the EngageLab SDK has put a whopping 50 million Android users at risk, allowing apps on the same device to bypass Android's security sandbox and gain unauthorized access to sensitive information. This vulnerability, now patched, exposed cryptocurrency wallet users and others to potential data breaches.

Apple Intelligence Exposed to Hijacking Risk via Prompt Injection
Security researchers have discovered a vulnerability in Apple Intelligence, allowing hackers to manipulate the AI system into producing malicious output, including profanity, through a technique called prompt injection. This raises serious concerns about user safety and the effectiveness of current security safeguards.

Google API Flaw Exposes Android Apps to Gemini AI Vulnerabilities
A recently discovered flaw in Google's API keys is leaving millions of Android apps vulnerable to Gemini AI exploits, potentially exposing private files and racking up unexpected billing charges. This security gap allows mobile apps to quietly tap into the powerful AI, all without users noticing.

DarkSword Exploit Chain Spreads Across Threat Actors
A single iOS exploit chain, known as DarkSword, has been spreading rapidly among threat actors, allowing multiple groups to fully compromise iPhones across several countries. This compact, multi-vulnerability exploit leverages zero-day vulnerabilities to achieve complete device takeover, and was first detected in the wild in November 2025.

SOCs Face Multisystem Threats
In today's complex threat landscape, who's accountable when a single intrusion spreads across multiple systems, from Windows laptops to MacBooks, Linux servers, and mobile devices? The harsh reality is that no single team can contain it, as modern attack surfaces and campaigns have outgrown traditional Security Operations Center (SOC) workflows.

Microsoft Grapples with Weeks-Long Exchange Online Mailbox Access Disruptions
Weeks of frustrating disruptions have left Outlook mobile and macOS users struggling to access their Exchange Online mailboxes, sparking a flurry of questions about reliability and resolution. Microsoft is actively investigating the issue, but for affected users, the wait for a fix continues.

Google Tightens Android App Verification for Sideloaded Software
Google is shaking things up in the mobile world by introducing a new requirement for Android apps installed outside its official store: developers must now verify their identity to ensure user safety. This move aims to strike a balance between platform openness and protection from potential harm.

Apple Bolsters iOS 18 Defenses Against DarkSword Exploit Kit
Apple is stepping up its game to protect iPhone users with a new security update for iOS 18, shielding against the sneaky DarkSword exploit kit that's been compromising devices. This proactive move is a crucial defense in the ever-evolving world of cybersecurity threats.

Google Play Infected by NoVoice Android Malware
Millions of Android users may have unknowingly downloaded malware from Google Play, with over 50 apps infected by the NoVoice Android malware family, which has already racked up at least 2.3 million installs. This shocking discovery highlights the vulnerability of mobile ecosystems to malicious code that can slip past store vetting.

Google Launches Critical Android Developer Verification to Combat Alarming App Threats
Google's new Android Developer Verification is a game-changer in the fight against malicious apps, aiming to restore trust and keep bad actors at bay. By verifying developers worldwide, Google is taking a crucial step towards ensuring a safer app store experience for the billions of Android users.

FBI Issues Critical Alert on Dangerous QR Phishing
Dont let a quick scan be your undoing: the FBI warns that QR-enabled spear-phishing is turning everyday convenience into a precision tool for state-backed espionage, tricking victims into handing over credentials or approving authentications that give attackers persistent access.

MPs Urge Exclusive Affordable Tech to Halt Phone Theft
MPs are urging ministers to force Apple, Google and Samsung to deploy standardized, affordable tech that turns stolen phones into paperweights by blocking resets and reuse. Doing so could choke off criminals’ profits, slash street thefts and spare victims the pain of lost banking and identity access.

MPs Call for Essential, Affordable Tech to Stop Phone Theft
With phone theft soaring and victims cut off from banking and 2‑factor access, MPs say it’s time to make the handset worthless to thieves. They want the Home Secretary to press Apple, Google and Samsung to adopt standard, tamper‑resistant tech that kills the resale market and dries up criminals’ profits.

Smishing Triad Exclusive: 194K Alarming Malicious Domains
A single text can open a global crime machine — Unit 42 ties 194,000+ malicious domains to one sprawling smishing operation, so pause and verify before you click.