Three printer apps spread malware on Android: urgent update

-

A flaw in three official Android apps that allow the control and management of some printer models from well-known global vendors would be targeted by cyber criminals. Here's the attack pattern and how to mitigate the risk

Even Printers Can Now Spy on Your Information and Vandalize Your Documents - The Plug - HelloTech

According to Japanese Vulnerability Notes (JVN) , a flaw in three official apps for Android that allow the control of printers of well-known vendors globally, would be targeted by cyber criminals to spread malware .

“The vulnerability present in the Kyocera app, in particular, is extremely insidious”, comments Pierluigi Paganini , cyber security analyst and CEO of Cybhorus, “as it allows an attacker to have access to resources on the device for which he is not authorized ” .

The flaw opens the door for other malicious apps to spread malware to affected devices. In fact, hackers exploited the vulnerability to download and install malware on victims' devices. The flaw allows attackers to manage permissions in an advanced way.

The three apps are: Kyocera Mobile Print v3.2.0.230119 and earlier; Utax/TA Mobile Print v3.2.0.230119 and earlier; Olivetti Mobile Print v3.2.0.230119 and earlier versions . The uopdate to higher versions is therefore urgent.

The Kyocera app has been downloaded a million times on Google Play, while that of Utax/TA has exceeded 100,000 downloads on the Google app store and the Olivetti app has 10,000.

To enter your Android device, however, cybercriminals need to download and install a second infected app. They must therefore enable the download of the payload through the official application with a reliable and secure appearance.

In fact, "it must be said that, in assessing the severity of this flaw", Paganini adds, "it must be borne in mind that although it is an app that has about a million installations, the presence of a second malicious application on the target device”.

"This aspect implies the need to structure an attack in several stages, although not complex to implement," warns the cybersecurity expert.

How to protect yourself

The developers of the apps at risk have healed the flaw, to take cover from the cybercriminal offensive. In fact, Kyocera invites users to update the printing app to version v3.2.0.230227, already made available on Google Play.

The update of the three Android apps to their latest version is urgently needed to remedy the flaw at risk.

“Finally,” concludes Paganini, “future versions of Android support security features that can prevent the exploitation of flaws like these.” In fact, from Android 14 , the exchange of intents between apps will be restricted, since it will require the definition of specific recipients from the senders, the declaration of what information an app needs to receive from other apps, and whether or not the recipients should be limited to system broadcasts.

Comments

Post a Comment

Popular posts from this blog

The Hidden Lag Killing Your SIEM Efficiency

-
Image
  If your security tools feel slower than they should, you’re not imagining it. Many IT teams blame their sluggish SIEM performance on query complexity or alert volume. But sometimes the real issue is much simpler: oversized input files quietly dragging your system down. Think about the last time you had to sift through a bloated PDF or an unoptimised log dump. Every unnecessary megabyte adds strain. Every redundant line eats up cycles. Your SIEM doesn’t just react to threats—it processes all incoming data, relevant or not. When it starts lagging, detection gets delayed, triage slows, and in the high-stakes world of threat response, even seconds count. We often focus on analytics and rule tuning, but upstream efficiency—what you feed into your system—deserves just as much attention. This article looks at how optimising your inputs unlocks downstream performance. Why Oversized Files Clog the Pipeline As data volumes grow, organisations face esca lating  data storage costs ,...
Read more

Critical Vulnerability in Veeam Backup & Replication Exposes Enterprises to Remote Code Execution

-
Image
Critical Vulnerability in Veeam Backup & Replication Exposes Enterprises to Remote Code Execution By : Rei Ibraima A newly discovered critical vulnerability in Veeam’s Backup & Replication software, designated as CVE-2025-23120, poses a significant security risk to enterprise environments. The flaw allows authenticated domain users to execute arbitrary code remotely, potentially leading to full compromise of backup infrastructures. About CVE-2025-23120 The vulnerability arises from an insecure deserialization issue within Veeam Backup & Replication components—particularly in the .NET classes Veeam.Backup.EsxManager.xmlFrameworkDs and Veeam.Backup.Core.BackupSummary. Improper input validation in these components allows attackers to inject malicious serialized objects that are executed on the server side, resulting in Remote Code Execution (RCE). This issue affects systems where Veeam Backup & Replication is deployed in a domain-joined configuration, which—while common—is...
Read more

Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware

-
Image
The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed Southeast Asian country between August 2024 and February 2025. "Targets included a government ministry, an air traffic control organization, a telecoms operator, and a construction company," the Symantec Threat Hunter Team said in a new report shared with The Hacker News. "The attacks involved the use of multiple new custom tools, including loaders, credential stealers, and a reverse SSH tool." The intrusion set is also said to have targeted a news agency located in another country in Southeast Asia and an air freight organization located in another neighboring country. The threat cluster, per Broadcom's cybersecurity division, is assessed to be a continuation of a campaign that was disclosed by the company in December 2024 as a high-profile organization in Southeast Asia since at least October 2023. ...
Read more