FISA

  A newly discovered Android malware dubbed DroidLock can lock victims’ screens for ransom and access text messages, call logs, contacts, audio recordings, or even erase data. DroidLLock allows its operator to take complete control of the device via the VNC sharing system and can steal the device lock pattern by placing an overlay on the screen. According to researchers at mobile security company Zimperium, the malware targets Spanish-speaking users and is distributed through malicious websites promoting fake applications that impersonate legitimate packages. In a report today, Zimperium says that the "infection starts with a dropper that deceives the user into installing the secondary payload that contains the actual malware." The malicious apps introduce the main payload via an update request and then ask for Device Admin and Accessibility Services permissions, which let it to perform fraudulent activities. Some of the actions it can take are ...

  In a recent study, Zimperium uncovered a concerning trend in  Android malware  that uses a tricky method to hide itself from antivirus programs. This APK can be installed on Android devices with an OS version above Android 9 Pie (API 28), reducing the possibility of being analyzed.  How was this made possible According to researchers, it was  achieved  by using an unsupported decompression method in the APK, which is essentially a zip file. While the technique is not new and was first demonstrated in 2014, security researchers have begun noticing its impact only lately. For instance, Zimperium found over 3,000 APKs in the wild, using this suspicious compression technique.  A rather concerning part is that these APKs were not found on the official Google Play Store, indicating distribution via third-party app stores or sideloading using some social engineering or phishing attack. Another sneaky tactic emerging lately Just a few days back, Google ...