CyberSecurity updates
2025-02-23 16:20:32 Pacfic

Italian SIO Spyware Distributing Malicious Android Apps Stealing Data - 7d

Italian spyware vendor SIO has been caught distributing malicious Android applications that masquerade as popular apps like WhatsApp. Dubbed “Spyrtacus”, the spyware steals victim’s phone data and targets users in Italy. SIO claims to sell its products to government customers, law enforcement agencies, police, and intelligence agencies. The identity of victims remains unknown.

BADBOX Botnet Infects Hundreds of Thousands of Android Devices - 16d
BADBOX Botnet Infects Hundreds of Thousands of Android Devices

The BADBOX botnet has infected over 190,000 Android devices, including high-end models like Yandex 4K QLED TVs. This botnet’s infection is believed to be facilitated by pre-installed malware during the manufacturing process or further down the supply chain, highlighting a significant supply chain vulnerability. The scale of the infection underscores the critical security risks associated with supply chain compromises.

Google Patches Actively Exploited Android Kernel Zero-Day - 18d
Google Patches Actively Exploited Android Kernel Zero-Day

Google has released February 2025 Android security updates, patching 48 vulnerabilities, including a zero-day kernel vulnerability (CVE-2024-53104) that is actively exploited in the wild. This vulnerability is a privilege escalation in the USB Video Class (UVC) driver. The updates are available for Android 12 through Android 15 devices, addressing issues in Framework, System, Kernel, and vendor components.

Android Enhances Theft Protection with Identity Check - 28d
Android Enhances Theft Protection with Identity Check

Google has introduced new theft protection features for Android, including Identity Check, which locks sensitive settings outside trusted locations, and expanded theft protection features. Identity Check requires biometric authentication for access to sensitive settings, preventing unauthorized changes by thieves. This aims to improve the security of Android devices, particularly in cases of theft, enhancing user data protection. These features are rolling out to Android users in a near future update.

Gamaredon APT Deploys Android Spyware - 10d
Gamaredon APT Deploys Android Spyware

The Russian-aligned Gamaredon APT group has been attributed to the development and deployment of two new Android spyware families named BoneSpy and PlainGnome. BoneSpy has been active since 2021, while PlainGnome appeared in 2024. These tools are used to target former Soviet states, focusing on Russian-speaking victims, and are used for surveillance purposes. These sophisticated malwares collect sensitive data including SMS messages, call logs, device location, and contact lists. PlainGnome acts as a dropper for the surveillance payload, while BoneSpy is deployed as a standalone application.

Chinese Law Enforcement Uses EagleMsgSpy Tool - 9d
Chinese Law Enforcement Uses EagleMsgSpy Tool

A new mobile surveillance tool named ‘EagleMsgSpy’ has been discovered, used by Chinese law enforcement to gather data from Android devices. This tool, operational since 2017, collects a range of sensitive data, including chat messages, screen recordings, audio, call logs, contacts, SMS, location, and network activity. The collected data is sent to a command-and-control server, raising concerns about privacy and potential misuse.

FSB Uses Trojan App to Monitor Russian Programmer - 15d
FSB Uses Trojan App to Monitor Russian Programmer

The FSB, Russian Federal Security Service, allegedly used a trojanized application to monitor a Russian programmer accused of supporting Ukraine. This highlights the use of sophisticated surveillance techniques by state actors against individuals perceived as threats. The incident underscores the importance of digital security and privacy, especially in high-risk environments. The spyware was hidden in an app that the programmer downloaded.