In late 2016, Google’s security team scrambled to fix a critical vulnerability that allowed attackers to gain unfettered root access to Android devices by using a relatively new class of exploit that manipulates data stored in memory chips. Now, 21 months later, many of the same researchers behind the attack, dubbed Drammer, are back to… Read More


The issue is not new, being first spotted by the team at Qihoo 360 Netlab in February, this year, when they detected an Android worm that was spreading from Android device to Android device, infecting them with a cryptocurrency miner named ADB.Miner. The ADB.Miner worm exploited the Android Debug Bridge (ADB), a feature of the… Read More


News of this group first surfaced after a report in December 2016, when Russian antivirus vendor Dr.Web disclosed that a mysterious threat actor had found a way to penetrate the supply-chain of several mobile carriers, infecting phones with malware. At the time, experts said they found malware in the firmware of at least 26 low-cost… Read More


THE ACCC is investigating accusations Google is using as much as $580 million worth of Australians’ phone plan data annually to secretly track their movements. Australian Competition and Consumer Commission chairman Rod Sims said he was briefed recently by US experts who had intercepted, copied and decrypted messages sent back to Google from mobiles running… Read More


ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind the operation infect Android devices using several generations of malware, with the attackers including new features in each iteration. We label them from v1-v4, with v4 being the most recent version deployed in… Read More


The proof of concept attack the researchers created to demonstrate their technique takes about two minutes, from a malicious site loading their javascript in the browser to running code on the victim’s phone. It can only run that code, however, within the privileges of the browser. That means it can potentially steal credentials or spy… Read More


In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. According to our telemetry data, this malware was detected more than 6,000 times, though the reports… Read More


SRL researchers Karsten Nohl and Jakob Lell spent two years analyzing Android devices, checking to see if the phones actually had installed the security patches that the software said it had. The pair found that many devices had what they call a “patch gap,” where the phone’s software would claim it was up to date… Read More


Several days ago, EST Security published a post concerning a fake antivirus malware targeting the Android mobile platform. In the Korean media, it was mentioned that there could be a link between this Android malware and Group 123. Talos decided to investigate this malware. And due to our reporting and history of following of Group… Read More