Apps with multi-million downloads are being targeted by a new emerging #android malware!
Our Threat Researchers have analyzed nearly 200 apps infected by malicious SDKs, some of which are still available on the Google Play Store.
#SpinOK Android malware has been actively distributed via a malicious #SDK disguised as an advertising library in #supplychainattacks that infiltrates millions of Android users to steal their data.
Hackers appear to have compromised Equifax's email system, using the subject line "Free Pompompurin" to lure victims into a cryptocurrency scam. Learn more here.
Over 160 GB worth of private documents belonging to #Acer available for sale on #hacking forum followed by compromising a server hosting these details. But the #tech giant denied all claims of customer #databreach.
Play ransomware operators claimed to be behind the massive cyberattack on City of Oakland disrupting the IT services resulting in a state of emergency. Recently, they have also leaked over 10GB of stolen data containing confidential documents, employee information, passports, and IDs.
Digital-first bank Hatch Bank confirms data breach after hackers exploit zero-day vulnerability in its internal file transfer software, stealing 140,000 customer Social Security numbers.
LearnPress, a popular WordPress online course plugin, was found to have multiple critical-severity vulnerabilities, including pre-auth SQL injection and local file inclusion. 75,000 active sites still use vulnerable versions, exposing themselves to severe security risks. Update now!
GoTo reveals that hackers not only breached its development environment in November 2022 but also stole encrypted backups containing customer information and an encryption key for a part of that data. Learn more about the impact and mitigation steps taken
Riot Games, developer of popular games League of Legends and Valorant, faces $10 million ransom demand from hackers who stole source code in security breach. Company refuses to pay, assures no player data compromised
The recent credential stuffing attack on PayPal exposed personal data of 34,942 users, highlighting the vulnerability of online security. Credential stuffing is a type of cyber attack where hackers use automated bots to systematically test a list of username and password pairs on various online platforms and services. The attack occurred between December 6th and 8th, 2022 and was initially detected and mitigated by the company's security team. However, personal information such as full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers were exposed. Users are urged to take proactive measures to protect their personal information and financial details and consider using automated appsec management platform like Threatspy to detect and eliminate injection vulnerabilities before they can cause harm.
Our Threat Researchers have analyzed nearly 200 apps infected by malicious SDKs, some of which are still available on the Google Play Store.
#SpinOK Android malware has been actively distributed via a malicious #SDK disguised as an advertising library in #supplychainattacks that infiltrates millions of Android users to steal their data.
Read our analysis: https://ow.ly/KYAm500IG7G
#spyware #mobilesecurity #android #appsec #ASMP #Threatfeed #SecureBlink