Mobile and Technology - Cyber Security Informer

Mobile malware evolution in 2024

SecureList

MARCH 3, 2025

million attacks involving malware, adware or unwanted mobile software were prevented. Adware, the most common mobile threat, accounted for 35% of total detections. million malicious and potentially unwanted installation packages were detected, almost 69,000 of which associated with mobile banking Trojans. A total of 1.1

Mobile

Mobile Malware Adware Banking

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies. T-Mobile confirms it was hacked as part of a long-running cyber espionage campaign targeting Telco companies. The bad news is that this isn’t the first incident suffered by T-Mobile.

Mobile

Mobile Telecommunications Data breaches Hacking

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

Those who fall for the scam are asked to provide payment card data, and eventually will be asked to supply a one-time password sent via SMS or a mobile authentication app. Notably, none of the phishing pages will even load unless the website detects that the visitor is coming from a mobile device.

Phishing

Phishing Scams Mobile Passwords

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

T-Mobile detected network intrusion attempts and blocked them

Security Affairs

NOVEMBER 28, 2024

T-Mobile reported recent infiltration attempts but pointed out that threat actors had no access to its systems and no sensitive data was compromised. T-Mobile detected recent infiltration attempts but confirmed no unauthorized system access occurred, and no sensitive data was compromised. This is not the case at T-Mobile.”

Mobile

Mobile Telecommunications Government Internet

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Krebs on Security

NOVEMBER 28, 2022

A recent scoop by Reuters revealed that mobile apps for the U.S. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan , malware designed to surreptitiously intercept and forward text messages from Android mobile devices. “Pushwoosh Inc.

Mobile

Mobile Malware Technology Government

Arrests in Tap-to-Pay Scheme Powered by Phishing

Krebs on Security

MARCH 21, 2025

states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. If you own a mobile phone, the chances are excellent that at some point in the past two years it has received at least one phishing message that spoofs the U.S. Image: WLVT-8.

Phishing

Phishing Mobile Scams Banking

Why Phishers Love New TLDs Like.shop,top and.xyz

Krebs on Security

DECEMBER 3, 2024

Interisle sources data about cybercrime domains from anti-spam organizations, including the Anti-Phishing Working Group (APWG), the Coalition Against Unsolicited Commercial Email (CAUCE), and the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG). But this past year, Interisle found the U.S.

Cybercrime

Cybercrime Phishing Accountability Internet

Thai police arrested Chinese hackers involved in SMS blaster attacks

Security Affairs

NOVEMBER 25, 2024

. “This “SMS blasting” attack relies on using technology that impersonates cellular base stations and is capable of transmitting thousands of messages to devices within a close geographical radius.” The equipment sent nearly 1 million fraudulent messages in 3 days. around busy areas of Sukhumvit Road” continues Khaosod.

Mobile

Mobile Scams Technology Telecommunications

SHARED INTEL: How attacks on web, mobile apps are being fueled by rising API vulnerabilities

The Last Watchdog

APRIL 7, 2020

Zoosk’s core service is delivered via a mobile app that has 20 different registration and/or login pages – all are API driven. Here’s how Keil breaks down what happened: Keil “The attackers deconstructed the mobile app and found all of these login and mobile app registration APIs, and so they started using them for attack purposes.

Mobile

Mobile Digital transformation Scams Accountability

Popular VPNs are routing traffic via Chinese companies, including one with link to military

Malwarebytes

APRIL 3, 2025

Up to one in five of the most popular mobile VPNs for iOS last year are owned by Chinese companies that do their best to hide the fact. Mobile VPNs are apps that connect your smartphone to the internet via different computers around the world. The company developed several mobile apps for Innovative Connecting Pte.

VPN

VPN Mobile Government Technology

RSAC Fireside Chat: Deploying Hollywood-tested content protection to improve mobile app security

The Last Watchdog

MAY 18, 2023

Your go-to mobile apps aren’t nearly has hackproof as you might like to believe. Related: Fallout of T-Mobile hack Hackers of modest skill routinely bypass legacy security measures, even two-factor authentication, with techniques such as overlay attacks. And hard data shows instances of such breaches on the rise.

Mobile

Mobile Authentication Internet Internet

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

The Last Watchdog

AUGUST 19, 2021

At the start of this week, word got out that hackers claimed to have seized personal data for as many as 100 million T-Mobile patrons. According to the attackers, this was a configuration issue on an access point T-Mobile used for testing. T-Mobile left a gate left wide open for attackers – and attackers just had to find the gate.”.

Mobile

Mobile Data breaches Authentication Accountability

MY TAKE: RSAC 2025 – Conversing with vendors hanging out in the Marriott Marquis mezzanine

The Last Watchdog

MAY 1, 2025

Alcavio: AI-powered deception Anand Akela of Alcavio Technologies offered a provocative take: Deception technology is the only way to detect threats that no one has seen before zero days generated on the fly by LLMs. The moment an intruder touches one, high-fidelity alerts are triggered. Approovs solution?

Mobile

Mobile Government CISO Technology

Zero-day attacks on browsers and smartphones drop, says Google

Malwarebytes

MAY 1, 2025

Cybercriminals are having less success targeting end-user technology with zero-day attacks, said Google’s security team this week. While most attacks do still target personal technology like smartphones and browsers, the focus is moving increasingly to enterprise tech. What does all this mean for you?

Spyware

Spyware Mobile Technology Government

US Schools Are Buying Cell Phone Unlocking Systems

Schneier on Security

DECEMBER 18, 2020

Gizmodo is reporting that schools in the US are buying equipment to unlock cell phones from companies like Cellebrite: Gizmodo has reviewed similar accounting documents from eight school districts, seven of which are in Texas, showing that administrators paid as much $11,582 for the controversial surveillance technology.

Surveillance

Surveillance Mobile Accountability Technology

FCC Proposes to Fine Wireless Carriers $200M for Selling Customer Location Data

Krebs on Security

FEBRUARY 28, 2020

The FCC proposed fining T-Mobile $91 million; AT&T faces more than $57 million in fines; Verizon is looking at more than $48 million in penalties; and the FCC said Sprint should pay more than $12 million. In response, the carriers promised to “wind down” location data sharing agreements with third-party companies.

Wireless

Wireless Mobile Technology

FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data

Krebs on Security

APRIL 29, 2024

Federal Communications Commission (FCC) today levied fines totaling nearly $200 million against the four major carriers — including AT&T , Sprint , T-Mobile and Verizon — for illegally sharing access to customers’ location information without consent.

Wireless

Wireless Mobile Technology

Location, name, and photos of random kids shown to parents in child tracker mix up

Malwarebytes

APRIL 3, 2025

Not one but several worried parents that tracked their children by using T-Mobile tracking devices suddenly found that they were looking at the location of random other children. T-Mobile sells a small GPS tracker called SyncUP , which can be used to track, among others, the locations of young children who dont have cell phones yet.

Mobile

Mobile Media Surveillance Technology

Apple AirTags Are Being Used to Track People and Cars

Schneier on Security

DECEMBER 31, 2021

This development suprises no one who has been paying attention: Researchers now believe AirTags, which are equipped with Bluetooth technology, could be revealing a more widespread problem of tech-enabled tracking. They emit a digital signal that can be detected by devices running Apple’s mobile operating system.

Mobile

Mobile Technology Surveillance

Black Hat Fireside Chat: Consumers demand secure mobile apps; it’s high time for brands to deliver

The Last Watchdog

AUGUST 1, 2024

Two-plus decades of enduring wave after wave of mobile app malware and fraud has finally taken its toll on users. I recently visited with Appdome CEO Tom Tovar to discuss clear signals that consumers are now insisting upon mobile apps that are private and secure, as well as convenient. . I’ll keep watch and keep reporting.

Mobile

Mobile Internet Internet Technology

News alert: NTT unveils AI inference chip enabling real-time 4K processing of ultra-high-def video

The Last Watchdog

APRIL 10, 2025

This low-power technology is designed for edge and power-constrained terminal deployments in which conventional AI inferencing requires the compression of ultra-high-definition video for real-time processing. on the advancement of this LSI in relation to its proprietary Attribute-Based Encryption (ABE) technologies. TOKYO, Apr.

Technology

Technology Wireless Engineering Encryption

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

OCTOBER 21, 2024

DevHub is a platform designed for developers to access resources, tools, and APIs to build and integrate applications with Cisco’s technologies. IntelBroker targeted many major organizations in past attacks, including AMD , AT&T, Bank of America, Microsoft, Europol , SAP, T-Mobile, Verizon, and others.

Cybercrime

Cybercrime Data breaches Technology Banking

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

Robocall Legal Advocate Leaks Customer Data

Krebs on Security

AUGUST 3, 2020

A California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers.

Mobile

Mobile Marketing Consumer Protection Wireless

News alert: Wultra secures €3M funding to help financial firms mitigate coming quantum threats

The Last Watchdog

JANUARY 15, 2025

15, 2025, CyberNewswire — Quantum computing is set to revolutionize technology, but it also presents a significant security risk for financial institutions. He played a key role in building Inmite, a mobile app development firm acquired by Avast in 2014. Prague, Czech Republic, Jan. Dvorak is no stranger to innovation.

Banking

Banking Authentication Technology Marketing

Pakistani Firm Shipped Fentanyl Analogs, Scams to US

Krebs on Security

MAY 7, 2025

and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development and logo designs, a new investigation reveals. Other businesses registered at this address market services for logo design, mobile app development, and ghostwriting. Records from the U.S.

Scams

Scams Marketing Advertising Technology

Phishing attacks target mobile users via progressive web applications (PWA)

Security Affairs

AUGUST 23, 2024

Cybercriminals use progressive web applications (PWA) to impersonate banking apps and steal credentials from mobile users. ESET researchers detailed a phishing campaign against mobile users that uses Progressive Web Applications (PWAs). ” concludes the report published by ESET.

Phishing

Phishing Mobile Banking Social Engineering

France’s second-largest telecoms provider Free suffered a cyber attack

Security Affairs

OCTOBER 28, 2024

million mobile and fixed subscribers. “” The telecommunications firm has filed a criminal complaint and informed France’s agencies National Commission for Information Technology and Civil Liberties (CNIL) and the National Agency for the Security of Information Systems (ANSSI). Free S.A.S.

Cyber Attacks

Cyber Attacks Telecommunications Data breaches Banking

Unauthorized data access vulnerability in macOS is detailed by Microsoft

Malwarebytes

OCTOBER 18, 2024

It is important to note that this vulnerability would only impact Mobile Device Management (MDM) managed devices. By exploiting this vulnerability an attacker could bypass the macOS Transparency, Consent, and Control (TCC) technology and gain unauthorized access to a user’s protected data. Microsoft has dubbed the flaw “HM Surf.”

Adware

Adware Spyware Mobile Technology

NY Man Pleads Guilty in $20 Million SIM Swap Theft

Krebs on Security

DECEMBER 16, 2021

A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. A SIM card is the tiny, removable chip in a mobile device that allows it to connect to the provider’s network. Nicholas Truglia, holding bottle.

Cryptocurrency

Cryptocurrency Mobile Accountability Scams

Google Threat Intelligence Group (GTIG) tracked 75 actively exploited zero-day flaws in 2024

Security Affairs

APRIL 29, 2025

“GTIG continued to observe an increase in adversary exploitation of enterprise-specific technologies throughout 2024. GTIG experts reported that in 2024, zero-day attacks targeting enterprise tech grew, while browser and mobile exploits dropped. In 2023, 37% of zero-day vulnerabilities targeted enterprise products.”

Surveillance

Surveillance Mobile Software Hacking

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world’s largest technology companies and customer support firms. TechCrunch reported last week that the incident was linked to the same phishing campaign that targeted Twilio. In an Aug.

Mobile

Mobile Phishing Authentication Accountability

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Security Affairs

DECEMBER 16, 2024

The spyware’s deployment relied on Cellebrite’s unlocking process, combining two invasive technologies to compromise the journalists digital privacy comprehensively. NoviSpy can extract sensitive data from compromised Android devices, including screenshots, location data, audio recordings, files, and photos. .

Spyware

Spyware Surveillance Technology Mobile

A Device to Turn Traffic Lights Green

Schneier on Security

FEBRUARY 22, 2023

Instead, they use optical technology to beam infrared light from vehicles to static receivers mounted on traffic light poles. Essentially, the tech works by detecting a specific pattern of infrared light emitted by the Mobile Infrared Transmitter (MIRT) installed in a police car, fire truck, or ambulance when the MIRT is switched on.

Wireless

Wireless Firmware Mobile Technology

Google Mending Another Crack in Widevine

Krebs on Security

OCTOBER 26, 2020

For the second time in as many years, Google is working to fix a weakness in its Widevine digital rights management (DRM) technology used by online streaming sites like Disney , Hulu and Netflix to prevent their content from being pirated. Further reading: Breaking Content Protection on Streaming Websites.

Software

Software Technology Mobile Media

The Rise of One-Time Password Interception Bots

Krebs on Security

SEPTEMBER 29, 2021

.” Many websites now require users to supply both a password and a numeric code/OTP token sent via text message, or one generated by mobile apps like Authy and Google Authenticator. Unfortunately, those most likely to fall for these OTP interception schemes are people who are less experienced with technology.

Passwords

Passwords Mobile Authentication Banking

Why is ‘Juice Jacking’ Suddenly Back in the News?

Krebs on Security

APRIL 14, 2023

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about “ juice jacking ,” a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk.

Mobile

Mobile Software Backups Technology

New Atrium Health data breach impacts 585,000 individuals

Security Affairs

DECEMBER 6, 2024

Atrium Health launched an investigation into the security breach and discovered that from January 2015 to July 2019, certain online tracking technologies were active on its MyAtriumHealth (formerly MyCarolinas) Patient Portal, accessible via web and mobile. ” reads the notice of a Privacy Matter published by the organization.

Data breaches

Data breaches Identity Theft Accountability Technology

Introducing Duo Wear: Seamless MFA From Your Wrist!

Duo's Security Blog

APRIL 24, 2025

Were thrilled to announce Duo Wear , a companion app for Duo Mobile that brings fast and easy multi-factor authentication (MFA) to your Wear OS smartwatch! It works together with the Duo Mobile app on your Android phone. Wearables are a growing component of our technological lives. What is Duo Wear? Why Make a Wear OS App?

Authentication

Authentication Mobile Technology

Europol says Home Routing mobile encryption feature aids criminals

Bleeping Computer

JULY 7, 2024

Europol is proposing solutions to avoid challenges posed by privacy-enhancing technologies in Home Routing that hinder law enforcement's ability to intercept communications during criminal investigations. [.]

Encryption

Encryption Mobile Technology

Cisco states that the second data leak is linked to the one from October

Security Affairs

DECEMBER 30, 2024

DevHub is a platform designed for developers to access resources, tools, and APIs to build and integrate applications with Ciscos technologies. IntelBroker targeted many major organizations in past attacks, including AMD , AT&T, Bank of America, Microsoft, Europol , SAP, T-Mobile, Verizon, and others. ” concludes the update.

Data breaches

Data breaches Cybercrime Authentication Technology

MY TAKE: As RSAC 2025 opens, Microsoft, Amazon make GenAI grab — will control tighten?

The Last Watchdog

APRIL 28, 2025

Yet as the conference opens, it feels like were crossing an even bigger threshold not just a new technological frontier, but a familiar historical tension line. Over the past 500 years, every transformative technology has followed a pattern: the Gutenberg press, the steam engine, the transistor, the early internet.

Small Business

Small Business Internet Internet Architecture

Update your Android: Google patches two zero-day vulnerabilities

Malwarebytes

NOVEMBER 6, 2024

LMP stands for Link Manager Protocol, which is a communication system used in Bluetooth technology to set up and manage connections between devices. Keep threats off your mobile devices by downloading Malwarebytes for iOS , and Malwarebytes for Android today.

Encryption

Encryption Mobile Technology Software

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

JANUARY 11, 2021

NYSE: UI ] said it recently became aware of “unauthorized access to certain of our information technology systems hosted by a third party cloud provider,” although it declined to name that provider. In an email sent to customers today, Ubiquiti Inc. Click on ‘Security’ from the left-hand menu. Change your password.

Passwords

Passwords Authentication Firmware Accountability

Mobile malware evolution in 2024

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Webinars

Trending Sources

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Webinars

T-Mobile detected network intrusion attempts and blocked them

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Arrests in Tap-to-Pay Scheme Powered by Phishing

Why Phishers Love New TLDs Like.shop,top and.xyz

Thai police arrested Chinese hackers involved in SMS blaster attacks

SHARED INTEL: How attacks on web, mobile apps are being fueled by rising API vulnerabilities

Popular VPNs are routing traffic via Chinese companies, including one with link to military

RSAC Fireside Chat: Deploying Hollywood-tested content protection to improve mobile app security

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

MY TAKE: RSAC 2025 – Conversing with vendors hanging out in the Marriott Marquis mezzanine

Zero-day attacks on browsers and smartphones drop, says Google

US Schools Are Buying Cell Phone Unlocking Systems

FCC Proposes to Fine Wireless Carriers $200M for Selling Customer Location Data

FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data

Location, name, and photos of random kids shown to parents in child tracker mix up

Apple AirTags Are Being Used to Track People and Cars

Black Hat Fireside Chat: Consumers demand secure mobile apps; it’s high time for brands to deliver

News alert: NTT unveils AI inference chip enabling real-time 4K processing of ultra-high-def video

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Robocall Legal Advocate Leaks Customer Data

News alert: Wultra secures €3M funding to help financial firms mitigate coming quantum threats

Pakistani Firm Shipped Fentanyl Analogs, Scams to US

Phishing attacks target mobile users via progressive web applications (PWA)

France’s second-largest telecoms provider Free suffered a cyber attack

Unauthorized data access vulnerability in macOS is detailed by Microsoft

NY Man Pleads Guilty in $20 Million SIM Swap Theft

Google Threat Intelligence Group (GTIG) tracked 75 actively exploited zero-day flaws in 2024

How 1-Time Passcodes Became a Corporate Liability

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

A Device to Turn Traffic Lights Green

Google Mending Another Crack in Widevine

The Rise of One-Time Password Interception Bots

Why is ‘Juice Jacking’ Suddenly Back in the News?

New Atrium Health data breach impacts 585,000 individuals

Introducing Duo Wear: Seamless MFA From Your Wrist!

Europol says Home Routing mobile encryption feature aids criminals

Cisco states that the second data leak is linked to the one from October

MY TAKE: As RSAC 2025 opens, Microsoft, Amazon make GenAI grab — will control tighten?

Update your Android: Google patches two zero-day vulnerabilities

Ubiquiti: Change Your Password, Enable 2FA

Stay Connected