Security Alerts & News
by Tymoteusz A. Góral

History
#1686 Google stops AdSense attack that forced banking trojan on Android phones
Google has shut down an operation that combined malicious AdSense advertisements with a zero-day attack exploiting Chrome for Android to force devices to download banking fraud malware.

Over a two-month span, the campaign downloaded the Banker.AndroidOS.Svpeng banking trojan on about 318,000 devices monitored by Kaspersky Lab, researchers from the Moscow-based anti-malware provider reported in a blog post published Monday. While the malicious installation files weren't automatically executed, they carried names such as last-browser-update.apk and WhatsApp.apk that were designed to trick targets into manually installing them. Kaspersky privately reported the scam to Google, and engineers from the search company put an end to the campaign, although the timing of those two events wasn't immediately clear.
Read more
#1691 Disassembling a mobile trojan attack
#1690 China’s new cybersecurity law is bad news for business
#1689 Fake shopping apps are invading the iPhone
#1688 Clever Gmail hack let attackers take over accounts
#1687 Adobe patches nine code execution flaws in Flash Player
#1686 Google stops AdSense attack that forced banking trojan on Android phones
#1685 TrickBot banking trojan adds new browser manipulation tools
#1684 IPv4 addresses exhausted, networking standards must support IPv6
#1683 Google releases supplemental patch for dirty COW vulnerability
#1682 Microsoft patches zero-day disclosed by Google
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12