Cyber Threat Alert: Kimsuky Group Targets Gmail Inboxes Using Rogue Browser Extensions Recent advisories from government agencies in Germany and South Korea have highlighted a concerning wave of cyberattacks attributed to a North Korean threat actor known as Kimsuky. This group has been leveraging malicious browser extensions to infiltrate users’…
April 11, 2025
Spyware / Mobile Security
Cybersecurity experts have uncovered a dangerous trend where threat actors are using deceptive websites on newly registered domains to spread SpyNote, a notorious Android malware. These fraudulent sites mimic Google Play Store installation pages for popular apps like the Chrome browser, aiming to trick users into downloading the malware. According to the DomainTools Investigations (DTI) team, the attackers employed a combination of English and Chinese-language delivery sites and even included Chinese-language comments in the site code and the malware itself.
SpyNote (also known as SpyMax) is a remote access trojan infamous for its capability to collect sensitive information from compromised Android devices by exploiting accessibility services. In May 2024, the malware was distributed via another fake site that posed as a legitimate antivirus program, Avast. Further analysis from mobile security firm Zimperium revealed additional tactics employed by these cybercriminals…
SpyNote, BadBazaar, and MOONSHINE Malware Exploit Fake Apps to Target Android and iOS Users April 11, 2025 Focus on Spyware / Mobile Security Recent investigations by cybersecurity experts have unveiled a concerning trend: threat actors are leveraging newly registered domains to create deceptive websites that distribute a dangerous Android malware…
April 11, 2025
Spyware / Mobile Security
Cybersecurity experts have uncovered a dangerous trend where threat actors are using deceptive websites on newly registered domains to spread SpyNote, a notorious Android malware. These fraudulent sites mimic Google Play Store installation pages for popular apps like the Chrome browser, aiming to trick users into downloading the malware. According to the DomainTools Investigations (DTI) team, the attackers employed a combination of English and Chinese-language delivery sites and even included Chinese-language comments in the site code and the malware itself.
SpyNote (also known as SpyMax) is a remote access trojan infamous for its capability to collect sensitive information from compromised Android devices by exploiting accessibility services. In May 2024, the malware was distributed via another fake site that posed as a legitimate antivirus program, Avast. Further analysis from mobile security firm Zimperium revealed additional tactics employed by these cybercriminals…
Qualcomm Resolves Three Zero-Day Vulnerabilities Targeting Android Devices Through Adreno GPU
June 02, 2025
Spyware / Vulnerability
Qualcomm has released security updates to address three zero-day vulnerabilities that have been exploited in limited, targeted attacks. These flaws, responsibly disclosed by the Google Android Security team, include:
CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6): Two incorrect authorization vulnerabilities in the Graphics component that could lead to memory corruption due to unauthorized command execution in GPU microcode during specific command sequences.
CVE-2025-27038 (CVSS score: 7.5): A use-after-free vulnerability in the Graphics component that may result in memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
According to Qualcomm’s advisory, the Google Threat Analysis Group has indicated that CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038 might be under limited, targeted exploitation. Patches have been issued to resolve the vulnerabilities affecting the Adreno graphics architecture.
Qualcomm Addresses Critical Security Flaws Exploited in Targeted Android Attacks On June 2, 2025, Qualcomm announced the release of vital security updates aimed at mitigating three zero-day vulnerabilities that have reportedly been leveraged in targeted attacks against Android devices. These vulnerabilities, identified in collaboration with the Google Android Security team,…
Qualcomm Resolves Three Zero-Day Vulnerabilities Targeting Android Devices Through Adreno GPU
June 02, 2025
Spyware / Vulnerability
Qualcomm has released security updates to address three zero-day vulnerabilities that have been exploited in limited, targeted attacks. These flaws, responsibly disclosed by the Google Android Security team, include:
CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6): Two incorrect authorization vulnerabilities in the Graphics component that could lead to memory corruption due to unauthorized command execution in GPU microcode during specific command sequences.
CVE-2025-27038 (CVSS score: 7.5): A use-after-free vulnerability in the Graphics component that may result in memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
According to Qualcomm’s advisory, the Google Threat Analysis Group has indicated that CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038 might be under limited, targeted exploitation. Patches have been issued to resolve the vulnerabilities affecting the Adreno graphics architecture.
Three security vulnerabilities have been identified in preloaded Android applications on Ulefone and Krüger&Matz smartphones. These flaws enable any installed app to factory reset the device and potentially encrypt other applications. Key details of the vulnerabilities include:
CVE-2024-13915 (CVSS score: 6.9): A pre-installed “com.pri.factorytest” app on Ulefone and Krüger&Matz devices exposes a service that permits any app to execute a factory reset.
CVE-2024-13916 (CVSS score: 6.9): The “com.pri.applock” app on Krüger&Matz smartphones allows users to encrypt apps using a PIN or biometric data. This app also exposes a method that lets malicious apps access sensitive fingerprint data.
Security Flaws in Preinstalled Apps on Ulefone and Krüger&Matz Smartphones Enable Malicious Actions On June 2, 2025, significant security vulnerabilities were uncovered in pre-installed applications on smartphones manufactured by Ulefone and Krüger&Matz. These vulnerabilities could potentially allow any application downloaded onto these devices to conduct a factory reset or encrypt…
Three security vulnerabilities have been identified in preloaded Android applications on Ulefone and Krüger&Matz smartphones. These flaws enable any installed app to factory reset the device and potentially encrypt other applications. Key details of the vulnerabilities include:
CVE-2024-13915 (CVSS score: 6.9): A pre-installed “com.pri.factorytest” app on Ulefone and Krüger&Matz devices exposes a service that permits any app to execute a factory reset.
CVE-2024-13916 (CVSS score: 6.9): The “com.pri.applock” app on Krüger&Matz smartphones allows users to encrypt apps using a PIN or biometric data. This app also exposes a method that lets malicious apps access sensitive fingerprint data.
Date: July 7, 2023
In its latest security update, Google has addressed 46 new vulnerabilities in the Android operating system, highlighting three that are actively exploited in targeted attacks. Notably, CVE-2023-26083 pertains to a memory leak issue in the Arm Mali GPU driver for Bifrost, Avalon, and Valhall architectures. This vulnerability was previously exploited in December 2022, allowing spyware to infiltrate Samsung devices. Its severity prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue a patching directive for federal agencies in April 2023. Additionally, CVE-2021-29256 represents a high-severity flaw affecting certain versions of the Bifrost and Midgard Arm Mali GPU kernel drivers, enabling an unprivileged user to access sensitive data and escalate privileges to the root level.
Google Addresses Critical Vulnerabilities in Latest Android Update On July 7, 2023, Google rolled out its monthly security updates for the Android operating system, patching a total of 46 newly identified vulnerabilities. Notably, three of these vulnerabilities have been confirmed as actively exploited in specific targeted attacks, raising concerns among…
Date: July 7, 2023
In its latest security update, Google has addressed 46 new vulnerabilities in the Android operating system, highlighting three that are actively exploited in targeted attacks. Notably, CVE-2023-26083 pertains to a memory leak issue in the Arm Mali GPU driver for Bifrost, Avalon, and Valhall architectures. This vulnerability was previously exploited in December 2022, allowing spyware to infiltrate Samsung devices. Its severity prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue a patching directive for federal agencies in April 2023. Additionally, CVE-2021-29256 represents a high-severity flaw affecting certain versions of the Bifrost and Midgard Arm Mali GPU kernel drivers, enabling an unprivileged user to access sensitive data and escalate privileges to the root level.
A notable breach has emerged from North Korea’s Kimsuky espionage group, with insiders leaking hundreds of gigabytes of sensitive internal files and tools to the public. This incident, which surfaced in early June 2025, reveals critical backdoors, phishing mechanisms, and reconnaissance strategies employed by the state-sponsored threat actor—marking an unusual…
November 5, 2024 – Mobile Security / Vulnerability
Google has issued a warning regarding a security vulnerability in its Android operating system that is currently being actively exploited. Identified as CVE-2024-43093, this privilege escalation flaw affects the Android Framework component and may allow unauthorized access to the “Android/data,” “Android/obb,” and “Android/sandbox” directories, along with their subdirectories. While details on the exploitation methods remain limited, Google noted in its monthly report that there are signs of “limited, targeted exploitation.” Additionally, the company highlighted CVE-2024-43047, a previously patched security issue in Qualcomm chipsets, which is also being actively exploited. This particular vulnerability involves a use-after-free flaw in the Digital Signal Processor (DSP) Service, where successful exploitation could lead to memory corruption.
Google Alerts Users to Actively Exploited CVE-2024-43093 Vulnerability in Android On November 5, 2024, Google issued a critical warning regarding a security vulnerability in the Android operating system, designated as CVE-2024-43093. This vulnerability involves privilege escalation within the Android Framework component, potentially allowing unauthorized access to sensitive directories, including “Android/data,”…
November 5, 2024 – Mobile Security / Vulnerability
Google has issued a warning regarding a security vulnerability in its Android operating system that is currently being actively exploited. Identified as CVE-2024-43093, this privilege escalation flaw affects the Android Framework component and may allow unauthorized access to the “Android/data,” “Android/obb,” and “Android/sandbox” directories, along with their subdirectories. While details on the exploitation methods remain limited, Google noted in its monthly report that there are signs of “limited, targeted exploitation.” Additionally, the company highlighted CVE-2024-43047, a previously patched security issue in Qualcomm chipsets, which is also being actively exploited. This particular vulnerability involves a use-after-free flaw in the Digital Signal Processor (DSP) Service, where successful exploitation could lead to memory corruption.
Nov 05, 2024
Mobile Security / Cyber Attack
A newly discovered Android banking malware, dubbed ToxicPanda, has already compromised over 1,500 devices, enabling cybercriminals to execute fraudulent transactions. According to Cleafy researchers Michele Roviello, Alessandro Strino, and Federico Valentini, “ToxicPanda’s primary aim is to facilitate money transfers from infected devices through account takeover (ATO) techniques, leveraging a method known as on-device fraud (ODF).” The malware is designed to circumvent banking security measures that verify user identity and authenticate transactions, along with behavioral detection strategies used by banks to flag suspicious money transfers. It is believed that ToxicPanda is linked to a Chinese-speaking threat actor and bears notable similarities to another Android malware called TgToxic, which can steal user credentials and deplete crypto wallets. TgToxic was first reported by Trend Micro in early 2023.
New Android Banking Malware ‘ToxicPanda’ Exploits Devices for Fraudulent Transactions November 5, 2024 Mobile Security / Cyber Attack A newly discovered strain of Android banking malware, named ToxicPanda, has reportedly compromised over 1,500 Android devices, enabling cybercriminals to execute unauthorized banking transactions. According to researchers Michele Roviello, Alessandro Strino, and…
Nov 05, 2024
Mobile Security / Cyber Attack
A newly discovered Android banking malware, dubbed ToxicPanda, has already compromised over 1,500 devices, enabling cybercriminals to execute fraudulent transactions. According to Cleafy researchers Michele Roviello, Alessandro Strino, and Federico Valentini, “ToxicPanda’s primary aim is to facilitate money transfers from infected devices through account takeover (ATO) techniques, leveraging a method known as on-device fraud (ODF).” The malware is designed to circumvent banking security measures that verify user identity and authenticate transactions, along with behavioral detection strategies used by banks to flag suspicious money transfers. It is believed that ToxicPanda is linked to a Chinese-speaking threat actor and bears notable similarities to another Android malware called TgToxic, which can steal user credentials and deplete crypto wallets. TgToxic was first reported by Trend Micro in early 2023.
This week in cybersecurity has shed light on critical vulnerabilities and significant criminal activity affecting major organizations. Precision is paramount in this field; minor oversights can cascade into enormous security breaches. In this context, notable incidents underline systemic issues, such as reliance on outdated tools, sluggish risk responses, and a…
