Android malware is something we’ve seen spreading and evolving for the past couple of years as smartphones became an essential part of our lives. Few users are aware of how Android malware works. Few understand their complexity or the amount of data they can pillage from handsets. As such, we decided to come up with a short series of articles to take apart some of the most common and potentially dangerous A...

Several of the most popular Android apps are skimming users’ phone numbers, e-mail addresses and other data and uploading it to third party servers that belong to companies specialized in advertising to Android users, according to a Bitdefender analysis. Paradise Island, Love Calculator, Samsung TV Media Player are among the popular apps that have adopted this practice, taking sensitive user data and upload...

The highly-popular alternative Android ROM known as Cyanogen Mod has been discovered to log lock-screen swipe gestures, according to developer Gabriel Castro. Cyanogen Mod, one of the most spectacular developments of alternative ROMs for Android phones, runs on more than 2.5 million devices worldwide. Cyanogen Mod 9 Lockscreen. The unlock pattern gets logged locally The committed code on the project’s space...

Android malware has undergone explosive growth over the past two years. With a phenomenal multiplication percentage written in four-figure numbers every 12 months and claiming more and more victims worldwide, it has become so prominent that its caught the attention of the Internet Crime Complaint Center (IC3)  - a taskforce including the FBI, among others. Link to the Bitdefender Mobile Security on Google P...

Bitdefender Labs recently analyzed an Android app that collects geolocation data, device IDs, email addresses and more. Although no longer available in the official store, the app lures users with the promise of access to a comprehensive Japanese database with advanced queries based on name, location and even phone numbers. While the application looks legit and promises access to a database of 38 million co...

An Android-based network that integrates Google Street View data with spoofed GPS coordinates will aid researchers in studying malware propagation over Wi-Fi or Bluetooth. Researchers at Sandia National Laboratories in California believe the Android network will provide real-time information on how people behave in case of disaster or terrorist attacks. MegaDroid will help identify security problems and set...

Mobile application developer RIIS has released a code obfuscation tool for locking down the Java source code used for developing Android software that will allegedly prevent reverse-engineers from decompiling applications written for the popular Linux-based mobile platform. Even if these tools are usually pitched at developers who try to protect their intellectual property from prying eyes, the tool – HoseD...

Bitdefender Labs has released Bitdefender USSD Wipe Stopper to protect Android users from a USSD attack. The app detects when a USSD code is accessed and notifies the user he’s about to trigger a potentially harmful USSD code. The Android dialer this week was found vulnerable to a remote wipe attack by means of passing specialized strings of characters with a certain prefix to the phone’s dialer. The attack...

Security researchers from Intrepidus Group have demonstrated a vulnerability at the EUSecWest security conference in Amsterdam that lets San Francisco public transportation users travel for free. According to the researchers, the contactless fare cards in the New Jersey and San Francisco transit systems use the Mifare Ultralight chip that allows anyone to rewrite the card as needed. The system relies on a s...

A team of Android security experts successfully hacked a Samsung Galaxy S3 by revealing two Android exploits at the Mobile Pwn2Own competition at EUSecWest in Amsterdam. A memory corruption exploit was triggered via Near Field Communication, enabling researchers to upload malicious code and access secure data. The second exploit found involved privilege escalation by enabling an app to execute malicious cod...