Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA
This post explores how the attackers attempt to gain a foothold into target networks before briefly describing the malware families used.
Posts tagged with: Google
A New Trend in Android Adware: Abusing Android Plugin Frameworks
Unit 42 researchers uncover aggressive adware abusing third-party DroidPlugin framework on Android.
PluginPhantom: New Android Trojan Abuses “DroidPlugin” Framework
Recently, we discovered a new Google Android Trojan named “PluginPhantom”, which steals many types of user information including: files, location data, contacts and Wi-Fi information. It also takes pictures, captures screenshots, records audios, intercepts and sends SMS messages. In addition, it can log the keyboard input by the Android accessibility service, acting as a keylogger.
Get updates on Unit 42
Sign up to receive the latest news, cyber threat intelligence and research from Unit 42
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.
Android Installer Hijacking Vulnerability Could Expose Android Users to Malware
Executive Summary We discovered a widespread vulnerability in Google’s Android OS we are calling “Android Installer Hijacking,” estimated to impact 49.5 percent of all current Android users. In detail: Android Installer Hijacking allows an attacker to modify or replace a seemingly benign Android app with malware, without user knowledge. This only affects applications downloaded from
Bad Certificate Management in Google Play Store
Following a recent study of apps in the Google Play Store, let’s discuss several security risks caused by the bad certificate management practiced in many Android apps, from social to mobile banking. All Android apps must be digitally signed with a certificate from the developer. As described in Google’s official document, the app developer is