Hackers pushing nation-state-style surveillance malware recently scored a major coup by getting three advanced malicious applications hosted in Google's official Play marketplace, researchers said. Google removed the apps after receiving notification of their presence.
CS Digest Section: Mobile Security
U.S. Bans American Companies From Selling to Chinese Phone Maker ZTE
The U.S. Department of Commerce has banned American companies from selling components to leading Chinese telecom equipment maker ZTE Corp for seven years for violating the terms of a sanctions violation case, U.S. officials said on Monday.
Monero-Mining HiddenMiner Android Malware Can Potentially Cause Device Failure
New Android malware that can surreptitiously use the infected device's computing power to mine Monero. Trend Micro detects this as ANDROIDOS_HIDDENMINER. This Monero-mining Android app's self-protection and persistence mechanisms include hiding itself from the unwitting user and abusing the Device Administrator feature (a technique typically seen in SLocker
Calendar 2 Made $2K in 3 Days Mining Cryptocurrency, but Apple Says it Violated Mac App Store Guidelines
"Yesterday, we reported on a macOS app called Calendar 2 that seemingly added cryptocurrency mining as an alternative to paying for premium features. At the time, the app's developers, Qbix, had made the decision to remove the feature from the app. The company now tells us, however, that Apple ended up pulling the app from the Mac App Store for violating its
https://9to5mac.com/2018/03/13/crypto-mining-calendar-app-ios/
The Feds Can Now (Probably) Unlock Every iPhone Model In Existence — UPDATED
In what appears to be a major breakthrough for law enforcement, and a possible privacy problem for Apple customers, a major U.S. government contractor claims to have found a way to unlock pretty much every iPhone on the market.
This New Text Bomb Crashes Most Mac and iOS Spps with a Single Unicode Symbol
During their development work on an international news feed, software engineers at Aloha Browser discovered two unicode symbols in a non-English language that can crash any Apple device that uses Apple's default San Francisco font. The bug instigates crashes on iPhones, iPads, Macs and even Watch OS devices that display text containing the symbol on their
https://techcrunch.com/2018/02/15/iphone-text-bomb-ios-mac-crash-apple/
The FBI, CIA and NSA say American Citizens Shouldn’t use Huawei Phones
U.S. intelligence agencies have issued a stern warning to Americans: Do not buy smartphones made by Chinese tech companies Huawei or ZTE.
http://money.cnn.com/2018/02/14/technology/huawei-intelligence-chiefs/
Found: New Android Malware with Never-Before-Seen Spying Capabilities
Last year, researchers found what at the time was quite possibly the world's most sophisticated espionage app ever written for the Android mobile operating system. Now, in a discovery that underscores the growing arms race among competing malware developers, researchers have uncovered a new Android spying platform that includes location-based audio recording
OnePlus Says up to 40,000 Customers Were Affected by Credit Card Security Breach
OnePlus has announced that up to 40,000 customers were affected by the security breach that caused the company shut down credit card payments for its online store earlier this week. The information is the result of an ongoing investigation with a third-party security agency into the breach that caused customers' credit card information to be stolen while
Google Awards Record $112,500 Bounty for Android Exploit Chain
Prolific bug hunter Guang Gong has earned the highest-ever payout for a vulnerability in the history of Google's Android Security Rewards program, which began in 2015. He earned a combined $112,500 for the disclosure of an Android exploit chain impacting Google's Pixel handset that could allow an attacker to inject arbitrary code via a malicious URL accessed
https://threatpost.com/google-awards-record-112500-bounty-for-android-exploit-chain/129519/
