this post was submitted on 26 Sep 2023
80 points (97.6% liked)

Android

17690 readers
38 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

🔗Universal Link: !android@lemdro.id


💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.


Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below


Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More


founded 1 year ago
MODERATORS
 
  • Security researchers found a new Xenomorph malware campaign aimed at Android users in multiple countries including the U.S. and Canada. It targets cryptocurrency wallets and various U.S. financial institutions.
  • Initially a banking trojan, Xenomorph has evolved to become more modular and flexible, with the ability to target over 400 banks. It also features an automated transfer system, MFA bypass, and cookie stealing.
  • The malware is distributed via phishing pages and embedded in legitimate Android apps. A new dropper named "BugDrop" was introduced to bypass Android 13 security features.
  • New functionalities include a "mimic" feature that allows it to act as another application, "ClickOnPoint" for simulating screen taps, and an "antisleep" system for prolonged engagement.
  • Collaboration with other potent Windows malware suggests the possibility of Malware-as-a-Service (MaaS). ThreatFabric analysts also discovered other malicious payloads like Medusa and Cabassous during their investigation.
you are viewing a single comment's thread
view the rest of the comments
[–] rhythmisaprancer@kbin.social 6 points 1 year ago* (last edited 1 year ago) (2 children)

My last (and first) smart phone lasted me for 6.5 years. It received one OS update, and stopped receiving any other updates about three years in. I was never concerned. My current phone is about 3.5 years old, didn't receive the OS update in May, and I wonder how long it will receive security updates.

Anyway, it's the sort of stuff like this article talks about, that I never heard of in 2017, that makes me wonder if I'll get another three years out of this device. Maybe with Lineage.

[–] Cat@kbin.social 4 points 1 year ago (1 children)

With Lineage OS, you probably can. It also seems to becoming more logical for common users to wipe and reinstall occasionally. Not that it is easy to do. It just seems like a lot of malware is hitting phones and that is likely to get worse.

[–] henfredemars@infosec.pub 2 points 1 year ago

I think it's important to keep in mind that LOS is a partial solution. Firmware blobs will go unmaintained, and abandoned source trees still remain abandoned even when minimally hacked up to build with a newer kernel.

We need hardware makers committing to some kind of update plan that keeps users safe over the long run at every level.