ad fraud
-
Trapdoor Android ad fraud scheme hit millions of devices, researchers say
Researchers said Trapdoor used Android utility apps, hidden WebViews and HTML5 cashout domains to drive ad fraud at scale. Google removed the identified apps after disclosure, and the campaign had reached millions of downloads.
-
Researchers link AI-driven Pushpaganda scam to Google Discover ad fraud
Researchers say a new ad fraud campaign used AI-generated content and Google Discover to push users toward notification-based scams. The operation, dubbed Pushpaganda, was tied to 113 domains and about 240 million bid requests in seven days.
-
Phishing campaign targets TikTok for Business accounts with bot-blocking pages
A phishing campaign is targeting TikTok for Business accounts with bot-blocking pages that redirect through Google Storage and use a Cloudflare Turnstile check, then present fake login pages designed to capture credentials and session cookies.
-
Keenadu firmware backdoor found in Android tablets, 13,715 users encountered
Kaspersky’s technical analysis found Keenadu, a firmware backdoor embedded in libandroid_runtime.so on Android tablets. Telemetry shows 13,715 users encountered the malware, which can inject into every app and bypass Android sandboxing.
-
Microsoft disrupts RedVDS cybercrime subscription service in U.S. and U.K. action
Microsoft executed coordinated legal action in the U.S. and U.K. to seize RedVDS infrastructure and take its sites offline. RedVDS activity has driven about US $40 million in reported U.S. fraud losses since March 2025.
-
SEC Charges Multiple Firms Over $14 Million Artificial Intelligence Crypto Scam
The U.S. Securities and Exchange Commission has charged several firms and investment clubs in an alleged AI-themed cryptocurrency scam that defrauded retail investors of more than $14 million, accusing operators of using WhatsApp groups and fake trading platforms to solicit funds.
-
India orders messaging apps to require active SIM and periodic web re‑authentication
India’s telecom regulator has ordered messaging apps to bind accounts to an active SIM and force six‑hour web session logouts, citing risks from long‑lived sessions and cross‑border fraud; providers have 90 days to comply.
-
FBI says cybercriminals stole $262 million in account-takeover schemes since January
The FBI said cybercriminals impersonating banks have stolen more than $262 million in account-takeover attacks since January, with the IC3 receiving over 5,100 complaints; attackers use phishing, social engineering and fraudulent websites to capture credentials and move funds to cryptocurrency wallets.
-
French childcare payroll service reports data breach affecting up to 1.2 million people
Pajemploi said a cyberattack detected on November 14 may have exposed personal data for up to 1.2 million employees using its service, including names, birthplaces, addresses and social security numbers; the agency said IBANs, emails and phone numbers were not accessed and affected individuals will be notified.
-
Europol urges coordinated EU response as caller ID spoofing drives phone and text fraud
Europol says caller ID spoofing is driving much of Europe’s phone and text fraud, estimating EUR 850 million in annual losses and calling for EU-wide technical standards, an international traceback system and aligned legal frameworks to improve cross-border investigations.
