Android
-
Trapdoor Android ad fraud scheme hit millions of devices, researchers say
Researchers said Trapdoor used Android utility apps, hidden WebViews and HTML5 cashout domains to drive ad fraud at scale. Google removed the identified apps after disclosure, and the campaign had reached millions of downloads.
-
Google adds Android intrusion logging to help investigate spyware attacks
Google introduced an opt-in Android intrusion logging feature for suspected spyware cases. The encrypted logs are stored for 12 months, can be downloaded by users, and are rolling out to devices with the Android 16 December update and later.
-
Mirai-based xlabs_v1 botnet targets Android devices with exposed ADB
A Mirai-derived botnet called xlabs_v1 is targeting Android devices with exposed ADB services, using them for DDoS attacks and bandwidth-based profiling, according to a technical analysis from Hunt.io.
-
Google expands Android binary transparency to verify apps and modules
Google has expanded Android binary transparency for production apps and Mainline modules released after May 1, 2026, adding a public cryptographic ledger meant to confirm that device software matches what was intended to ship.
-
Google rolls out Android developer verification to all developers
Google is rolling out Android developer verification to all developers, with new identity checks for apps distributed outside Google Play. The move starts in four countries in September and expands globally next year.
-
Perseus Android banking malware enables device takeover and note theft
Perseus is a new Android banking trojan delivered through sideloaded IPTV apps that enables Accessibility based device takeover overlay attacks and extraction of notes and credentials, primarily targeting Turkey and Italy.
-
Google issues patches for 129 Android flaws including actively exploited Qualcomm zero day
Google released updates that fix 129 Android vulnerabilities, including an actively exploited zero day in a Qualcomm display component. The bulletin adds two March patch levels and addresses 10 critical flaws that can enable remote code execution.
-
Massiv Android trojan hides in IPTV droppers to enable device takeover and banking fraud
Researchers published a technical analysis of Massiv, an Android trojan spread as IPTV droppers that enables remote device takeover, screen streaming and overlays to steal banking credentials. Initial campaigns targeted Portugal and Greece in early 2025.
-
ZeroDayRAT spyware sold on Telegram enables live surveillance and financial theft on Android and iOS
A technical analysis by iVerify identified ZeroDayRAT, a commercial spyware platform sold on Telegram that targets Android and iOS. The malware enables live camera and microphone access, location tracking, account enumeration and clipboard wallet hijacking.
-
Android click-fraud trojans use TensorFlow.js to tap hidden browser ads
Android click-fraud trojans using TensorFlow.js analyze hidden WebView screenshots to tap ads. Infected apps were distributed through Xiaomi GetApps and third-party APK sites, causing battery drain and increased mobile data charges.
