Tag: Android

  • New Research Unveils ChoiceJacking Threat Amid Juice Jacking Defenses

    New Research Unveils ChoiceJacking Threat Amid Juice Jacking Defenses

    In a groundbreaking study, researchers have identified a new attack method known as ChoiceJacking, which exploits vulnerabilities in the defenses against juice jacking on both iOS and Android platforms. This attack poses a significant risk to mobile device security, allowing malicious chargers to autonomously spoof user input and access sensitive data without user consent.

    The term “jujce jacking” originated a decade ago during a Defcon security conference, where the potential for malicious chargers to steal data became evident. Apple and Google implemented countermeasures requiring user confirmation before a charger could access a device’s files. However, this new research reveals that these defenses have fundamental flaws that attackers can easily bypass.

    The Graz University of Technology’s findings indicate that the underlying assumption of USB protocols—that attackers cannot inject input events while establishing a data connection—is incorrect. Their research presented at the upcoming Usenix Security Symposium outlines three methods by which ChoiceJacking can circumvent traditional juice jacking defenses.

    Reacting to the alarming findings, Apple has made changes to their iOS confirmation dialogs, which now require user authentication via PIN or password. Google updated its security measures in Android version 15 as part of an ongoing effort to bolster mobile security. Nonetheless, the fragmented nature of the Android ecosystem leaves many devices vulnerable to these types of attacks.

    In light of these revelations, tech experts are urging users to remain cautious, particularly when using public charging stations. Federal authorities have consistently warned against the risks associated with public charging, and while practical attacks have not been documented, the emergence of ChoiceJacking calls for increased awareness among consumers.

    The vulnerabilities related to ChoiceJacking are documented as CVE-2025-24193 for Apple and CVE-2024-43085 for Google, among others. Despite the patching efforts by major manufacturers, many Android devices remain at risk, especially for those with USB debugging enabled, offering potential routes for attackers to gain deeper access to user data.

  • New SuperCard X Malware Targets Android Devices in NFC Relay Attacks

    New SuperCard X Malware Targets Android Devices in NFC Relay Attacks

    A new malware-as-a-service (MaaS) platform named ‘SuperCard X’ is emerging as a significant threat, specifically targeting Android devices through NFC relay attacks. This malware enables point-of-sale and ATM transactions using compromised payment card data, raising concerns among cybersecurity experts. As reported by mobile security firm Cleafy, SuperCard X is linked to Chinese-speaking threat actors and exhibits similarities to the open-source project NFCGate, as well as its malicious derivative, NGate, which has seen usage in Europe since last year.

    The distribution of SuperCard X is facilitated through Telegram channels, which not only promote the platform but also provide direct support to users. In Italy, attacks utilizing this malware have reportedly been documented, with various samples showcasing subtle distinctions, suggesting that affiliates are offered tailored builds for regional preferences or needs.

    The modus operandi of the SuperCard X attack begins with victims receiving fraudulent messages, often via SMS or WhatsApp, impersonating their bank. These messages prompt victims to call a provided number to resolve so-called transaction issues. Responding to the call, victims are met by scammers masquerading as bank representatives who use social engineering techniques to extract sensitive information such as card numbers and PINs. Subsequently, victims are persuaded to download a malicious application disguised as a security tool, which ultimately contains the SuperCard X malware.

    Once activated, this malware requires minimal permissions, primarily access to the NFC module, allowing it to capture sensitive card information. The attackers then instruct victims to tap their payment cards against their phones, facilitating data theft, which is conducted with alarming efficiency. The captured data is sent to the attackers who utilize another application called Tapper to emulate the victim’s card, enabling them to carry out unauthorized contactless payments.

    According to Cleafy, the SuperCard X malware has evaded detection on existing antivirus platforms, making it a sophisticated threat. Notably, its use of mutual TLS (mTLS) for securing communications enhances its resilience against interception, complicating efforts by law enforcement and researchers to analyze its operations. In light of the rise in such malware, a spokesperson from Google reassured users that no apps with this malware are currently found on the Google Play store, emphasizing that Android users benefit from protections like Google Play Protect, which warns of potential malicious activities.

  • Russian Authorities Arrest Suspects Behind Mamont Banking Trojan

    Russian Authorities Arrest Suspects Behind Mamont Banking Trojan

    Russian authorities have arrested three individuals suspected of developing the Mamont malware, a recently identified banking trojan targeting Android devices. The arrests were made in the Saratov region, with the identities of the suspects remaining undisclosed. A video released by the Russian Ministry of Internal Affairs (MVD) shows the arrested individuals in handcuffs being escorted by police officers.

    According to the MVD, the arrested suspects are linked to over 300 cybercrime incidents, leading to the seizure of computers, storage devices, communication tools, and bank cards. The Mamont malware, which is typically delivered through Telegram channels, is disguised as legitimate mobile apps or video files, posing significant risks to victims.

    Once installed on a victim’s device, the malware enables criminals to transfer funds from the victim’s bank account via SMS banking services. The stolen money is directed to phone numbers and electronic wallets controlled by the culprits. Additionally, the malware can collect data about the infected device and exfiltrate messages regarding financial transactions to the attackers’ Telegram channel.

    In one concerning scheme, Mamont scammers set up fake online stores with attractively priced products. After a victim places an order, they send a malicious file disguised as an order tracker through a private Telegram channel, misleading the victim into installing it. In response to the escalating threat of SMS-based fraud, Russian lawmakers announced in February that they are drafting a bill to limit SMS sending during phone calls.

    Authorities noted that criminals frequently impersonate officers from law enforcement, the Russian postal service, hospitals, and other institutions to extract SMS codes from potential victims. The proposed legislation aims to ensure that SMS messages will only be delivered after a phone call has ended, potentially reducing the risk of such fraudulent activities.