camera access Archives

AppWizard

March 11, 2026

New BeatBanker Android malware poses as Starlink app to hijack devices

A newly identified Android malware called BeatBanker disguises itself as a Starlink application on fake Google Play Store websites. It functions as a banking trojan and includes Monero mining capabilities, allowing it to steal credentials and manipulate cryptocurrency transactions. Researchers at Kaspersky traced BeatBanker to campaigns targeting users in Brazil. The latest version uses the BTMOB RAT for remote access, enabling keylogging, screen recording, camera access, GPS tracking, and credential capture. BeatBanker is distributed as an APK file that decrypts and loads hidden code into memory, conducting environment checks before activation. It presents a fake Play Store update screen to trick users into granting permissions for additional payloads. To avoid detection, it delays malicious operations and plays a nearly inaudible MP3 file to maintain persistent activity. The malware uses a modified version of the XMRig miner to mine Monero on Android devices, connecting to mining pools through encrypted TLS connections. It can start or stop mining based on device conditions and uses Firebase Cloud Messaging to relay device information to its command-and-control server. Currently, BeatBanker infections have only been observed in Brazil, but there are concerns about its potential spread. Users are advised to avoid side-loading APKs from untrusted sources and to review app permissions regularly.

Tech Optimizer

October 7, 2025

New Fully Undetectable FUD Android RAT Discovered and Publicly Released for Download on GitHub

A new Android Remote Access Trojan (RAT) has appeared on GitHub, described as fully undetectable and capable of bypassing advanced permission and background process restrictions in customized Chinese ROMs like MIUI and EMUI. This malware utilizes a multi-layer dropper to integrate its payload within legitimate applications, allowing it to overcome autostart restrictions and battery optimization features. Upon installation, it escalates privileges to gain comprehensive access to the device, using AES-128-CBC encryption for command-and-control communication to evade detection. The RAT can record and delete call logs, intercept voice calls, manipulate SMS messages, and capture keystrokes through a keylogger. It also has capabilities for live screen captures, camera access, audio and video recording, and clipboard hijacking. Additionally, it can encrypt files and lock the device, demanding a ransom for access. The malware employs social engineering tactics, such as spoofed notifications and phishing prompts, to facilitate credential theft. Its persistence mechanisms allow it to operate with minimal resource usage, making detection difficult. The attacker interface is web-based, enabling control from any standard browser without specialized infrastructure. The public release of this RAT raises concerns about the misuse of open-source repositories for distributing malicious tools, prompting calls for stricter oversight on platforms like GitHub.

AppWizard

September 12, 2025

AI App Spies on Android Users via Unauthorized Mic and Camera Access

An application designed for voice dictation and automated note-taking has been accused of unauthorized surveillance by accessing microphone and camera functionalities even when not in use. This behavior allows for the collection of data from ambient conversations, raising concerns about user privacy and consent. The app circumvents standard user notifications by embedding surveillance capabilities within seemingly innocuous updates. Indicators of potential surveillance include unusual battery drain, unexpected spikes in data usage, and apps requesting unrelated permissions. Economic motivations drive the collection of data for targeted advertising and machine learning, prioritizing profit over user privacy. In response, tech companies like Google are tightening controls, increasing Play Protect scans, while experts recommend enabling two-factor authentication and auditing app permissions.

AppWizard

August 28, 2025

Malicious Android App Uses Fake Antivirus Front to Spy on Russian Users

A new strain of Android malware, identified as Android.Backdoor.916.origin, is being distributed through an app called GuardCB, which poses as a security application. The app, with a Russian interface and a logo resembling that of the Central Bank of Russia, requests extensive permissions, including device location, microphone and camera access, messages and call logs, contacts, and administrator rights. It also seeks access to popular applications like WhatsApp, Telegram, Chrome, Gmail, and Yandex. The malware enables hackers to stream live video and audio, capture images, access stored files, monitor keystrokes, and track communications and geolocation in real time. The app conducts simulated antivirus scans and generates fake threat results to reassure users while compromising their security. There are no confirmed links to specific actors or espionage activities, but the malware's extensive permissions and targeted nature raise concerns about potential state involvement amidst escalating cyber conflicts in the region.

AppWizard

August 20, 2025

Fake Antivirus App Spreads Android Malware to Spy on Russian Users

Cybersecurity experts at Doctor Web have identified a new variant of Android malware called Android.Backdoor.916.origin, active since January 2025. This malware can eavesdrop on conversations, steal messages, stream video, and log keystrokes. It targets Russian business representatives rather than average users, being distributed through direct messages as a fake antivirus app named GuardCB, which mimics the Russian Central Bank's emblem. The app requests extensive permissions, including geolocation, audio recording, camera access, and SMS data, and can function as a keylogger. It is designed for persistence, launching background services and communicating with multiple command-and-control servers. The malware can livestream audio, broadcast video, capture text, and upload contacts and call history. It exploits Android’s Accessibility Service to capture keystrokes and prevent uninstallation. The interface is exclusively in Russian, indicating it is specifically designed for a targeted group. Users in Russia are advised to download applications only from trusted sources to mitigate risks.

AppWizard

August 18, 2025

Confirmed—These 20 popular Android apps are accessing your microphone, location and files without you knowing it… and thus spying on you

A study by Which? and Hexiosec analyzed 20 popular Android apps, revealing that many request excessive permissions beyond their core functionalities. Notably, Xiaomi Home requested 91 permissions, Samsung SmartThings 82, Facebook 69, and WhatsApp 66. TikTok and Temu also raised concerns for their permission requests, while Amazon defended its need for camera access for product scanning. Additionally, 16 of the tested apps attempted to display pop-up windows over other applications, indicating aggressive monitoring tactics. Users are advised to check app permissions, set them manually, deactivate background access, download official apps, and keep their devices updated to protect their privacy.

AppWizard

July 28, 2025

Alert for Android users: Experts say these apps could be spying on you

A comprehensive investigation by Which? and Hexiosec analyzed 20 popular Android applications, revealing that all request permissions that could compromise user privacy. The Xiaomi Home app had the highest number of permission requests at 91, followed by Samsung SmartThings with 82, Facebook with 69, and WhatsApp with 66. While some permissions are necessary for functionality, the excessive requests raise concerns about digital surveillance. TikTok faced scrutiny for its audio recording and device file access requests, while Temu was criticized for excessive promotional emails linked to its location access. Amazon defended its camera access requests as enhancing user experience, and Meta stated that its apps do not use the microphone without user involvement. The investigation highlights the trade-off between free services and the collection of personal data.

AppWizard

July 12, 2025

New Android TapTrap attack fools users with invisible UI trick

A new tapjacking technique called TapTrap can exploit user interface animations on Android devices, bypassing the permission system and potentially allowing access to sensitive data or harmful actions. TapTrap operates with zero-permission applications, layering a transparent activity over a malicious one. This vulnerability exists in both Android 15 and 16. Developed by researchers from TU Wien and the University of Bayreuth, TapTrap manipulates activity transitions using custom low-opacity animations, making risky prompts nearly invisible to users. An analysis of nearly 100,000 apps revealed that 76% are vulnerable to TapTrap due to specific conditions related to activity launching and animation handling. The attack has been confirmed on Android 16, including tests on a Google Pixel 8a. GrapheneOS has acknowledged its vulnerability to TapTrap and plans to include a fix in its next release. Google is aware of the issue and intends to address it in a future update.

AppWizard

July 9, 2025

TapTrap Android Exploit Allows Malicious Apps to Bypass Permissions

A new Android vulnerability named TapTrap allows malicious applications to bypass the operating system's permission system without requiring special permissions. It exploits activity transition animations to mislead users into granting sensitive permissions or executing harmful actions. Researchers from TU Wien analyzed 99,705 applications on the Google Play Store and found that 76.3% are susceptible to this attack. TapTrap uses low-opacity animations (approximately 0.01 alpha) to make sensitive permission dialogs nearly invisible while still registering touch events. The attack can last up to six seconds and can lead to unauthorized access to critical functionalities like the camera and microphone, and even device administrator privileges. TapTrap bypasses existing defenses against tapjacking in Android, affecting popular web browsers as well. A user study showed that all participants failed to detect at least one variant of the attack. As of June 2025, Android 15 remains vulnerable, with no timeline for a comprehensive fix. The vulnerability has been assigned two CVEs, and researchers disclosed their findings to Google in October 2024. They propose solutions to mitigate the risks, including blocking touch events during low-opacity animations and setting an opacity threshold of 0.2.

AppWizard

July 9, 2025

Researchers Warn: This Android Animation Glitch Lets Apps Spy, Snap, and Steal… Undetected

A technique for Android devices called TapTrap allows malicious applications to intercept user taps without requiring special permissions. It uses transparent screen transitions to mislead users into triggering hidden actions. Devices running Android versions 15 and 16 are particularly vulnerable. TapTrap operates by overlaying a nearly transparent screen on top of another application, making it appear as if users are interacting with one app while their taps are registered by the hidden screen. A study of around 100,000 Android applications revealed that approximately 76 percent contained screens vulnerable to TapTrap. The researchers successfully executed the attack on a Google Pixel 8a running Android 16. Google has acknowledged the issue and plans to include a fix in a future software update, but no specific timeline has been provided. Users can enhance their security by disabling animations in their system settings.