mobile malware Archives

AppWizard

March 28, 2025

PJobRAT Android RAT as Dating & Instant Messaging Apps Attacking Military Personnel

PJobRAT is an Android Remote Access Trojan (RAT) that re-emerged in 2023 with improved capabilities and a refined targeting strategy, previously known for attacking Indian military personnel in 2021. It is now targeting users in Taiwan through social engineering tactics, disguising itself as legitimate dating and messaging apps. The malware is distributed via compromised WordPress sites hosting fake applications like “SaangalLite” and “CChat.” The infection footprint is small, indicating highly targeted attacks rather than widespread campaigns. PJobRAT retains its core functionality of exfiltrating sensitive information, including SMS messages, contacts, and media files, while enhancing command execution capabilities. Upon installation, the malicious apps request extensive permissions to operate continuously in the background. The malware uses a dual-channel communication infrastructure, with Firebase Cloud Messaging (FCM) as the primary command channel and a secondary HTTP-based channel for data exfiltration to a command-and-control server. The campaign appears to have concluded, but the evolution of PJobRAT highlights the ongoing threat of sophisticated mobile malware targeting high-value individuals.

AppWizard

March 26, 2025

Malicious Android Apps Evade Detection: McAfee

Cybercriminals are using Microsoft’s .NET MAUI framework to create advanced Android malware that bypasses security measures and compromises user data. A study by McAfee researchers highlights a rise in malicious apps developed with this tool since its introduction in May 2022. These apps often impersonate legitimate applications, particularly from financial institutions, and are distributed through third-party websites or alternative app stores. One example is a counterfeit app mimicking the official IndusInd Bank app, targeting users in India to extract sensitive information. Another variant targets Chinese-speaking users by disguising itself as a social networking service. The malicious apps are designed to be subtle, with harmful code concealed as blob files within the assemblies directory, making detection difficult for antivirus solutions. Hackers use multi-stage dynamic loading, where the Android executable file is loaded in three stages, each encrypted until execution. They also manipulate the AndroidManifest.xml file by adding excessive permissions, complicating analysis and detection. Additionally, attackers replace standard HTTP requests with encrypted TCP socket connections to evade security software. These evolving tactics indicate a potential increase in similar mobile malware threats in the future.

AppWizard

March 25, 2025

Malicious Android Apps Hide in Plain Sight, Target Millions of Devices

A malicious Android app campaign called “Vapor” has been discovered, designed to trick users into revealing sensitive information through misleading ads. This campaign includes various apps posing as utilities, such as QR code scanners and health trackers, with over 60 million downloads collectively. It primarily targets users in Brazil, the United States, and Mexico. Some apps have evaded detection by not showing harmful behavior immediately after installation and by disguising themselves. They use tactics like inundating users with full-screen ads and employing scare tactics to prompt downloads of additional harmful apps. The campaign may be run by a single cybercriminal group or a coalition, utilizing shared malware development tools. Despite Google removing many harmful apps, new variants continue to emerge, highlighting the evolving nature of mobile malware.

Tech Optimizer

February 5, 2025

Avast Antivirus Statistics and Facts (2025)

Avast's global revenue for 2024 is projected to reach USD 950 million, with a growth rate of 4% compared to the previous year. The company has over 435 million active users globally, with 60% of its revenue coming from Europe and North America. Avast controls 6.5% of the global antivirus market and ranks among the top five providers in the cybersecurity industry. Its VPN services, using AES-256-bit encryption, saw a 12% increase in subscriptions. Additionally, 80% of Avast's products integrate AI and machine learning, and mobile security products account for 20% of its total revenue. Avast has raised USD 100 million in funding, bringing its valuation to USD 2,865.9 million, and partnerships with major tech companies contribute 10% of its total revenue. The company employs more than 1,800 individuals and has around 9 million weekly active users. Avast prevents nearly 1.5 billion attacks each month and has users in 59 countries. A total of 859 companies utilize Avast for organizational cybersecurity solutions, and the software is available in 45 different languages. Avast offers a 30-day free trial and has a highly accurate antivirus solution, with a 94.2% offline detection rate and a 99.5% online detection rate. Avast is compatible with Windows, macOS, Android, and iOS, and provides a 30-day money-back guarantee. The software features include real-time protection, Wi-Fi Inspector, CyberCapture, and email shield. Paid plans range from INR 4,144.79 (USD 49.99) to INR 6,632.17 (USD 79.99) per year. In Q1 2024, social engineering attacks were identified as the biggest threat, with scams increasing by 61% on mobile and 23% on desktop. Avast's global risk ratio was 31%, with a total of 3.52 billion blocked attacks. The company secured the fourth position in the antivirus market, with 8% paid users and 18% free users. As of July 2024, avast.com had 14.1 million visits, with the United States contributing 20.1% of the traffic. Male users made up 62.93% of visitors, and the highest percentage of users were aged 25 to 34. Organic search generated the highest traffic rate, accounting for 45.9%, while YouTube was the leading source of social media referrals.

Tech Optimizer

February 5, 2025

Avast Antivirus Statistics and Facts (2025)

Avast has a user base exceeding 435 million globally and employs over 1,800 individuals. The company’s projected global revenue for 2024 is USD 950 million, with approximately 60% generated from Europe and North America. Avast commands 6.5% of the global antivirus market and has raised USD 100 million in funding, elevating its valuation to USD 2,865.9 million. The software prevents nearly 1.5 billion attacks each month and operates in 59 countries. It is available in 45 languages and competes with brands like Symantec and McAfee. Avast's antivirus solution has a 94.2% offline detection rate and a 99.5% online detection rate. Paid plans range from INR 4,144.79 (USD 49.99) to INR 6,632.17 (USD 79.99) annually. In Q1 2024, Avast blocked 3.52 billion attacks, with social engineering attacks being the predominant threat. The website avast.com recorded 14.1 million visits in July 2024, with the United States accounting for 20.1% of total traffic. Organic search generated 45.9% of total visits, and YouTube was the leading social media referral source.

AppWizard

February 2, 2025

Google Blocks Over 2 Million Risky Apps to Boost Android Security

In 2024, Google blocked 2.36 million potentially dangerous Android apps from the Play Store, including those that breached policies or were flagged as malicious through AI-assisted reviews. New security features included improved biometric authentication and passkeys. AI-driven threat detection technology automated 92% of human assessments, enhancing the identification of malicious apps. Google expanded its Play SDK database with 80 new reliable SDKs and prevented 1.3 million apps from accessing sensitive user information. The Play Protect system detected over 13 million new malicious apps from outside the Play Store. Google expanded its untrusted APK installation blocking system to Brazil, India, Nigeria, and South Africa. Recommendations for users included installing apps from trusted sources and regularly reviewing app permissions.

AppWizard

October 17, 2024

Google Play distributed over 200 malicious apps with over 8 million downloads

The Google Play Store distributed over 200 malicious applications that collectively garnered more than 8 million downloads. These apps, categorized as tools, personalization, photography, productivity, and lifestyle, contained threats such as info-stealers, adware, loan installers, and banking trojans. The malicious apps were active from June 2023 to April 2024, with India and the United States being the most targeted regions. There has been a rise in spyware infections, particularly affecting the education sector. Attackers have employed a method called “versioning” to push malware through app updates, evading security measures.