mobile payment Archives

AppWizard

November 8, 2025

‘Dangerous’ mobile apps on Google Play hit 42 million Android users, India top target: Report – The Times of India

A report from Zscaler reveals a significant increase in mobile security threats, with hundreds of malicious applications on the Google Play Store totaling over 42 million installs. Mobile malware has risen by 67% year-over-year, primarily due to spyware and banking malware. India is the most affected country, accounting for 26% of all mobile attacks, representing a 38% increase from the previous year. The United States leads in IoT attacks, responsible for 54% of such incidents. The energy sector has experienced a 387% increase in attacks, while manufacturing and transportation account for over 40% of total IoT malware incidents. Hackers are shifting focus from card fraud to exploiting mobile payment systems.

AppWizard

November 6, 2025

Productivity and Workflow Apps Target for Android Malware and IoT Attacks: Study

- There has been a 67% year-over-year increase in malware aimed at mobile devices. - A 387% rise in IoT and OT attacks has been observed, particularly in the energy sector. - Researchers identified 239 malicious applications on the Google Play Store, which collectively had 42 million downloads. - A significant amount of malware was found in the "Tools" category, where malicious apps disguised themselves as legitimate productivity tools. - The manufacturing sector is a primary target for mobile and IoT attacks, with manufacturing and transportation industries accounting for 20.2% of all observed IoT malware attacks. - Mobile attacks are primarily concentrated in India, the United States, and Canada, with the U.S. being the epicenter for IoT threats, accounting for 54% of incidents. - India leads in mobile attacks at 26%, followed by the U.S. at 15% and Canada at 14%, with India experiencing a 38% increase in mobile threat attacks compared to the previous year. - There is a shift from card-focused fraud schemes to mobile payment methods among threat actors.

AppWizard

November 5, 2025

Beware: 239 Dangerous Android Apps Found on Google Play with 40M+ Installs

Cybersecurity threats targeting mobile devices and critical infrastructure have significantly increased, with Zscaler's research revealing that 239 malicious Android applications on the Google Play Store have been downloaded 42 million times. The energy sector has experienced a 387% rise in cyberattacks compared to the previous year. Malicious applications often disguise themselves as legitimate tools, exploiting user trust, especially in hybrid and remote work environments. There has been a 67% year-over-year increase in Android malware transactions, with spyware and banking malware posing significant risks. The manufacturing and transportation sectors accounted for 20.2% of all observed IoT malware attacks, with a shift in focus from manufacturing to include transportation. Approximately 40% of blocked transactions were linked to the Mirai malware family, while Mozi has become the second most prevalent. Geographically, India is the top target for mobile attacks (26%), followed by the United States (15%) and Canada (14%). The U.S. also leads in IoT malware incidents at 54%. New threats include Android Void malware, affecting 1.6 million Android TV boxes, and Xnotice, a Remote Access Trojan targeting job seekers in the oil and gas industry. Adware now represents 69% of mobile threats, surpassing the Joker malware family.

AppWizard

November 4, 2025

Malicious Android apps on Google Play downloaded 42 million times

The Android ecosystem has seen a significant rise in malicious applications, with over 40 million harmful apps downloaded from Google Play between June 2024 and May 2025. There has been a 67% year-over-year increase in malware targeting mobile devices, particularly spyware and banking trojans. Cybercriminals are shifting tactics from card fraud to mobile payment exploitation, employing phishing, smishing, SIM-swapping, and payment scams. Banking malware transactions reached 4.89 million in 2025, with a slowed growth rate of 3%. Malicious applications increased from 200 to 239, totaling 42 million downloads, with adware now accounting for 69% of all detections. Spyware has surged by 220% year-over-year, with India, the U.S., and Canada being the most affected countries. Notable malware families include Anatsa, which targets financial institutions, Android Void (Vo1d), which affects Android TV boxes, and Xnotice, which targets job seekers. IoT devices, particularly routers, are also being exploited, with the majority of attacks occurring in the U.S. Zscaler recommends implementing security measures such as regular updates, trusting reputable publishers, and adopting zero-trust technology for organizations.

AppWizard

October 30, 2025

More Than 700 Malicious Android Apps Using NFC Relay to Exfiltrate Banking Credentials

Cybersecurity researchers at zLabs have identified over 760 malicious Android applications that exploit Near Field Communication (NFC) and Host Card Emulation (HCE) technologies to steal payment data and facilitate fraudulent transactions. Since April 2024, these applications have evolved into a coordinated global operation targeting financial institutions in countries such as Russia, Poland, the Czech Republic, Slovakia, and Brazil. The threat actors have established around 70 command-and-control servers and use Telegram bots for data exfiltration. The malicious apps impersonate about 20 legitimate entities, focusing on Russian banks and international institutions like Santander and Google Pay. They utilize various strategies to compromise payment credentials, including scanner and tapper tools, and employ simplified interfaces resembling legitimate banking portals. The malware activates a Host Card Emulation service during NFC payment events for real-time data relay. To evade detection, the threat actors use name masquerading, code obfuscation, and software packing techniques. This campaign represents a significant escalation in NFC-based financial fraud, highlighting the risks associated with NFC payment privileges.

AppWizard

September 13, 2025

CBE, banks to launch card tokenization on Android mobile apps

The Central Bank of Egypt (CBE) is collaborating with local banks to introduce card tokenization services for mobile applications on Android devices, following a similar launch on Apple Pay. This initiative involves partnerships with Visa, Mastercard, and Egypt’s national payment system, Meeza, to enhance digital financial transactions and consumer confidence. As of December 2024, there are over 41.5 million Meeza national cards and 50.4 million mobile wallet accounts, which facilitated 1.1 billion transactions totaling EGP 1.54 trillion in the latter half of 2024. The CBE is also upgrading Egypt’s instant payments network, InstaPay, to improve user experience and efficiency.

AppWizard

July 24, 2025

Russia’s new messenger replacing WhatsApp will snoop on citizens??

Moscow is set to launch a new device in September that will come with a pre-installed messaging application called Max, aimed at enhancing government surveillance of citizens. This development follows indications that WhatsApp, used by about 70% of the Russian population, may be forced to cease operations in Russia due to new legislation. The Max app is expected to serve as a surveillance tool for the FSB, providing communication, government services, and mobile payment options, thereby increasing government oversight in digital interactions.

AppWizard

July 24, 2025

Russia Launches An App That Could Spy On Its Citizens, Likely To Ban WhatsApp

Russia will launch a new digital device featuring a messenger app named Max in September, which will include messaging, video calls, government services, and mobile payment options. The app will be pre-installed on all new devices in the country, and its servers will be located in Russia, potentially allowing the FSB access to user data. Experts express concerns that Max may facilitate state surveillance and could lead to the banning of global messaging platforms like WhatsApp. The development of Max is reportedly linked to President Vladimir Putin's orders and reflects the Kremlin's ongoing efforts to monitor digital communications and assert control over the online environment in Russia.

AppWizard

July 8, 2025

Jack Dorsey’s new messaging app works without internet. What is Bitchat?

Jack Dorsey has introduced Bitchat, a messaging app that operates without internet connectivity by using Bluetooth technology for direct messaging. The beta version is available via TestFlight, and a white paper is accessible on GitHub. Bitchat functions as a peer-to-peer platform, leveraging Bluetooth mesh networks to allow users to exchange encrypted messages without requiring internet access, central servers, phone numbers, or email addresses. Messages can travel up to 300 meters by relaying through other devices. All messages are stored on users' devices, disappear by default, and do not pass through central servers, prioritizing user privacy and resistance to censorship. Bitchat allows for group chats called “rooms” and includes a feature for saving messages for offline delivery. Future updates will introduce WiFi Direct capabilities. Following the announcement, all 10,000 beta spots were filled.

AppWizard

June 30, 2025

Urgent money requests on messaging apps? Stay alart!

Ensuring safety in the digital realm involves protecting one's entire online presence, especially from breaches of smartphone applications like social media and messaging platforms. Such breaches can lead to fraudulent activities, where scammers impersonate individuals to request money from their contacts. It is crucial to verify the authenticity of urgent financial requests received through messaging apps before taking action. Individuals should exercise caution when sharing personal information online, particularly in messaging groups where information can spread quickly. A real-life example involves a university student whose messaging app was compromised, leading to fraudulent money requests sent to his contacts. To stay safe, individuals should verify requests through different channels, be wary of unusual payment methods, scrutinize messages for odd language, avoid clicking suspicious links, and never share personal or banking details. They should also be aware that requests may originate from compromised accounts and report suspicious messages to the app and authorities. Maintaining awareness and skepticism is essential to avoid falling victim to fraud.