NewApp Digest
search bot

sensitive applications

Herodotus Android Banking Trojan Takes Over Devices, Outsmarts Security Tools
Tech Optimizer
November 7, 2025

Herodotus Android Banking Trojan Takes Over Devices, Outsmarts Security Tools

A new Android banking Trojan named Herodotus has emerged, operating under the Malware-as-a-Service (MaaS) model and causing significant disruptions in the mobile banking sector. It primarily spreads through SMS phishing campaigns that disguise malicious links as legitimate messages, leading users to counterfeit web pages to download an APK file outside the official Play Store. Upon installation, Herodotus requests critical permissions, including Accessibility, allowing it to overlay fake screens on real banking apps and capture user data. The malware employs deceptive behaviors to evade detection by traditional antivirus solutions, which often fail to recognize it due to their reliance on signature-based and behavior-driven databases. Research indicates that antivirus providers have overlooked the Herodotus threat, highlighting the need for multilayered defense mechanisms. Pradeo’s Mobile Threat Defense (MTD) solution offers continuous monitoring of device behavior, proactive blocking of phishing links, and alerts for risky off-store installations, effectively neutralizing threats before they escalate.
Pixnapping: Side-Channel Vulnerability Allows Android Apps to Capture Sensitive Screen Data
AppWizard
October 16, 2025

Pixnapping: Side-Channel Vulnerability Allows Android Apps to Capture Sensitive Screen Data

A newly identified attack method called Pixnapping poses a significant threat to Android devices by allowing malicious applications to capture on-screen information from other apps through pixel stealing. This attack affects various applications, including Signal, Google Authenticator, and Venmo. Pixnapping occurs when a user installs a malicious app that uses Android APIs to launch a target application, capturing sensitive information displayed on the screen by exploiting a side channel. The attack utilizes the GPU.zip side-channel vulnerability, prevalent in modern GPUs from manufacturers like AMD, Apple, Arm, Intel, Qualcomm, and Nvidia. Currently, there are no mitigation strategies available for developers against Pixnapping, which can lead to the theft of locally stored secrets, such as two-factor authentication codes. The GPU.zip vulnerability was disclosed in 2023 and remains unaddressed by GPU vendors.
Severe Pixel vulnerability lets apps leak on-screen data like 2FA codes, Google working on December fix
AppWizard
October 14, 2025

Severe Pixel vulnerability lets apps leak on-screen data like 2FA codes, Google working on December fix

A new class of Android attacks called Pixnapping allows installed applications to monitor the content displayed by other apps without requesting permissions. This attack can capture sensitive information, including Gmail previews, Google Maps timelines, and two-factor authentication codes, by exploiting Android’s rendering APIs and a hardware side channel. Pixnapping operates by manipulating Android intents to funnel pixels from a target app into the system's rendering pipeline, using timing variations from GPU compression to recover text. The attack has been demonstrated on various devices, including Google Pixel models 6 through 9 and the Samsung Galaxy S25. In February 2025, the vulnerability was disclosed to Google, which assigned it a CVE-2025-48561 rating and classified it as high risk. A patch was released in September, but a workaround was found, leading to ongoing collaboration with Google and Samsung for further fixes. Users are advised to maintain good app hygiene, avoid unknown APKs, and promptly install security updates. The researchers have not yet developed a universal mitigation app and advocate for platform-level fixes to address the vulnerabilities.
CMM Launcher For Android – A Launcher App (Made In Indian App)
AppWizard
October 9, 2025

CMM Launcher For Android – A Launcher App (Made In Indian App)

CMM Launcher is an Android launcher developed in India with over 30 million installations. It is lightweight, efficient, and designed for fast performance, suitable for both entry-level and high-end smartphones. The launcher offers over 10,000 free themes for customization and includes features like App Hide for privacy, a built-in Booster for optimizing phone speed, and a News Feed for real-time updates. It complies with Indian data protection regulations, ensuring user data remains within the country. CMM Launcher has received positive reviews, being recognized as a top choice on the Play Store.
How to Enable App Pinning on Android
AppWizard
October 2, 2025

How to Enable App Pinning on Android

Android's App Pinning feature allows users to lock their devices to a single application, preventing others from navigating away from that app and protecting sensitive information. To enable App Pinning, follow these steps: 1. Open the settings app and select Security & Privacy. 2. Select More security & privacy. 3. Scroll down and select App pinning. 4. Toggle on Use app pinning. Once enabled, users can share their devices without the risk of exposing private messages or sensitive applications.
Google is expanding a key anti-theft feature to make your apps more secure
AppWizard
August 21, 2025

Google is expanding a key anti-theft feature to make your apps more secure

Android's Identity Check feature will be enhanced in the Android 16 QPR2 update, requiring biometric-only authentication for apps using the biometric prompt, eliminating screen lock credentials as a fallback. This aims to improve security for sensitive applications by preventing unauthorized access, particularly in untrusted environments. The update expands Identity Check to more applications, ensuring that access necessitates biometric verification. Users can activate this feature through Settings on their Pixel devices. Future updates may allow the use of a smartwatch as a trusted unlock mechanism, bypassing biometric authentication when connected.
Search