13 articles tagged with #mobile-security. AI-curated summaries with sentiment analysis and key takeaways from 50+ sources.
Microsoft discovered a critical vulnerability in the EngageLab SDK that exposed private wallet data across 30 million Android installations. The flaw allowed malicious applications to gain unauthorized read and write access to sensitive user information through Android intents, posing significant risks to cryptocurrency wallet users globally.
Cyble has identified OverlayPhantom, a new Android banking trojan targeting over 180 banking, financial, and cryptocurrency applications across 10 countries. The malware uses fake overlay screens to capture PINs and credentials, enabling account takeover through a two-stage infection chain distributed via malicious URLs impersonating legitimate apps.
Researchers demonstrate MIRAGE, a technique that exploits vision-language model vulnerabilities in mobile GUI agents by injecting adversarial text into user-generated content regions. The attack achieves 23-30% success rates across five VLM agents without modifying apps or operating systems, revealing a critical security gap in AI-powered mobile automation that existing visual-quality defenses cannot reliably prevent.
Mobile wallet zero-day vulnerabilities and SDK flaws are eroding user confidence in centralized cryptocurrency solutions, prompting advanced users to adopt isolated, multi-device signing architectures that limit exposure from single-point compromises. The trend underscores systemic risks in third-party software dependencies that retail users often fail to recognize.
Ledger's security team discovered a critical vulnerability in MediaTek's secure boot chain that allows attackers to steal cryptocurrency seed phrases from Android devices in just 45 seconds. MediaTek has since patched the security flaw that could have compromised sensitive crypto wallet information on affected Android devices.
A security vulnerability in MediaTek-powered Android phones could allow attackers to extract encrypted data, including cryptocurrency wallet seed phrases, through a USB connection. This security flaw poses significant risks to crypto users who store wallet data on affected devices.
Ledger has discovered a chip vulnerability affecting 25% of Android smartphones that enables hackers to decrypt devices and steal sensitive data, including cryptocurrency wallet private keys. This security flaw poses significant risks to crypto holders who store their digital assets on affected Android devices.
Google discovered a new iOS exploit kit called Coruna that silently infiltrates iPhones through compromised websites to steal cryptocurrency from popular wallet apps including MetaMask, Phantom, and Trust Wallet. The attack requires no user interaction beyond visiting a malicious website on an unpatched iPhone device.
Google threat researchers discovered fake cryptocurrency websites hosting a new exploit kit capable of compromising iPhones to steal crypto assets. The sophisticated attack targets iOS devices specifically to hunt for and extract cryptocurrency holdings from victims.
Researchers have discovered a sophisticated iPhone exploit kit containing 23 iOS vulnerabilities being used for espionage and cryptocurrency scams. The hacking tool may have origins in US intelligence operations, raising concerns about state-sponsored cyber activities targeting crypto users.
Researchers discovered a critical security vulnerability in AI-powered GUI agents on Android, where malicious apps can hijack agent actions without requiring dangerous permissions. The 'Action Rebinding' attack exploits timing gaps between AI observation and action, achieving 100% success rates in tests across six popular Android GUI agents.
Researchers introduce the 'Turing Test on Screen,' a framework for measuring how well autonomous GUI agents can mimic human behavior to evade detection systems. The study reveals that current LLM-based agents exhibit unnatural interaction patterns and proposes humanization methods to improve their ability to operate undetected in adversarial digital environments.
Google's June Android feature drop introduces enhanced scam detection capabilities, enabling Android phones to identify spoofed calls and impersonation attempts. The update reflects growing industry focus on protecting users from phone-based fraud through on-device AI technology.
