#android
12 articles
Mirax, NGate, and TrickMo are the top threat actors in the fifteen articles on Android published between April 12 and May 17, 2026. Key vulnerabilities include CVE-2026-8566, CVE-2026-8568, CVE-2023-4863, and CVE-2025-54957, affecting sectors such as cryptocurrency, technology, and financial services globally, with specific incidents in Europe, Austria, Brazil, and France. The coverage comprises nine high-severity, one medium, three informational, and two critical reports.
HIGHPixel 10 VPU Driver Bug Lets Userspace Map Kernel Memory
Google Project Zero found a Pixel 10 VPU driver flaw allowing userspace to map arbitrary physical memory, including the kernel image. Exploit required 5 lines of code.
HIGHChrome 148 Patches AI Site Isolation Bypass, Android Payment Flaw
CVE-2026-8568 (CVSS 3.1) lets attackers bypass Chrome Site Isolation via AI features after renderer compromise; CVE-2026-8566 (CVSS 4.3) targets Android Payments.
HIGHTrickMo Android Trojan Uses TON Blockchain for C2, SOCKS5 Pivots
ThreatFabric tracked a TrickMo variant using The Open Network (TON) for C2 and SOCKS5 proxies to pivot into victim networks, targeting banking and crypto users in France, Italy,...
MEDIUMMobile App Permissions Still Expose Users to Privacy Risks
ESET analysis shows 1 in 3 Android apps request unnecessary permissions — location, camera, microphone — enabling data harvesting and surveillance. Users should audit permissions.
HIGHNGate Malware Trojanizes HandyPay App to Steal Brazilian NFC Data
NGate malware, using AI-generated code, has infected the legitimate HandyPay NFC app to steal payment card data and PINs from over 220,000 Android users in Brazil, according to ESET.
HIGHNGate Malware Uses AI to Evade Detection in Trojanized NFC Apps
NGate malware version 2.0, built with AI assistance, hides in a trojanized NFC payment app to steal SMS, contacts, and crypto wallet data from Android devices while evading security software.
HIGHMiningDropper Framework Delivers Infostealers, RATs to Android Devices
MiningDropper, a multi-stage Android malware framework, delivers infostealers, RATs, and banking trojans to devices via disguised apps, according to CyberSecurity News researchers.
HIGHMirax Android RAT Infects 220,000 Users via Meta Ads, Creates SOCKS5 Proxy
Mirax Android RAT reached over 220,000 users via Meta ads, turning infected devices into SOCKS5 proxies for threat actors to route malicious traffic and steal data from Spanish-speaking victims.
INFORMATIONALGoogle Tightens Android 17 Privacy Rules, Blocks 8.3 Billion Ads in 2025
Google announced new Android 17 privacy policies restricting contact and location data access, while its 2025 ad safety report details the blocking of 8.3 billion policy-violating ads and 24.9 million advertiser account suspensions.
HIGHMirax Android RAT Evolves with Proxy Network and Data Theft Capabilities
The Mirax Android RAT is being offered as a Malware-as-a-Service to Russian-speaking affiliates, ensnaring devices in Europe into a residential proxy network while stealing credentials and sensitive data.
HIGHMirax Android RAT Steals Credentials, Enslaves Phones for Proxy Network
The Mirax Android RAT steals banking credentials and covertly turns infected devices into residential proxy nodes for criminal traffic, creating a dual-threat mobile botnet.
CRITICALCritical Android SDK Flaw Exposed Millions of Crypto Wallet Private Keys
A vulnerability in the EngageLab Push SDK, tracked as CVE-2023-4863, allowed attackers to steal private keys from millions of Android cryptocurrency wallets by intercepting push notifications.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.