Security researchers have identified multiple vulnerabilities and malware threats targeting Android devices, including an intentionally vulnerable app named DVAC. A new malware named Wpeeper, which uses compromised WordPress sites to conceal its command-and-control servers, has been uncovered. This malware is capable of collecting device information, managing files, and executing malicious commands. Additionally, popular Android apps like Xiaomi File Manager and WPS Office, with a combined 4 billion installs, have been found vulnerable to a path traversal flaw, potentially affecting over 1.5 billion users. This flaw could allow hackers to overwrite files and execute malicious code. Another vulnerability, known as the 'Dirty stream' attack, has been identified, which is a common pattern in Android apps.
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps https://t.co/S3SQj9duL6
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps: https://t.co/WaFjIxuuwR by Microsoft Security Blog #infosec #cybersecurity #technology #news
Android Flaw Affected Apps With 4 Billion Installs https://t.co/II6nFUKJv4
🚨 Alert - Popular #Android apps like Xiaomi File Manager and WPS Office are vulnerable to a path traversal flaw that could let hackers overwrite files and execute malicious code, leaving over 1.5 billion users exposed. Details here: https://t.co/stvX1dW6WV #infosecurity
Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers https://t.co/Ljh7HnkssF
Researchers have uncovered a new #Android malware called Wpeeper that uses compromised #WordPress sites to hide its true command-and-control servers. This sneaky backdoor can collect device info, manage files, & execute malicious commands. Learn more: https://t.co/WLjkWPv8TN
New Wpeeper Android malware hides behind hacked WordPress sites https://t.co/KmqgS2avdc
DVAC: An intentionally vulnerable Android Application https://t.co/poI71fqCV8