With a special focus on mobile apps and connected, unmanaged devices, this VMX Labs Cybersecurity Threat Roundup is compiled by Verimatrix cybersecurity researchers and data scientists. It includes links to notable threat advisories over the last month, information on vulnerabilities and patches, and links to recent intelligence reports.

Threat info

Vulnerabilities & patches

  • Google patched two actively exploited zero-days (CVE-2024-29745 and CVE-2024-29748) that are used by forensic firms to unlock Pixel phones without a PIN and access personal data. The security patch level of 2024-04-05 or later addresses both.

Intelligence reports

  • Verimatrix published a guide that addresses the latest OWASP Mobile Top 10 vunerabilities and how developers can secure their mobile apps from evolving threats.
  • The Doctor Web’s January and February 2024 reports show a surge in Android HiddenAds adware activity, while Android banking trojan activities first increased by 17% in January and then decreased by 19% in February. The former report also discloses a few fraudulent apps in the Google Play Store.
  • Malwarebytes reports that the company detected 88,500 Android banking malware infections in 2023. 
  • Kaspersky’s State of Stalkerware in 2023 Report shows a slight increase (6%) in stalkerware victims, with a total of 31,031 unique cases last year. They were mostly in Russia, Brazil, and India. The most popular stalkerware app was TrackView. 
  • Anubis, AhMyth, and Hydra were the top three mobile malwares in February 2024, according to Check Point’s Most Wanted Malware Report.
  • Kaspersky published a summary of its three private intelligence reports on Android malware.
  • The Recorded Future’s report indicates that there is a clear link between i-SOON, a contractor of Chinese state agencies for foreign hacking and espionage campaigns, and POISON CARP, a suspected Chinese state-sponsored threat actor that spies on the mobile devices of Tibetans.
  • Google and Mandiant’s ”A review of zero-day-in-the-wild exploits in 2023” report states that 75% of the known zero-day exploits targeting Google products and Android devices in 2023 were attributed to commercial surveillance vendors.