Cybersecurity experts found a new Android spyware, RadzaRat, disguised as a file manager app. It grants hackers full control over devices, including keylogging capabilities, and is undetectable by antivirus programs. The malware is easily accessible online and can be deployed by anyone with basic skills.

This article analyzes a series of DNG image exploits discovered between July 2024 and February 2025, targeting the Quram library on Samsung devices. The exploits bypassed security by leveraging WhatsApp to deliver malicious images, ultimately aiming to execute code within a specific Samsung system service.

A report from Zscaler reveals that over 239 malicious Android apps were downloaded 42 million times from Google Play between June 2024 and May 2025. The rise in malware includes banking trojans and spyware, with a notable shift towards social engineering tactics. India, the U.S., and Canada are the top targets, while adware has become the most detected threat.

The Kimwolf botnet has compromised over 2 million Android devices, primarily targeting streaming boxes to turn them into residential proxies. Recent reports detail its expansion and connection to a network of compromised routers, which allows threat actors to conduct DDoS attacks and sell proxy services. Cybersecurity firms have identified significant increases in bot activity and vulnerabilities in residential proxy networks.

The Kimwolf botnet has infected over 2 million devices by exploiting vulnerabilities in residential proxy networks. It spreads through compromised Android TV boxes and digital photo frames, allowing attackers to relay malicious traffic and launch DDoS attacks. Security experts warn that the risk from unsecured proxy networks is escalating.

Google is introducing developer verification requirements to enhance security on the Android platform, addressing issues with scams and malware. The update considers feedback from various user groups, including students and experienced users, offering tailored solutions for each. Early access to the new verification process is starting for developers.

Albiriox is a new Android malware that gives attackers full control over infected devices, enabling financial fraud. It spreads through deceptive SMS messages and fake apps, using advanced techniques to evade detection. The malware is part of a subscription-based service offered by Russian-speaking cybercriminals.

North Korean hackers are using Google’s Find Hub to track and factory reset Android devices of South Korean targets. They initiate attacks via spear-phishing on KakaoTalk, leading to data theft and device wipes to prevent recovery and spread malware to victims' contacts.

The Kimwolf botnet has infected at least 1.8 million devices, primarily targeting Android-based TVs and set-top boxes. It has demonstrated advanced DDoS capabilities and is linked to the AISURU botnet, suggesting that the same hacker group may be behind both. Recent tactics include using Ethereum Name Service for resilience against takedowns.

A new report from Zimperium reveals a rise in NFC relay malware targeting Android users' tap-to-pay systems. Over 760 malicious apps have been found that impersonate legitimate banking applications to steal payment data and facilitate fraud. Users are advised to download apps only from the Google Play Store and stay vigilant against unknown payment requests.

Google patched 107 vulnerabilities in Android, including two high-severity flaws currently being exploited. Users should check their Android version and update to at least the 2025-12-05 patch level to ensure these issues are resolved. It's important to only install apps from trusted sources and keep devices up to date for security.

The Herodotus malware family targets Android devices by using random delays to imitate human typing, making it harder for security software to detect. Currently distributed through SMS phishing, it can bypass Accessibility permissions and interact with the user interface to steal sensitive information. Experts warn Android users to be cautious about app permissions and avoid downloading apps from untrusted sources.

Researchers have uncovered two new Android malware families, FvncBot and SeedSnatcher. FvncBot targets banking users in Poland, using advanced techniques for data theft, while SeedSnatcher aims to steal cryptocurrency wallet seed phrases and intercept SMS for two-factor authentication.

A new type of Android malware, dubbed "Godfather," is capable of bypassing sandbox detection to steal sensitive user data from applications, including banking and cryptocurrency wallets. Researchers have noted its ability to impersonate legitimate apps and extract credentials, posing a significant threat to Android users.

A new malware named SparkKitty has been discovered, targeting iOS and Android devices to steal sensitive images from users' photo galleries, particularly those containing cryptocurrency wallet seed phrases. It has been distributed through official app stores and malicious sites, showcasing advanced techniques to exploit app provisioning systems.

The latest version of the 'Crocodilus' Android malware now includes a feature that adds fake contacts to infected devices, allowing attackers to spoof trusted callers and enhance their social engineering tactics. Initially identified in Turkey, the malware has expanded its reach globally and incorporates advanced evasion techniques to avoid detection while stealing sensitive data. Android users are advised to exercise caution and download only from trusted sources to mitigate risks.

Samsung has addressed a critical remote code execution vulnerability (CVE-2025-21043) affecting Android devices running version 13 or later, which was exploited in zero-day attacks. Discovered in a closed-source image parsing library, the flaw allows attackers to execute malicious code remotely. Meta and WhatsApp reported the vulnerability, highlighting the importance of keeping devices updated to mitigate such risks.

A new Android banking Trojan named Anatsa has been discovered, targeting users by mimicking legitimate banking applications. It employs advanced techniques to steal sensitive information and bypass security measures, posing a significant threat to users’ financial security. The malware is spread through malicious apps and phishing campaigns, highlighting the need for increased vigilance among mobile users.

The article discusses the vulnerabilities associated with AgentFlayer, a malware designed to exploit weaknesses in Android devices. It highlights the methods used by the malware to gain unauthorized access and the potential impact on users' data security. Recommendations for mitigating these risks are also provided.

A new attack known as "pixnapping" has emerged, targeting Android devices by using pixel-stealing techniques to access sensitive information. This method allows attackers to manipulate the display output, potentially compromising user data without their knowledge. Users are advised to remain vigilant and update their security measures to protect against this threat.

Cybercriminals are exploiting Meta's advertising platforms to promote a fake TradingView Premium app that distributes the Brokewell malware for Android devices. This malware is capable of stealing sensitive information, monitoring users, and taking control of compromised devices, specifically targeting mobile users with localized ads since July 22nd. Researchers from Bitdefender have detailed the malware's advanced functionalities, including stealing cryptocurrency and bypassing two-factor authentication.