Search results for tag #android
🎯 Threat Intelligence
===================
Executive summary: Unit 42 researchers identified a previously undocumented Android spyware family named LANDFALL that targeted Samsung Galaxy devices. The malware was delivered via malformed DNG image files exploiting a Samsung image‑processing zero‑day, tracked as CVE-2025-21042, and was active in the wild from mid‑2024 until Samsung issued a patch in April 2025.
Technical details:
• Malware family: LANDFALL — commercial‑grade Android spyware with comprehensive surveillance capabilities.
• Delivery vector: malformed DNG image files embedded in messaging workflows; WhatsApp is the reported delivery channel in analyzed samples.
• Vulnerability exploited: CVE-2025-21042 in Samsung’s image processing library; related issues (including CVE-2025-21043) were patched subsequently.
• Capabilities observed: microphone recording, continuous or on‑demand location collection, exfiltration of photos, contacts and call logs.
Analysis:
The operation exhibits tradecraft and infrastructure patterns consistent with private‑sector offensive actors operating in the Middle East. LANDFALL’s use of image‑based exploitation mirrors contemporaneous exploit chains seen on other mobile platforms, indicating cross‑platform technique reuse by advanced operators. The campaign’s timeline—active months before public disclosure—demonstrates stealthy targeted operations leveraging zero‑day access.
Attack Chain Analysis:
• Initial Access: crafted DNG images delivered via messaging application (samples linked to WhatsApp delivery).
• Exploitation: memory corruption in Samsung image processing library exploited by malformed DNG (CVE-2025-21042).
• Execution/Delivery: payload unpacked and persisted as Android spyware.
• Collection: microphone audio, location telemetry, photos, contacts, call logs.
• Exfiltration/C2: not publicly detailed in the report; infrastructure overlaps suggest commercial spyware tradecraft.
Detection:
Detection options reported by Unit 42 focus on indicators associated with malformed DNG artifacts, unexpected image parsing crashes, and behavioral telemetry showing unauthorized access to microphone, location, and media stores. Network and device telemetry that flags image processing exceptions correlated with post‑exploit binaries should be prioritized for forensic review.
Mitigation and response:
Samsung issued a patch for CVE-2025-21042 in April 2025, and later patched a related zero‑day (CVE-2025-21043) in September 2025. Palo Alto Networks lists Advanced WildFire, Advanced URL Filtering, Advanced DNS Security and Advanced Threat Prevention as protective layers for customers. Unit 42 recommends incident response engagement for suspected compromises.
References: CVE‑2025‑21042, CVE‑2025‑21043, LANDFALL, Unit 42 #LANDFALL #CVE-2025-21042 #Android #Samsung
🔗 Source: https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
Is the Cromite browser on Android no longer blocking ads? I just played a YouTube video and 2 consecutive ads played before the video.
#Tech #AskFedi #Android #Cromite #AdBlockers #CyberSecurity #DataPrivacy #YouTube
Palo Alto Networks discovered Landfall, an Android spyware exploiting a Samsung zero-day (CVE-2025-21042) to deliver malware via DNG images on WhatsApp.
🎯 Region: Middle East & North Africa
📱 Targets: Samsung Galaxy S22–S24, Fold4, Flip4
🕵️♂️ Capabilities: Audio recording, GPS tracking, data exfiltration
The vulnerability was patched in April, but exploitation began months before. Attribution remains uncertain.
Follow @technadu for neutral, verified #InfoSec updates.
#CyberSecurity #Android #Spyware #Samsung #ZeroDay #CVE202521042 #ThreatIntelligence #MobileSecurity #DigitalForensics #TechNews
Alt...
Palo Alto Networks discovered Landfall, an Android spyware exploiting a Samsung zero-day (CVE-2025-21042) to deliver malware via DNG images on WhatsApp.
Since Google is fucking up Android and AOSP:
I've just contributed to postmarketOS. Consider supporting them too — every little helps! https://opencollective.com/postmarketos
Crypto.com is hiring Senior React Native Developer - Crypto.com App
🔧 #cryptocurrency #react #reactnative #javascript #kotlin #swift #typescript #android #ios #seniorengineer
🌎 Taipei, Taiwan
⏰ Full-time
🏢 Crypto.com
Job details https://jobsfordevelopers.com/jobs/senior-react-native-developer-crypto-com-app-at-crypto-com-mar-7-2025-f8f348?utm_source=mastodon.world&utm_medium=social&utm_campaign=posting
#jobalert #jobsearch #hiring
The people over at GrapheneOS are on a generational social media clapback run. Is there any other group of people in software so willing to brutally assault the public with facts? I love when I see a GrapheneOS reply in my timeline. Please let this era never end!
Erste Beta-Nutzer können Drittanbieter-Chats in WhatsApp testen
WhatsApp lässt erste Beta-Nutzer den Chat mit Drittanbieter-Apps testen. Derzeit wird jedoch nur ein Messenger unterstützt.
#Android #Datenschutz #DigitalMarketsAct #EU #iOS #IT #Mobiles #Netzpolitik #Security #Signal #WhatsApp #news
Samsung hopes for "second golden age" of the smartphone business with Galaxy S26
Samsung is planning “second golden age” for its smartphone business in 2026 and aims to recapture past sales successes with the Galaxy S26 series and foldables.
#Android #IT #KünstlicheIntelligenz #Mobiles #Mobilfunk #Samsung #Smartphone #Geschäftszahlen #news
Samsung hofft mit Galaxy S26 auf "zweite Blütezeit" des Smartphone-Geschäfts
Samsung plant für 2026 eine "zweite Blütezeit" seines Smartphone-Geschäfts und will mit der Galaxy-S26-Serie und Foldables an alte Absatzerfolge anschließen.
#Android #IT #KünstlicheIntelligenz #Mobiles #Mobilfunk #Samsung #Smartphone #Geschäftszahlen #news
SoFi is hiring Senior Mobile Engineer, Money Movement
🔧 #flutter #react #reactnative #android #ios #rest #blockchain #seniorengineer
🌎 San Francisco, California
⏰ Full-time
🏢 SoFi
Job details https://jobsfordevelopers.com/jobs/senior-mobile-engineer-money-movement-at-sofi-com-aug-8-2025-3c93ef?utm_source=mastodon.world&utm_medium=social&utm_campaign=posting
#jobalert #jobsearch #hiring
vs.
NO #windows11 @ ALL
( Jumper #Laptop 14" FullHD & LineageOS #Version 14.1 - #android _x86_64 )
#wochenende #system #alternative #humor #glaube #zeroclick #presse #freiheit #twitter #zukunft #it #gesellschaft #überwachung #info #socialmedia
RE: https://mastodon.social/@blogdiva/115225922791811080
so, am testing the #quoot or #quotepost feature in the app and it’s working.
been using it by opening posts in a browser, so it’s nice that i can do it directly from the #android app. i almost exclusively toot from my tablet these days.
the thing is… this isn’t a quoted post à la Twitter.
all we had to do was to copy & paste a link to the tweet for it to appear embedded with the javascript & html magic of the Oembed protocol.
what @MastodonEngineering created here is something else… 🧵
BACK TO QUOTED TWEETS
taking snapshots of a tweet and posting them was a way of circumventing the blockquote conundrum with the 250 character limitation; BUT there was another limitation: CELL PHONE DATA PLANS.
there was no #Android when Twitter was first created. mobile posting wasn’t by way of an app. we posted via text messaging.
how much media you included in a mobile tweet was limited by your phone’s data plan. i certainly was, and that’s why my QT was optimized for texts… 🧵
Interesting how Facebook & co declare queries to android.intent.action.MAIN to bypass restrictions on the QUERY_ALL_PACKAGE permission.
It allows them to get the list of all the apps installed on your system.
Source, interesting blog post on the subject: https://peabee.substack.com/p/everyone-knows-what-apps-you-use
Out of curiosity, I've verified with a recent Facebook APK
The #Android mobile operating system was unveiled by Google OTD in 2007; learn about its #IPnetworking commands https://cromwell-intl.com/networking/commands.html?s=mb #history
#jolla any news on bringing #Aliendalvik to #postmarketos or ever thought about opensourcing it?
times are changing fast and this technology would give #linuxmobile a massive boost to replace #android. most users would even be willing to pay some bucks if its about money... lets talk.
Review of TopSurveys, a legitimate platform that pays users for completing surveys and playing games, offering fast withdrawals via PayPal and Revolut #DigitalMarketing #SideHustle #Surveys #PaidSurveys #Apps #PlayToEarn #Android #iOS
https://www.moneyonline.wiki/2025/11/topsurveys-review-guide-payments.html
Microsoft Plans to Remove Entra Accounts from Authenticator on Jailbroken Devices
I would like to see the stats on how big an issue this really in in corporate environments. I am skeptical on the size of the problem.
https://gbhackers.com/microsoft-plans-to-remove-entra-accounts-from-on-jailbroken-devices/
Sneaky new Android malware takes over your phone, hiding in fake news and ID apps | Malwarebytes
A new type of Android malware that can steal sensitive data from people who use banking and cryptocurrency apps has been uncovered by researchers at the University of California, San Francisco, and is spreading around the world.
Pulse ID: 690b27ad4fefce48aca13654
Pulse Link: https://otx.alienvault.com/pulse/690b27ad4fefce48aca13654
Pulse Author: CyberHunter_NL
Created: 2025-11-05 10:32:12
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Android #Bank #Cisco #CyberSecurity #InfoSec #MalWareBytes #Malware #OTX #OpenThreatExchange #UniversityofCalifornia #bot #cryptocurrency #CyberHunter_NL
Google and Epic agree on worldwide Android changes
Surprisingly, Google and Epic have reached an agreement on a joint proposal in the Android legal dispute. The planned changes are to apply worldwide.
#Google für schuldig befunden, Daten über Nutzer gesammelt zu haben, obwohl die Aufzeichnung von App-Aktivitäten explizit ausgeschaltet wurde https://www.heise.de/news/Klaeger-verlangen-2-36-Milliarden-US-Dollar-von-Google-nach-Datenschutzurteil-10845598.html
Ohne die Nutzer zu informieren, schicken rund 30 Prozent aller #Android-Apps, darunter die Apps „Meine CDU“ und „SPD Landtagsfraktion NRW“, heimlich Daten an #Facebook https://netzpolitik.org/2018/ein-drittel-aller-android-apps-schickt-heimlich-daten-an-facebook/
Ultraschall-Apps verfolgen #Android-Nutzer geräteübergreifend, Eine Ultraschall-Technologie für genau diesen Zweck konnte vom Forschungsteam in mehr als 200 Android-Apps nachgewiesen werden. Darunter befanden sich laut der Studie auch Apps, die millionenfach heruntergeladen wurden https://netzpolitik.org/2017/unbemerkt-ultraschall-apps-verfolgen-android-nutzer-geraeteuebergreifend/
Dem Reporterteam liegt kostenloses Probematerial von Datenhändlern vor, das #Standortdaten von Millionen #Handys aus #Deutschland und der #EU umfasst.
Reaktionen: Keiner ist verantwortlich 🤦♂️ https://www.heise.de/news/Spionage-via-Online-Graumarkt-EU-Mitarbeiter-durch-Handy-Standortdaten-entbloesst-11056770.html
My child’s #Android phone was lost, but it was still online — it rang and showed up in Find My Device. We couldn’t get to the location within 12 hours, so while it was still powered and on-network I first triggered a remote factory reset, then had the carrier block the SIM. The phone contained a large volume of personal family photos & losing control of that data would’ve been a serious privacy risk. Did I handle this OK? How can I set up an #android phone so #loss of it is not an emergency?
#GWB - Android: Das nächste Pixel-Update kommt heute – mit Pixel Feature Drop und einem neuen Android-Release? - https://www.googlewatchblog.de/2025/11/android-das-naechste-pixel-update-kommt-heute-mit-pixel-feature-drop-und-einem-neuen-android-release/ #android #Google #pixel
Endlich ist die neue #Loops App für #Android da, nur ist der fette weiße Kasten da unten, der ein Teil der Videos verdeckt, etwas seltsam.#Fediverse
#Android Apps misusing NFC and HCE to steal payment data on the rise
https://securityaffairs.com/184130/security/android-apps-misusing-nfc-and-hce-to-steal-payment-data-on-the-rise.html
#securityaffairs #hacking
Pixel 7 bis 10: Google veröffentlicht überraschend zweites Oktober-Update
Google hat ein neues Oktober-Update für seine Pixel-Smartphones veröffentlicht. Konkrete Neuerungen nennt der Konzern nicht, Verizon gibt erste Details preis.
#Android #Google #Mobiles #GooglePixel #Sicherheitslücken #Smartphone #Software #Updates #Verizon #news
Simple trick to increase coverage: Lying to users about signal strength | Nick vs Networking
> Poking around in Android the other day I found this nugget in Carrier Config manager; a flag (KEY_INFLATE_SIGNAL_STRENGTH_BOOL) to always report the signal strength to the user as one bar higher than it really is
> Notably both AT&T and Verizon have this flag enabled on their networks
This explains a lot... Unfortunately I don't have access to a rooted Android device right now, but it would be interesting to crowdsource a database of flags used by different carriers around the world. Maybe one already exists?
https://nickvsnetworking.com/simple-trick-to-increase-coverage-lying-to-users-about-signal-strength/
HeyCash es una app de recompensas que ofrece a los usuarios la oportunidad de ganar dinero en efectivo o tarjetas regalo por completar tareas #Encuestas #Apps #Android #EncuestasOnline #MicroTasks #SideHustle #iOS #PlayToEarn #Surveys
https://consejos-publicitarios.blogspot.com/2025/11/heycash-app-para-ganar-dinero-mediante.html
Zeiss Cameras and Android 16: Vivo Brings X300 Series to Germany
The manufacturer Vivo is returning to the German market with the X300 and X300 Pro. However, the batteries are smaller than those of the models for China.
Aight nerds, who's got a recommendation for an #Android launcher now that Nova has ceased development?
I'm running an unlocked/rooted version of otherwise stock Android 14 and interested in your recommendations for homescreen/app launchers.
This aspect of the #android keyboard is going to drive me mad. A bunch of conjunctions should be the default completion for these letter combos. The one in a cyan color and/or in the center is what would come out if i pressed space or a punctuation mark. These are super uncommon words compared to the corresponding conjunction. What is the fix for this?
5/
Alt...
Screencap of an android on-screen keyboard. I have typed i v e and it is going to complete that to IVE instead of I've
Alt...
Screencap of an android on-screen keyboard. I have typed c a n t and it is going to complete that to cant instead of can't
Alt...
Screencap of an android on-screen keyboard. I have typed w o n t and it is going to complete that to wont instead of won't
Alt...
Screencap of an android on-screen keyboard. I have typed i m and it is going to complete that to IM instead of I'm
So more #Android woes. Android Auto is a dealbreaker. I have a BOSS BE7ACP car stereo. It claims Android and CarPlay support. CarPlay is fine. Not great, because sometimes it crashes. But 99% reliable. Android Auto isn't working at all. Now, it could be the cable. But there is a sizeable Reddit thread that suggests this particular unit is really unreliable with Android Auto.
I am not giving up my car stereo integration to switch from #iphone to #Android. And I'm not buying a new car stereo so that it will work with my phone.
3/
@GOKUSHRM Maybe you didn't read the thread. I already use F-droid and my complaint is that major apps aren't there. Aurora will get me the major apps, exactly as they are in the Play store, so I don't see the relevance. (I get why Aurora is better than the Play store, but that isn't what I'm complaining about)
I have self-hosted email, self-hosted calendar and contacts, self-hosted reminders and tasks, and self-hosted notes. I'm not looking to stop using what I have and switch to services provided by Tuta or anyone else. And if that markdown editor for notes doesn't use IMAP to read and write the notes that I already have, it's not useful.
I am not getting started. I have 20 years of mobile phone history and usage. 27 years hosting my own email. I'm trying to change my phone. I'm not trying to change all the online services that I use for my digital life in order to make #Android work.
And frankly, the physical keys are nice for some things but they're much more work to type. I'm slower, less accurate, and my hands get tired. Today is Sunday and i got it Wednesday night. IM not sure i will last a week.
Goddamn:every time i type "I'm" i have to slow down and fix it. See that "IM" in the sentence above? if i type I M space, fucking assistive typing will insert IM by default. By now it should have learned that i mean "I'm"
I'm constantly looking for the non-Google option for stuff, like photos, contacts, email. The possibility of a non-proprietary app store was attractive in theory. In practice my bank, and major apps i use are only in the Play store. I can't control where they publish.
I'll thread more later. My hands are tired.
2/
I think my dalliance with #android may be coming to an end. I bought this titan 2 phone backing a kickstarter. It has been very unreliable. Maybe it is android 15. Maybe it is my wacky settings (i try to log out of google and do as little with them as possible). I restrict or remove permissions on a lot of stuff. It could be instability in the maker's mods to android. I don't know. But i deal with crashes. A lot
The fact is that two email programs (Thunderbird and K-9) won't run. They literally crash when opened. ProtonVPN crashes as soon as i tap "sign in". I cant remember the last time i dealt with this on my #iPhone. With this android phone it's a daily thing. I used the built-in gmail app and even it crashes sometimes.
I still don't have all my #nextcloud services integrated. I have installed TWO helper apps already (DAVx and IMAP notes) to get contacts, calendars, and notes. I STILL don't have reminder lists working. All these things were effortless on IOS. On android it's not supported out of the boxand i have to search OME workaround.
1/
#GWB - Android: Neue Google System Updates sind da – diese Neuerungen kamen im Oktober auf viele Smartphones - https://www.googlewatchblog.de/2025/11/android-google-system-updates-okt25/ #googlesystemupdate #android #Google
Eine sehr wichtige Kampagne, da Google sich 2026 quasi zum Android-Monopolisten/Gatekeeper machen möchte:
Bitte verbreiten und mitzeichnen.
#keepAndroidOpen #fdroid #Android #Google #UnplugTrump #opensource
Stop calling it "sideloading". Call it "installing" instead, as it should be.
If you're "installing" from the Play Store, call it "Googleloading" instead.
Word choice is important. Make the legislators understand what's going on here.
#google #android #aosp #politics #enshittification #surveillance #sideloading #control #antitrust #monopoly #privacy #digitalsovereignty
#android battery consumption
Somehow this doesn't look that great. Total phone screentime was less than 2 hours. Yet I'm now at 16℅ at the end of the day. 🤔
I took two pictures which triggered #Nextcloud to upload them.
I read some news articles with my web browser (#fennec)
I fooled around with AI (#lumo)
I didn't even open #AntennaPod 😭
But overall this is just way too much battery consumption on a phone that is just 7months old. (#pixel8a)
Fennec seems to stay active a lot in the background.
Alt...
Stitched screenshots of android battery consumption
Alt...
Screenshot of android battery consumption
when you forget that #Nextcloud on #Android has auto-upload but not actual sync 🤣
370GB!!!
Alt...
Screenshot of a Nextcloud folder that contains way too many Signal backups that add up to ~370 GB in total.