Latest news with #zLabs
Scottish Sun
25-07-2025
- Scottish Sun
Over 250 dodgy apps uncovered that steal private photos and threaten to leak them to family unless victims pay up
Click to share on X/Twitter (Opens in new window) Click to share on Facebook (Opens in new window) RESEARCHERS have uncovered an 'emotionally manipulative' extortion campaign putting users at risk. Over 250 dodgy apps have been uncovered, which are forcing victims of the scam to pay up. Sign up for Scottish Sun newsletter Sign up 4 More than 250 dodgy apps have been uncovered, making people pay scammers Credit: Alamy Dodgy apps uncovered Security researchers Zimperium zLabs claimed to have found more than 250 Android apps, all pretending to be dating and romance apps. Zimperium calls the campaign SarangTrap, as it has mostly targeted people living in South Korea. On the surface, the apps look slick and well-designed, hiding the usual telltale signs of scam pages. 4 There are simple ways to protect yourself from scams Credit: Alamy However, behind the scenes, the apps work as info-stealers, taking user contact information, photos and data from their devices. READ MORE TECH SCAM FEARS Brits face losing £100m in ticket scams this summer, experts warn Due to the nature of the apps, the victims were lured in with 'emotionally charged interactions'. If the threat actors find any incriminating information on the compromised devices, they reach out to the victim and threaten to share it with their family, friends, and partners, unless a payment is made. Ways to stay safe Out of the 80 domains used in this campaign, many were allegedly indexed by popular search engines. This means that for victims who tend to be scam-savvy, they appear legitimate. The zLabs research team said: 'This is more than just a malware outbreak; it's a digital weaponisation of trust and emotion. 'Users seeking connection are being manipulated into granting access to some of their most personal data.' 4 Threat actors find any incriminating information on the compromised devices. Credit: Alamy The zLabs team have provided advice on how to avoid falling victim to the scam. Users should avoid downloading apps from unfamiliar links or unofficial app stores. This is because the more than 250 apps, a part of SarangTrap could not be found on Playstore or App Store. Malware can sometimes find its way onto these well now app stores, but Google and Apple are diligent with protecting their users. As a result, it is a lot harder to pick up malware on the official store rather than a third-party system. The zLabs researchers also recommended that users should be careful of apps requiring unusual permissions or an invitation code. Other advice to users includes regularly reviewing the permissions they granted and installed profiles they operate, and they should install on-device mobile security solutions that can help detect and block malware. Advice for dating app users While this particular scam came from users downloading malware from third-party app stores, there are always ways for users to protect themselves on dating apps. Advice service Brook tell users to always check the person you are speaking to is who they say they are. 4 Users need to be careful not to fall victims to scams on dating apps Credit: AFP This may involve taking time with a person, and don't feel pressured to do anything before the user feels ready. For more common apps which are trusted, ensure to stay in the app rather than giving the person the user's number. They also recommend not sharing any private information or imagery.
The Irish Sun
25-07-2025
- The Irish Sun
Over 250 dodgy apps uncovered that steal private photos and threaten to leak them to family unless victims pay up
RESEARCHERS have uncovered an 'emotionally manipulative' extortion campaign putting users at risk. Over 250 dodgy apps have been uncovered, which are forcing victims of the scam to pay up. Advertisement 4 More than 250 dodgy apps have been uncovered, making people pay scammers Credit: Alamy Dodgy apps uncovered Security researchers Zimperium zLabs claimed to have found more than 250 Android apps, all pretending to be dating and romance apps. Zimperium calls the campaign SarangTrap, as it has mostly targeted people living in South Korea. On the surface, the apps look slick and well-designed, hiding the usual telltale signs of scam pages. 4 There are simple ways to protect yourself from scams Credit: Alamy However, behind the scenes, the apps work as info-stealers, taking user contact information, photos and data from their devices. Advertisement READ MORE TECH Due to the nature of the apps, the victims were lured in with 'emotionally charged interactions'. If the threat actors find any incriminating information on the Ways to stay safe Out of the 80 domains used in this campaign, many were allegedly indexed by popular search engines. This means that for victims who tend to be scam-savvy, they appear legitimate. Advertisement Most read in Tech The zLabs research team said: 'This is more than just a malware outbreak; it's a digital weaponisation of trust and emotion. 'Users seeking connection are being manipulated into granting access to some of their most personal data.' 4 Threat actors find any incriminating information on the compromised devices. Credit: Alamy The zLabs team have provided advice on how to avoid falling victim to the scam. Advertisement Users should avoid downloading apps from unfamiliar links or unofficial app stores. This is because the more than 250 apps, a part of SarangTrap could not be found on Playstore or App Store. Malware can sometimes find its way onto these well now app stores, but Google and Apple are diligent with protecting their users. As a result, it is a lot harder to pick up malware on the official store rather than a third-party system. Advertisement The zLabs researchers also recommended that users should be careful of apps requiring unusual permissions or an invitation code. Other advice to users includes regularly reviewing the permissions they granted and installed profiles they operate, and they should install on-device mobile security solutions that can help detect and block malware. Advice for dating app users While this particular scam came from users downloading malware from third-party app stores, there are always ways for users to protect themselves on Advice service Advertisement 4 Users need to be careful not to fall victims to scams on dating apps Credit: AFP This may involve taking time with a person, and don't feel pressured to do anything before the user feels ready. For more common apps which are trusted, ensure to stay in the app rather than giving the person the user's number. They also recommend not sharing any private information or imagery. Advertisement
The Sun
25-07-2025
- The Sun
Over 250 dodgy apps uncovered that steal private photos and threaten to leak them to family unless victims pay up
RESEARCHERS have uncovered an 'emotionally manipulative' extortion campaign putting users at risk. Over 250 dodgy apps have been uncovered, which are forcing victims of the scam to pay up. 4 Dodgy apps uncovered Security researchers Zimperium zLabs claimed to have found more than 250 Android apps, all pretending to be dating and romance apps. Zimperium calls the campaign SarangTrap, as it has mostly targeted people living in South Korea. On the surface, the apps look slick and well-designed, hiding the usual telltale signs of scam pages. 4 However, behind the scenes, the apps work as info-stealers, taking user contact information, photos and data from their devices. Due to the nature of the apps, the victims were lured in with 'emotionally charged interactions'. If the threat actors find any incriminating information on the compromised devices, they reach out to the victim and threaten to share it with their family, friends, and partners, unless a payment is made. Ways to stay safe Out of the 80 domains used in this campaign, many were allegedly indexed by popular search engines. This means that for victims who tend to be scam-savvy, they appear legitimate. The zLabs research team said: 'This is more than just a malware outbreak; it's a digital weaponisation of trust and emotion. 'Users seeking connection are being manipulated into granting access to some of their most personal data.' 4 The zLabs team have provided advice on how to avoid falling victim to the scam. Users should avoid downloading apps from unfamiliar links or unofficial app stores. This is because the more than 250 apps, a part of SarangTrap could not be found on Playstore or App Store. Malware can sometimes find its way onto these well now app stores, but Google and Apple are diligent with protecting their users. As a result, it is a lot harder to pick up malware on the official store rather than a third-party system. The zLabs researchers also recommended that users should be careful of apps requiring unusual permissions or an invitation code. Other advice to users includes regularly reviewing the permissions they granted and installed profiles they operate, and they should install on-device mobile security solutions that can help detect and block malware. Advice for dating app users While this particular scam came from users downloading malware from third-party app stores, there are always ways for users to protect themselves on dating apps. Advice service Brook tell users to always check the person you are speaking to is who they say they are. 4 This may involve taking time with a person, and don't feel pressured to do anything before the user feels ready. For more common apps which are trusted, ensure to stay in the app rather than giving the person the user's number. They also recommend not sharing any private information or imagery.
Forbes
16-07-2025
- Forbes
Are These Dangerous Apps Already Hacking Your Smartphone?
Are these apps already attacking your phone? getty There's a dangerous game of hide and seek taking place on your phone. The tradecraft behind the malicious app industry is fast becoming as much about hiding as attacking. If you can't be seen, then you can't be deleted. And more damage will be done. That's the crux of the new warning from Zimperium, whose zLabs team followed up on Human's report into Konfety evil twin attacks that I covered a year ago. 'At its peak,' Human said, 'Konfety-related programmatic bids reached 10 billion requests per day.' Forbes Microsoft Confirms New Upgrade Deadlines—'Move To Windows 11' By Zak Doffman 'Bids per day' because this is an adware (advertising fraud) attack. The ruse is simple. The bad actors create two versions of an app with the same name. One is benign and is uploaded to Google's Play Store, with some basic, barely useful features. The second 'evil twin' version of the app is dangerous, and is distributed via other channels. The evil twin overloads its host phone with unwanted ads, often taking up the entire screen, making it difficult to actually operate the phone. This generates revenue for the bad actors, tricking legitimate advertisers into paying for fraudulently delivered ads. Now, 'as part of our ongoing mission to identify emerging threats to mobile security,' Zimperium says it has been 'actively tracking a new, sophisticated variant' of the threat. The zLabs team says the threat actors behind Konfety 'consistently alter their targeted ad networks and update their methods to evade detection.' In the latest variants of the malware, this includes 'specifically tampering with the APK's ZIP structure… to bypass security checks and significantly complicate reverse engineering efforts, making detection and analysis more challenging for security professionals.' The scale of this adware industry is out of control. Not all attacks operate in this scale way, but they are mostly (but not always) driven by apps sideloaded from outside the official app stores. That's the easiest way to stay safe — stop sideloading. Forbes Google Warns All Chrome Users—Update Now As Attacks Underway By Zak Doffman That's why Google's new Advanced Protection Mode that comes with Android 16 restricts sideloading with no option to disable or workaround that protection. Apps installed in this way carry significantly more risks to users, phones and data. 'Konfety's operations depict the latest in a series of adaptations from ad fraudsters to cloak their activities using novel tactics that enable them to evade detection,' Human said last year. The new report from Zimperium shows nothing at all has changed.
Forbes
24-03-2025
- Forbes
New Android, iPhone Warning—Do Not Make This 1 Change Hackers Love
Don't root or jailbreak your smartphone, security researchers have warned. Let's face it: cybercriminals, scammers and hackers hardly need any help when it comes to attacking your smartphone. The facts speak for themselves, with hundreds of dangerous apps finding their way into the Google Play Store, smartphone users deploying the same password across multiple accounts, and deepfake attacks rampant. Now, smartphone threat intelligence experts have warned that users of both Android and iOS devices are doing one thing, without any need for malicious coercion, that makes their smartphones 250 times more likely to be compromised by hackers. Here's what you need to know and what you shouldn't do. I have a total of three smartphones in everyday use here: two iPhones and an Android. All are what are known as plain vanilla devices, running stock versions of the Android and iOS operating systems. This might come as a surprise to those who know me and my love for hacking things. You might think I would have rooted the Android and jailbroken at least one of the iPhones. Truth be told, I have. What I haven't done is take that action on the smartphones that are used every day in my personal and business life, I only root devices that don't carry personal and valuable data. And there's a very good security reason for that, as a new report from Zimperium has just confirmed. 'As cybercriminals have moved to a mobile-first attack strategy, rooting and jailbreaking of mobile devices, originally popular for customization, continues to be a very powerful attack vector,' Ignacio Montamat, a threat analyst for the zLabs team at Zimperium, said. Rooting and jailbreaking involve gaining the deepest access to the operating system, in essence allowing the user to make changes to system files and install pretty much anything they like. To underscore just how dangerous making the decision to root your Android or jailbreak your iPhone can be, Zimperium highlighted recent data from its own zLabs analysis that showed that rooting devices leads to 3.5 times as many malware attacks, which system compromise by hackers rose by an incredible 250 times. "Unfortunately, when a device is jailbroken or rooted, the security that is put in place by default is bypassed,' Erich Kron, a security awareness advocate at KnowBe4, warned, 'and the user of the device is now running everything at an admin permission level.' If you really need to be told how this helps the hackers, Kron explained that as built-in operating system security controls often restrict unknown apps from running, 'you can't simply restore the device to a secure state after installing the application.' This means, dear reader, that the security bypass remains in place in most situations and makes it easier for hackers to attack. 'People who are interested in rooting or jailbreaking devices need to be very aware of the additional risk it puts them at,' Kron concluded, 'especially if this is a device being used on a daily basis.'
