Kerry Wan/ZDNETFollow ZDNET: Add us as a preferred source More

NurPhoto/Getty Images We all know that some perfectly good Windows 10 PCs can’t be upgraded to Windows 11. But did you know that Canalys Insights estimated there are 240 million Windows 10 PCs doomed to the trash heap because they can’t be upgraded to Windows 11 after Microsoft dumps Windows 10 support on October 14, […] More

Security researchers have discovered a new Android banking trojan that can spy and steal data from 153 Android applications.

Named Ghimob, the trojan is believed to have been developed by the same group behind the Astaroth (Guildma) Windows malware, according to a report published on Monday by security firm Kaspersky.
Kaspersky says the new Android trojan has been offered for download packed inside malicious Android apps on sites and servers previously used by the Astaroth (Guildama) operation.
Distribution was never carried out via the official Play Store.
Instead, the Ghimob group used emails or malicious sites to redirect users to websites promoting Android apps.
These apps mimicked official apps and brands, with names such as Google Defender, Google Docs, WhatsApp Updater, or Flash Update. If users were careless enough to install the apps despite all the warnings shown on their devices, the malicious apps would request access to the Accessibility service as a final step in the infection process.
If this was granted, the apps would search the infected phone for a list of 153 apps for which it would show fake login pages in an attempt to steal the user’s credentials.

Most of the targeted apps were for Brazilian banks, but in recently updated versions, Kaspersky said Ghimob also expanded its capabilities to start targeting banks in Germany (five apps), Portugal (three apps), Peru (two apps), Paraguay (two apps), Angola and Mozambique (one app per country).
Furthermore, Ghimob also added an update to target cryptocurrency exchange apps in attempts to gain access to cryptocurrency accounts, with Ghimob following a general trend in the Android malware scene that has slowly shifted to target cryptocurrency owners.
After any phishing attempt was successful, all collected credentials were sent back to the Ghimob gang, which would then access a victim’s account and initiate illegal transactions.
If accounts were protected by hardened security measures, the Ghimob gang used its full control over the device (via the Accessibility service) to respond to any security probes and prompts shown on the attacked smartphone.
Ghimob’s features aren’t unique, but actually copy the make-up of other Android banking trojans, such as BlackRock or Alien.
Kaspersky noted that Ghimob’s development currently echoes a global trend in the Brazilian malware market, with the very active local malware gangs slowly expanding to target victims in countries abroad. More

A new survey from cybersecurity company Armis found that awareness of major cybersecurity incidents in the US is lacking.Last month, the company surveyed more than 2,000 professionals, discovering that almost 25% had never heard about the ransomware attack on Colonial Pipeline that caused gas shortages along the East Coast. More than 23% said the attack would not have any longstanding effects on the fuel industry in the US, despite the highly-publicized cybersecurity changes oil and gas companies were forced to make by the Biden Administration following the attack. Nearly half of respondents had not heard about the malicious takeover of the water treatment plant in Oldsmar, Florida.More than half of all respondents said their devices did not pose a cybersecurity risk when it came to personal cybersecurity. Over 70% said they expected to bring their devices from home into the office once COVID-19 restrictions were lifted. Curtis Simpson, CISO at Armis, said the responses showed that organizations have to prioritize cybersecurity on their own because employees have little awareness of the cyber threat landscape. “The attacks on our critical infrastructure are clear evidence of the need for cybersecurity and assurance to all our utility providers and players. Organizations must be able to know what they have, track behavior, identify threats, and immediately take action to protect the safety and security of their operation,” Simpson said. 

“This data shows that there is less consumer attention on these attacks as we might expect, and so that responsibility falls to businesses to shore up their defenses.”A bipartisan group of US House of Representatives members introduced the American Cybersecurity Literacy Act last week in an effort to improve the country’s understanding of cybersecurity and kickstart public awareness campaigns. Rep. Adam Kinzinger, one of the leading voices behind the bill, noted on Twitter that a cyberattack occurs every 39 seconds and that since the pandemic started, cybercrime has increased drastically. “We must protect ourselves and our interests — and it starts with cyber education. As technological advancements increase and become more complex, it is critical that everyone is aware of the risks posed by cyberattacks and how to mitigate those risks for personal security,” Kinzinger said. “In order to prevent these attacks going forward, we must combine public awareness with targeted cyber education.”Rep. Gus Bilirakis, the Congressman for Oldsmar, Florida, added that the bill would help “develop a national education campaign to raise awareness of attacks and the practical steps that can be taken to thwart future bad actors.” “In my district, a hacker was recently able to penetrate a local government’s security measures and temporarily change the chemical settings of the city’s water supply to a potentially dangerous level,” Bilirakis said. “This is a matter of national security, and we must do everything we can to protect all Americans from those who wish to do us harm.”

more coverage More

Kyle Kucharski/ZDNETGoogle Chrome users who want to stay safe and secure will want to update their browser to the latest version. That’s because it contains a fix for a critical vulnerability that could cause Chrome to crash or even infect your system or device with malware.On Wednesday, Google released Chrome version 134.0.6998.117/.118 for Windows and Mac and 134.0.6998.117 for Linux. Rolling out over the next few days and weeks, this version offers several security fixes. But the patch for the critical vulnerability is the most important one.Also: I’ve tried nearly every browser out there and these are my top 6 (none are Chrome)As described in the NIST vulnerability database, CVE-2025-2476 points to “Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.” And what does that mean in layman’s terms? Let’s break it down.”Use after free” is a type of memory corruption in which a program continues to use a block of memory even after it’s been freed. Lens in Google Chrome refers to the Google Lens tool that can search for and identify items you spot through your phone’s camera.”Heap corruption” means that someone could exploit data stored in the block of memory. And “a crafted HTML page” — in this instance — is a web page custom-designed for malicious purposes. Put them together, and any previous version of Chrome is susceptible to web pages created by attackers that would take advantage of corrupted memory to infect your PC with malware.Here’s a clever way to visualize this type of flaw. More