New Malware Research: Operation #FalseSiren. #CYFIRMAResearch has uncovered a targeted #Android #spyware campaign exploiting #wartime urgency by weaponizing the trusted #Israeli civil defense alert application. In this operation, threat actors distributed a trojanized version of the missile warning app via SMS #phishing (#smishing) campaigns, convincing victims to install what appeared to be a critical alert system update. Once installed, the application deployed a two-stage #malware framework designed to silently establish long-term surveillance on compromised devices. #CYFIRMA #ThreatIntelligence #AndroidMalware #MobileSecurity #ThreatResearch #MalwareAnalysis #CyberSecurity #CTI #AndroidSpyware cyfirma.com/research/operati…

LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices #LANDFALL #AndroidSpyware #SamsungExploit #ZeroDay #DNGImages unit42.paloaltonetworks.com/…

Is Spyware Secretly Hiding on Your Phone? How to Detect It, Remove It, and Prevent It cysecurity.news/2026/02/is-s… #AndroidSpyware #Applications #CyberSecurity

Threat Actors Leverage Hugging Face to Spread Android Malware at Scale cysecurity.news/2026/02/thre… #Android #AndroidSpyware #CloudInfrastructureAbuse

Cellik Android Spyware Exploits Play Store Trust to Steal Data cysecurity.news/2025/12/cell… #AndroidSpyware #Cellik #CredentialTheft

Evolved ClayRat spyware uses Accessibility Services to install a keylogger and lockscreen bypass. It leverages self-defense (blocking uninstallation) and screen recording for comprehensive surveillance. #ClayRat #AndroidSpyware #MobileSecurity securityonline.info/evolved-…

Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp dlvr.it/TPh1Kn #Samsung #Cybersecurity #AndroidSpyware #ZeroDay #LANDFALL

CISA Warns of Rising Targeted Spyware Campaigns Against Encrypted Messaging Users cysecurity.news/2025/12/cisa… #AndroidSpyware #CISA #CyberSecurity

A novel #AndroidSpyware family, dubbed #Landfall, leveraged a #ZeroDay vulnerability in Samsung's image processing library to compromise Galaxy devices. @PaloAltoNtwks Unit 42 recently reported on the activity. Check out our blog for more info & samples. blog.polyswarm.io/landfall-a…

North Korea-linked KONNI hackers reportedly used KakaoTalk and Google Find Hub in a targeted phishing campaign to spy on victims and remotely wipe Android devices. #CyberSecurity #KONNI #AndroidSpyware hackread.com/hackers-kakaota…

A new report reveals that LANDFALL, a commercial-grade spyware, exploits CVE-2025-21042 in Samsung Android's image processing library, hiding in malicious DNG files. #CyberSecurity #AndroidSpyware unit42.paloaltonetworks.com/…

🚨 #Spyrtacus: Italian 🇮🇹 surveillanceware targets Android users via fake telecom apps & cloned websites since 2018. Steals WhatsApp chats, records calls, accesses cameras. 🔗 Read: secureblink.com/threat-resea… #SecureBlink #SIO #AndroidSpyware #Phishing #Italy @ArmoredMobile

Analysis of Spyware That Helped to Compromise a Syrian Army from Within #SyrianArmyCompromised #AndroidSpyware #SpyMax #SyrianCrisis #CybersecurityAnalysis mobile-hacker.com/2025/06/05…

Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices dlvr.it/TLHnnb #AndroidSpyware #Cybersecurity #Hacking #RussianMilitary #Malware

Android Spyware Concealed in Mapping App Targets Russian Military cysecurity.news/2025/05/andr… #AndroidSpyware #MaliciousCampaign #malware

📱New North Korean Android spyware slips onto Google Play📱 bleepingcomputer.com/news/se… #AndroidSpyware #CyberEspionage #GooglePlay #Malware #CyberSecurity #SpywareAlert

The Russian hacking group #Gamaredon has been linked to two new #AndroidSpyware tools: #BoneSpy and #PlainGnome. This marks the first time this group has used mobile-specific #malware in their attacks. thehackernews.com/2024/12/ga…

Gamaredon Deploys Android Spyware “BoneSpy” and “PlainGnome” in Former Soviet States reconbee.com/gamaredon-deplo… #Gamaredon #androidspyware #spyware #BoneSpy #PlainGnome #soviet #Android #cybersecuritynews

🚨 Threat Campaign Alert - New Android Spyware Targets South Korea: Sensitive Data Stolen via Amazon S3 Server🚨 Summary: A new Android spyware campaign has been identified targeting individuals in South Korea, using an Amazon S3 bucket as its Command and Control (C&C) server, and exfiltrating sensitive data including SMSs, contact lists, images, and videos. The spyware remained undetected by all major antivirus solutions. Threat Actor/Group: Not Mentioned Malware: Not Mentioned Targeted Countries: South Korea Targeted Industries: Individuals Targeted Applications/CVE: Not Mentioned Impact: Data Breach, Device compromise IOCs: SHA 256 afc2baf71bc16bdcef943172eb172793759d483470cce99e542d750d2ffee851, d9106d06d55b075757b2ca6a280141cbdaff698094a7bec787e210b00ad04cde, a8e398fc4b483a1779706d227203647db3e04d305057fdc7f3f6a4318677b9c8, 3608f739c66c9ca18628fecded6c3843630118baaab80e11a2bacee428ef01b3 URL's hxxps://phone-books.s3.ap-northeast-2.amazonaws.com/, hxxps://bobocam365[.]icu/downloads/pnx01.apk, hxxps://refundkorea[.]cyou/REFUND KOREA.apk MITRE ATT&CK TTP IDs: T1660 (Malware distribution via phishing site),T1636.003 (Protected User Data: Contact List),T1636.004 (Protected User Data: SMS Messages),T1533 (Data from the Local System),T1071.001 (Application Layer Protocol: Web Traffic),T1646 (Exfiltration Over C2 Channel) Reference: This writing is based on Research Advisory Report published by ‘Cyble' Team. ------------------------------------------------------------------------------------------ 🚀Join us on our mission to secure the digital world and make cyber defense affordable to everyone! 🌐 Follow "CyberXTron Technologies" for the timely, relevant and actionable cyber threat insights. #AndroidSpyware #SouthKorea #MalwareCampaign #AWS #DataExfiltration #MobileSecurity #CyberThreat #Malware #InfoSec #ThreatIntelligence #cyberXTron #uncovertheunknown🛡️🔒