New Android Spyware Warning—Stop Using All These Apps Now
The warning comes courtesy of Kaspersky, which has 'discovered a new malware campaign targeting Android users.' This 'spy' targets smartphones 'through messengers' by pretending to be an antivirus or banking security app.
The attackers, Kaspersky says, are preying on the 'fear' of smartphone security threats that means 'many folks are ready to install any app that promises reliable protection from malware and scammers.' Ironically, this solution is actually the problem.
When you install one of these apps, 'the fake antivirus imitates the work of a genuine one — scanning the device, and even giving a frightening number of 'threats found'.' In reality, this is the threat now 'spying on the owner of the infected smartphone.'
The malware itself is LumaSpy, which can access your phone's microphone and camera to record audio and video, read all your texts, access your contacts, track your precise location and record whatever you are doing on screen. The malware has also been coded to steal photos stored on your phone, but this has not been enabled as yet.
Critically, LumaSpy can be tasked to steal passwords stored in browsers, including Google Chrome. That's why I have warned users to delete passwords saved in browsers and use a dedicated, blue-chip password manager instead.
LumaSpy will come at you via messages. 'Never download APK files from messengers,' Kaspersky says, 'even if they were sent to you by close friends. Better yet, disable the ability to install unknown applications,' which is easily done with Google's new Advanced Protection Mode in Android 16.
The other key advice relates to Accessibility Services, the special permissions many malware-laced apps request to access sensitive data and functions on your phone. You should check the permissions granted to apps regularly and disable these in particular.
The simplest advice, though, is to stop using any security or antivirus software on your phone unless it comes from a mainstream developer and ideally is paid for in some way.
Stop using any that are not, and delete all of them from your phone.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Gizmodo
a minute ago
- Gizmodo
CMF Phone 2 Pro Review: A Budget Phone With More Camera Than You Bargained For
We all want more for less—or at least I do. It's that Holy Grail of deals that makes the idea of budget gadgets so appealing, and especially so in the world of phones. The whole idea of a budget phone is pitching you what may as well be the bargain of the century. For less money, budget phones ostensibly offer you a device that does it all: browses the web, retrieves your email, makes calls and texts, gives you near-unlimited access to apps, and even captures important memories like your niece's first birthday and the horrible decision to hire a clown (therapy stuff). It's everything for almost nothing—write that down, phone companies. But if you're like me, you see a good deal, and you wonder, 'What's the catch?' That's what I say when I see a budget phone, but each and every time, I put my skepticism aside and open myself up to the prospect of forgetting the idea of flagships and embracing the warm bosom of budget stuff. That's what I did with the CMF by Nothing Phone 2 Pro (hereafter shortened to the shorter CMF Phone 2 Pro), and surely this will be the one that clicks… right? CMF Phone 2 Pro The CMF by Nothing Phone 2 Pro is a budget phone with more value than you'd expect. Pros Cons There is a sea of budget phones out there, and most of them aren't even trying to be different. The same can't be said for the CMF Phone 2 Pro, a $280 device from a subbrand of Nothing, the company that makes see-through earbuds and, most recently, the divisive Phone 3. What makes CMF different in the budget phone space? A host of first-party accessories that position its Phone 2 Pro as modular in some ways. At launch, CMF offered a few: an attachable lanyard, additional camera lenses that include a fisheye and macro, a 'universal cover' for actually putting stuff on, and a magnetic wallet mount. There's even a cool screw for attaching the lanyard built into the bottom of the device! See CMF Phone 2 Pro at Amazon They're not groundbreaking accessories by any means, but the idea of a modular phone is a provocative one, especially in the budget space where things get vanilla very fast. The problem? I haven't gotten to try any of that out. According to a spokesperson for Nothing, there was a manufacturing issue with the universal case that actually allows you to attach things, which prevents me (the person who's supposed to test this phone out) from, well, testing this stuff out. Not off to a great start when it comes to budget phone impressions. Still, there's a lot of phone to test here, even if the main thing that makes this budget phone interesting isn't one of them. So, let's start with the more traditional stuff. There are a few notable upgrades over the CMF Phone 1, and one of them is the camera. This time, the Phone 2 Pro gives you a three-lens system that includes a 50-megapixel main sensor, a 50-megapixel telephoto, and an 8-megapixel ultrawide. That's, on the surface, a pretty good deal, but what matters is how all that actually translates to the pictures the phone takes. And the answer to that is… honestly, better than you'd think. Obviously, you can't expect a $280 phone to take flagship-level pictures, but you want them to be above potato quality all the same. I'd say the CMF Phone 2 Pro sometimes takes pictures at a level you'd expect, but a lot of the time exceeds your expectations. This generation's camera was designed specifically to capture more light with its sensor, and it definitely succeeds in that endeavor. Even photos shot outdoors on a cloudy day looked plenty bright—so bright that I would say I was actually surprised. Any issue I have with the camera system doesn't have to do with its ability to capture light; it would be with its sharpness. Pictures on the CMF Phone 2 Pro tend to all look a little soft, with edges that can get a little blurry. This is a budget phone, after all, but something to be aware of if you're stepping down from a midrange device or, God forbid, a flagship. To avoid that dullness as much as you can, I'd recommend shooting in 50 megapixels for the highest resolution by changing your camera's settings, which are set to 12 megapixels by default. That won't change the fact that this lens (a budget one) may just be on the duller side, but it won't hurt. Speaking of shooting in 50 megapixels, you should be prepared for a slight delay on the shutter when you're snapping pictures—sometimes that delay between button press and a picture actually being taken is about two seconds. Again, these are the types of sacrifices you'll make when buying a budget phone, and it may be a deal-breaker for some, but if you're not expecting the best and fastest all the time, it may be worth the savings. Overall, I would describe the photos as a step above what I was expecting from a sub-$300 device, slightly soft-looking warts and all. So far, we've got a better-than-you-think camera, nonexistent accessories, and a very affordable price. But what about the rest of the Phone 2 Pro? If you're going to be taking pictures, you need a screen that actually lets you look at them with the right amount of color contrast, brightness, and clarity, and I can say the CMF Phone 2 Pro has that. There's a 6.77-inch AMOLED display with a 120Hz adaptive refresh rate that provides 3,000 nits of peak brightness. In phone speak, that equates to a fast, fluid screen with good color contrast that makes editing photos, scrolling web pages, and watching YouTube videos feel seamless. Swiping between apps and pages on the phone is responsive, just like any other phone with a 120Hz refresh rate. See CMF Phone 2 Pro at Amazon Performance-wise, the Phone 2 Pro is using a budget chip, the MediaTek Dimensity 7300 Pro, but as I've said in many other phone reviews, an older chip often doesn't matter much. The only time I noticed any real, perceptible slowness was when I was taking photos, but outside of that—if you're just web browsing and using apps like most people—then this will be enough performance to get you by. While the biggest differentiator of the Phone 2 Pro is still the accessories, the second biggest is probably Nothing OS, which is Nothing's custom skin over Android that comes with some visual flourishes, including a monochrome setting that defaults all your app icons to black and white. If you don't want that, you can easily change your phone to stock Android, but it's nice to have the option. As is the case with other Nothing phones, Nothing OS runs smoothly on the CMF Phone 2 Pro even with a slower chipset. Again, this is not a phone built for machine learning, Apple-style computational photography, or graphics-intensive 3D gaming, but for all the normal stuff you do on a day-to-day basis, it performs reasonably well. One thing that I love to see in the second-gen CMF phone is an NFC chip, which means that you can actually use mobile payments. Everyone is different, but not being able to use my phone to pay for things would be a dealbreaker, so it's nice to see CMF upped its game here. Battery-wise, the CMF Phone 2 Pro comes with a 5,000mAh battery, which lasted about two days for me with normal usage. For reference, that's the same size battery you'd get on the Nothing Phone 3a Pro and lots of other phones for that matter. The CMF Phone 2 Pro also supports fast charging, but only up to 33W, compared to the Phone 3a Pro's 55W. One feature that was surprising to me was the inclusion of reverse charging, which operates at a slow and steady 5W, but it is still nice to have in a pinch. I was able to top up my Nothing Ear wireless earbuds, which was pretty neat. One thing that you're going to get in basically any budget phone on the market is less expensive materials—this isn't an iPhone, no titanium here. The CMF Phone 2 Pro is no different and is made mostly from plastic. The bad news is the phone feels cheap in your hand, but the good news is it's also incredibly light, which I don't hate. Design-wise, I think the look of the CMF Phone 2 Pro is actually a step down from the CMF Phone 1, especially because it doesn't have a modular backplate anymore that lets you customize the look. The glass is glued on, despite the screws that would have you thinking otherwise. My main gripe aesthetically is that the 'light green' colorway actually looks more blue or silver than anything else. I even did an impromptu quiz in the Gizmodo office, and most guesses were 'silver.' I'm not going to go full color police here, but if your name is CMF (an acronym for color, material, and finish), you ought to nail the whole color thing. I'm going to be honest with you: I won't be using a budget device any time soon—I've grown accustomed to snappy pictures aided by computational photography, beefy chipsets, and a weight and feel that some midrange and budget devices don't offer. But just because I won't be switching doesn't mean you shouldn't. The fact of the matter is that the CMF Phone 2 Pro does what you need it to and even excels in categories that you wouldn't expect. The CMF Phone 2 Pro has a camera that performs much better than it ought to, a solid battery, a screen that will please most people in most scenarios, and even ventures to offer unique perks like accessories and bespoke software, even if one of those things was actually kind of botched at launch. In the budget world, I think it's hard to find all of those pros in one package, and for $280 it's encouraging to know that you can get a device that won't make you feel like you've stepped back in time to a point where people still said the 'cell' in front of 'phone.' I hope that CMF figures out its modular identity, though. A glued-on backplate is a step back, and not having accessories available at launch is a bad look, but the idea of a modular phone is one that I think could appeal to the masses. Budget phones will never be for the legions of spoiled iPhone users, but for the rest of the world, options like the CMF Phone 2 Pro are here to fill in the gaps and offer you quite a lot for not a lot of money, and it's nice to know that if you ever wanted to, you could still buy a sub-$300 phone and get away with it. See CMF Phone 2 Pro at Amazon
Forbes
2 minutes ago
- Forbes
Beware Of Agentic AI's Heel Turn As Corporate Security Villain
Pieter Danhieux is the Co-Founder and Chairman/CEO of Secure Code Warrior. As fast as generative artificial intelligence and large language models (LLMs) like ChatGPT have permeated business, academia and personal communications, the next phase of AI advancement is poised to just as quickly become part of the engine driving everything from customer service and supply chain management to healthcare and cybersecurity. Agentic AI brings autonomy to AI systems, building on AI techniques to make decisions, take action and pursue goals independently, or at least with minimal human supervision. Where generative AI can write a report for you based on the prompts you give it, agentic AI can decide when to write the report, what to say in it and to whom to say it. And, it might not even require asking for your permission first. The technology in its current form is still nascent, but it is being heralded as the next great leap in autonomous systems, boldly performing next-phase functions where previous AI systems could not tread, such as dynamically reconfiguring supply chains in response to natural or manmade emergencies or proactively ensuring that complex IT systems avoid downtime. Gartner has forecast that by 2028, 33% of enterprise software applications will include agentic AI (in 2024, it was less than 1%), making it possible for 15% of all day-to-day work decisions to be made autonomously. However, the great promise of agentic AI doesn't come without significant caveats. Its capabilities and autonomy present a potent enterprise threat vector beyond the realm of garden-variety security concerns. Giving self-optimizing, proactive AI systems the keys to perform independent actions can lead to adversarial behaviors, amplified biases that can cause systemic vulnerabilities and questions of accountability in the event of AI-orchestrated breaches or disruptions. Enterprises need to assert AI governance and ensure that developers are equipped to maintain oversight, with the security skills to safely prompt and review AI-assisted code and commits. A report by the Open Worldwide Application Security Project (OWASP) points out that agentic AI introduces new or 'agentic variations' of existing threats, some of them resulting from new components in the application architecture for agentic AI. Among those threats are memory poisoning and tool misuse resulting from the integration of agent memory and tools. Other risks associated with tool misuse include remote code execution (RCE) and code attacks, which can arise from code generation, creating new attack vectors. Other threats can arise when user identities are involved. For example, a new bug, referred to as a 'confused deputy' vulnerability, has been uncovered involving user identities embedded inside integrated tools and APIs. It can happen when an agentic AI, acting as a deputy to a human user, has higher privileges than the user it is working with at the time. The agent can then be fooled into taking unauthorized actions on behalf of the user. And if an agent doesn't have proper privilege isolation, it may not be able to distinguish between legitimate requests from its lower-privilege users and those that are part of an attack. To stop this (as well as to prevent hijacking via prompt injections, identity spoofing and impersonation), organizations should be sure to reduce agent privileges when operating on behalf of a user. OWASP also recommends several other key steps, including ways to prevent memory poisoning, AI knowledge corruption and the manipulation of AI agent reasoning. Meanwhile, enterprises must also be on guard against the rapidly mounting threat from attacks fueled by agentic AI. A report by Palo Alto Networks' Unit 42 detailed how agentic AI can be used to increase 'the speed, scale and sophistication of attacks' that have already been greatly accelerated by AI. For example, they found that the mean time to exfiltrate (MTTE) data after an attacker gains access to a system dropped from an average of nine days in 2021 to two days in 2024. In one of five cases, MTTE happened in less than an hour. Unit 42 simulated a ransomware attack using AI at every stage of the process. They transitioned from initial compromise to data exfiltration in 25 minutes, representing a 100-fold increase in speed compared to a typical attack. Agentic AI, with its ability to autonomously perform complex, multi-step operations and adapt its tactics during an attack, will only intensify offensive operations—possibly conducting entire attack campaigns with minimal human intervention in the near future. Despite the speed, power and sophistication that agentic AI can bring to cyberattacks, enterprises aren't necessarily overmatched. Agentic AI may eventually lead to new styles of attacks, but currently, it appears that it will mostly turbocharge existing, known attacks. Organizations can, as OWASP advises, tighten identity controls and take other steps to prevent memory poisoning and AI corruption. They can also fight fire with fire, using agentic AI to enhance network monitoring and analysis of specific threats. The foundations of good security need to be bolstered. And in the current environment, that begins with protecting software through secure coding practices performed by proactive developers with verified security expertise. They need to continue their ongoing education programs to effectively apply security best practices at the beginning of the software development lifecycle. People also need new guidance on how to use agentic AI tools safely. Developers with the proficiency to both prompt and review code output are also crucial to ensuring the safe and secure use of agentic AI. Organizations that do not prioritize uplifting and continuous measurement of developer security skills will find themselves in a precarious position, fighting against a deluge of AI-generated code that is not being utilized with the critical thinking and hands-on threat assessment required to deem it safe, and ultimately realize the productivity gains these tools offer. Security programs must modernize at the breakneck pace at which code is now being delivered. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Forbes
2 minutes ago
- Forbes
Fixing The Broken CISO Role In A World Of Infinite Cyber Risk
Maman Ibrahim is a cyber and digital risk executive, helping organizations embed cyber resilience at the heart of their operations. The digital world isn't waiting for you. Clouds roll overhead, AI hums quietly in the background and everything from factory floors to office desks is wired up and online. The lines between IT, IoT, operations technology (OT) and every emerging tech blur faster than ever. Cyber threats? They don't knock politely. They break down doors, shift shape and adapt on a relentless clock. And your role as a CISO? It's buckling under the pressure. The rules have changed, but your playbook hasn't. You feel it every day: the growing complexity, the speed, the pressure from all sides. Business demands innovation. Regulators demand compliance. Your team is hanging on by a thread. The CISO role, as we know it, isn't broken because the person in it failed. It's broken because the role itself is outdated. It hasn't kept pace with the tidal wave of complexity and risk rushing in. You need a new playbook—one that embraces uncertainty, rides the ripples of every decision and sees leadership as an infinite game, not a scoreboard. Let's explore six drivers reshaping the CISO's world. Master them, and you fix the role—and rewire your impact. Complexity And Transformation In The Tech Stack Your environment exploded overnight. Cloud services are everywhere. IoT sensors are embedded in every corner. OT powers core business functions, creating a complex web. The old fortress model, with its walls, moats and watchtowers, is dead. Zero trust is the rule now. Resilience isn't a buzzword. It's survival. You're no longer a tech gatekeeper but a translator. You bridge raw tech capabilities and business value. You decode how systems serve—or fail. As tech reshapes the landscape, attackers evolve, too, exploiting rushed rollouts, misconfigurations and blind spots in legacy controls. Your job? Anticipate. Adapt. Outsmart. The game keeps moving. The Evolving Threat Landscape If cyber threats were chess, the board just turned three-dimensional. Persistent attackers lurk in your supply chains. Insiders hide in plain sight. Malware—supercharged by AI—learns and adapts faster than traditional defenses. You can't just react. They don't rest. This means proactive threat hunting, intelligence sharing and dynamic risk management. You balance protection with business enablement. Lock down too much, and the business chokes. Too little, and you bleed. This isn't a one-time battle. It's a dance you join forever. Leadership here means embracing uncertainty and learning to lead in the fog—not pretending to clear it. Cultural Shifts And Cross-Functional Collaboration Cybersecurity isn't just IT's job anymore. This silo must fall. Build a security-aware culture where people don't just follow rules—they own them. Through education, communication and shared incentives, you create change. Leading this shift takes influence. You don't just report to the CIO; you partner with CEOs, CFOs and boards. You embed security as a business enabler. In a world that spins faster every day, agility and continuous learning are no longer optional. They're required for survival. Regulatory Burdens And Compliance Complexity Rules multiply and mutate: the General Data Protection Regulation (GDPR), Network and Information Security Directive 2 (NIS2), Digital Operational Resilience Act (DORA)—and more acronyms flood your inbox. Compliance isn't a checkbox. It's a maze to navigate without strangling innovation. You must lead governance rooted in ethics and transparency. Audits are ongoing, not episodic. Your challenge? Turning compliance from a tax into a strategic asset. Human Leadership, Mindset Shifts And Psychological Safety This is the CISO paradox: enforcing strict controls while empowering teams to move faster and smarter. You're no longer just a tech expert. You're a strategic partner. Emotional intelligence, communication and critical thinking—they're your new tools. Burnout is the silent enemy. One financial firm, hammered by ransomware, watched its elite cybersecurity team crumble. Leadership focused on tech defenses and missed the human warning signs. Stress climbed. Absenteeism rose. Security slipped. The result? Costly delays and risk spikes. Lesson: Resilience demands mindful leadership that shields people, not just systems. Contrast that with a global tech company that embraced psychological safety. They encouraged honest conversations and risk reporting without blame. Over 18 months, incident reporting increased by 45%, errors dropped and response times were improved by 20%. Engagement surged. Turnover plummeted. Innovation soared. Google's Project Aristotle found that psychological safety is the top predictor of team effectiveness—a truth that holds especially in cybersecurity's high-stress arena. Metrics And Measurement: Redefining Success How do you know you're winning? Old KPIs won't cut it. You need metrics beyond compliance: risk reduction, resilience, business enablement and team well-being. Balanced scorecards that include technical, operational, cultural and psychological factors are key. Feedback loops sharpen strategy. Data-driven storytelling secures stakeholder buy-in and budget. You're not playing a finite game with tallied wins and losses. You're playing an infinite game: adapting, improving, staying ahead. The Infinite Game Of Modern Security Leadership James Carse spoke of two games. Finite games have rules, endpoints and winners. Infinite games? The goal is to keep playing and evolving. Your role isn't a sprint or knockout. It's an endless dance with doubt and uncertainty. Doubt isn't your enemy—it's your compass revealing the blind spots. Uncertainty isn't paralysis. It's the raw material of resilience. Every decision ripples outward across the organization—impacting risk, trust and innovation. Fix The Role By Fixing The Lens The CISO role isn't broken because you lack skill. It's time to rewrite the outdated script. Lead infinite games. Embrace complexity. Approach leadership with humility and curiosity. Build teams that thrive on trust, not fear. Measure what matters beyond the obvious. You don't just defend systems. You architect resilient, innovative enterprises. Remember Albert Einstein's words: "It's not that I'm so smart; I just stay with problems longer." Emerging tech—AI, quantum and beyond—will reshape cyber risk again. Leadership will be decentralized, adaptive and data-driven. Ethical AI governance will layer in. Burnout prevention and psychological safety will become the bedrocks of resilience. Ready to fix the broken role? Start by fixing the lens through which you see it. Adapt. Doubt. Persist. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
