CIRCLE WITH A DOT

@jesterchen I believe there was a case in Scandinavia somewhere that Police assaulted someone and then took their phone and used face recognition to access their phone while incapacitated.They were looking for evidence of the assault that could be deleted.]

Surfshark launches HeyPolo • No always-on tracking• Share exact / approx / none• Granular visibility controlsPrivacy-first location sharing.https://www.technadu.com/surfshark-introduces-privacy-focused-location-app-heypolo/624213/#Privacy #InfoSec #MobileSecurity

FriendlyDealer scam abusing PWAs:• 1,500+ fake app store domains• Browser-based installs bypass OS checks• Apps appear legit• Fake MrBeast affiliations usedShift to stealth mobile delivery.https://www.technadu.com/friendlydealer-scam-mimics-app-stores-to-push-gambling-platforms-some-impersonate-mr-beast-affiliations/624237/#InfoSec #MobileSecurity #ScamAlert

7/7 All evidence permanently preserved on IPFS:gateway.pinata.cloud/ipfs/QmWUnbmgHsb3BMLufJWhzVaaZqd8j7XMjN2YVUmAGRGJ4CPlease fork github.com/sgInnora/alipay-securityguard-analysis as backup against further takedowns.If you've experienced similar vendor retaliation for security research, I'd like to hear from you.#infosec #ipfs #opensecurity

Android sideloading is getting a new speed bump: Google will require a 24-hour wait before installing apps from unverified developers, a move supposedly meant to make malware and scam-driven installs harder to pull off.https://thehackernews.com/2026/03/google-adds-24-hour-wait-for-unverified.html#AndroidSecurity #Cybersecurity #Malware #MobileSecurity #Google

---------------- Malware Analysis: BeatBanker Android banker + minerOverviewBeatBanker is an Android malware family that combines traditional banker functionality with embedded crypto-mining capabilities. Analysis identifies a packed sample with a native loader (l.so) that dynamically loads a DEX component; later samples have been observed dropping a component identified as BTMOB for mining.Behavior and Components• Loader and packing: The malware uses a native shared object (l.so) acting as a DEX loader and unpacker, enabling dynamic class loading and evasion of static detection.• Banking module: The banking component monitors installed browsers (Chrome, Firefox, sBrowser, Brave, Opera, DuckDuckGo, Dolphin Browser, Edge). It extracts visited domains using the regex ^(?:https?://)?(?:[^:/\\]+\\.)?([^:/\\]+\\.[^:/\\]+) and can manage and open links in the device's default browser.• Crypto mining: Some samples include or drop a miner component (reported as BTMOB), indicating dual-purpose monetization.• Persistence & telemetry: Includes mechanisms for persistence, telemetry exfiltration, and dynamic code loading from C2.C2 Capabilities (selection)The C2 implements a wide command set allowing full device control and data collection. Examples include dynamic DEX class loading, simulated updates that lock the screen, Google Authenticator monitoring (goauth), toggles for protection bypass, audio recording (srec), clipboard pasting via Accessibility Services (pst), SMS sending (ssms), and full device wipes via Device Administrator (adm<>wip<>).Additional capabilities include keylogger and virtual keyboard management, overlay-based full-screen locks, screen capture/streaming, macroed taps/swipes, saved-link management, and VPN/firewall control.Ecosystem and DeliveryRecent detections indicate modular deployment and possible Malware-as-a-Service distribution. The combination of banking-focus functionality and miner payloads suggests flexible monetization strategies. New samples reportedly drop BTMOB, reinforcing the dual-burden design.Limitations and Open DetailsTechnical reporting focuses on observed code paths and C2 commands; specific IoCs and attribution are not provided here. The loader-based architecture and heavy reliance on Accessibility and overlay privileges are notable constraints and enablers for the malware's capabilities. beatbanker #android #malware #btmob #mobilesecurity Source: https://securelist.com/beatbanker-miner-and-banker/119121/

So iPhones with iOS 26 are now officially approved for NATO classified information. But what does this actually mean? Are iPhones the ultimate solution for secure and private communication as this message suggests? Well, they must be, since iPhones are the only consumer devices officially approved withoud any additional apps for classified information.... But what about GrapheneOS? I assume that Pixels with GrapheneOS are not approved for CI because there is no official vendor behind Graphene, like Apple is with iPhones. But this also means we have to trust Apple... I'm not sure.....https://www.heise.de/en/news/NATO-restricted-iPhones-secure-enough-for-defense-alliance-11192350.html#ios #mobilesecurity #sovereigntech #nato