Malware that secretly installs porn apps on your phone is infecting devices by the millions, becoming the world’s largest mobile Trojan.

The malware, called “Hummer,” is a family of Trojans that imitate Android apps before striking, according to Cheetah Mobile, a maker of security and utility apps.

The company’s researchers have been tracking Hummer since 2014. It’s been infecting more than 1 million devices per day, far outpacing other kinds of mobile Trojans, the company said in a post on Wednesday.

India, Indonesia, Turkey, China and Mexico are the top five countries where the Trojan has been spreading the most, but it’s also hit victims in the U.S. and Europe.

To read this article in full or to leave a comment, please click here

A database described by some as a “terrorism blacklist” has fallen into the hands of a white-hat hacker who may decide to make it accessible to the public online.

The database, called World-Check, belongs to Thomson Reuters and is used by banks, governments and intelligence agencies to screen people for criminal ties and links to terrorism.

Security researcher Chris Vickery claims to have obtained a 2014 copy of the database. He announced the details on Tuesday in a post on Reddit.

“No hacking was involved in my acquisition of this data,” he wrote. “I would call it more of a leak than anything, although not directly from Thomson Reuters.”

To read this article in full or to leave a comment, please click here

Hackers are stealing credit card information in Europe with malware that can spoof the user interfaces of Uber, WhatsApp and Google Play.

The malware, which has struck Android users in Denmark, Italy and Germany, has been spreading through a phishing campaign over SMS (short message service), security vendor FireEye said on Tuesday.

Once downloaded, the malware will create fake user interfaces on the phone as an “overlay” on top of real apps. These interfaces ask for credit card information and then send the entered data to the hacker.

To read this article in full or to leave a comment, please click here

Attackers have compromised more than 25,000 digital video recorders and CCTV cameras and are using them to launch distributed denial-of-service (DDoS) attacks against websites.

One such attack, recently observed by researchers from Web security firm Sucuri, targeted the website of one of the company’s customers: a small bricks-and-mortar jewelry shop.

The attack flooded the website with about 50,000 HTTP requests per second at its peak, targeting what specialists call the application layer, or layer 7. These attacks can easily cripple a small website because the infrastructure typically provisioned for such websites can handle only a few hundred or thousand connections at the same time.

To read this article in full or to leave a comment, please click here