Malloc Privacy Weekly

Malloc Privacy Weekly brings you the latest news in cybersecurity, helping you stay informed and alert to the ever-expanding threat landscape of personal digital security and privacy. Download Malloc, available on Android/iOS, to help safeguard your digital lives.

A rapidly trending app called Neon, which paid users to sell their phone call audio to AI companies, was taken offline after a severe security vulnerability exposed sensitive user data. The app's backend failed to enforce access controls, allowing any authenticated user to access the private call data, audio recordings, transcripts, and phone numbers of all other users. Following the discovery, the company took the service offline but failed to disclose the actual breach to its user base.

A massive and highly professional SIM farm discovered by the US Secret Service in the New York tristate area has been dismantled after being linked to "swatting" attacks against government officials. Containing over 100,000 SIM cards, the sprawling operation was deemed a serious threat to disrupt critical infrastructure, with the capacity to overwhelm cell towers and potentially shut down the cell phone network in New York City.

To learn more about these developments and other news, read the article below.

Banking Trojans Target Android Users by Mimicking Government and Legitimate Payment Apps

A financially motivated group is targeting Android users in Indonesia and Vietnam with banking trojans disguised as official government identity and payment apps, using spoofed Google Play/App Store interfaces and a WebSocket-based delivery via Socket.IO that streams chunked APK downloads to evade firewalls and automated scanners; payloads include a BankBot variant. Infrastructure exhibits Alibaba/Scloud hosting, Gname.com registrations, share-dns/Cloudflare nameservers, TLS certificate reuse, IP clustering, and rapid domain-to-DNS activation (~10.5 hours), with open directories serving multiple fake banking APKs and coordinated C2 domains. Some copycat sites use multilingual templates and direct APK links. Effective defenses emphasize behavioral detection, real-time traffic inspection (especially for anomalous WebSocket transfers), and vigilant monitoring of TLS certificates, DNS registration patterns, and hosting overlaps alongside end-user warnings.

Source: Cyber Press

How Malloc can help? 👉 Malloc keeps you safe from malware, spyware, and rogue apps via its device security scan, malicious app scan, and downloaded files scan. It also detects and alerts users to the use of Android accessibility services used by malware and spyware, including banking trojans and other Remote Access Trojans.

US uncovers 100,000 SIM cards that could have “shut down” NYC cell network

The US Secret Service seized a massive cache of telecom gear in the NYC area—over 300 co-located SIM servers and 100,000 SIM cards in stacked SIM boxes—allegedly capable of “shut[ting] down the cellular network in New York City.” Tied to an investigation into anonymous telephonic threats against senior officials, the setup is suspected to involve nation-state threat actors and could enable disabling cell phone towers, denial-of-service attacks, and anonymous, encrypted communication. The equipment was found across multiple sites, including abandoned apartment buildings up to 35 miles from the UN General Assembly, suggesting potential espionage or disruption, though the ultimate objective remains unclear. The gear has been taken offline; no arrests have been made as the investigation continues.

Source: Ars Technica

How Malloc can help? 👉 Malloc includes a VPN to block trackers and HTTP requests, hide IP locations, and encrypt traffic. Malloc has anti-phishing protection and blocks all kinds of malware and spyware domains locally using its on-device VPN. Stay connected to Malloc VPN at all times for maximum privacy.

China-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN Networks

A China-linked cyber campaign is targeting Asian telecommunications and manufacturing sectors and ASEAN networks, deploying a new PlugX variant that overlaps with RainyDay and Turian, abuses DLL side-loading via the Mobile Popup Application, reuses RC4/XOR encryption and RainyDay-style configuration, and includes an embedded keylogger for in-memory execution. Victimology and technical commonalities point to possible ties between Lotus Panda (Naikon) and BackdoorDiplomacy, suggesting shared tooling or a common vendor and a Chinese-speaking actor behind the activity. In parallel, Mustang Panda (Stately Taurus) continues to use the Bookworm malware, a modular RAT capable of command execution, file operations, data exfiltration, and persistence, with C2 via legitimate-looking domains, overlaps with TONESHELL, and newer techniques like UUID-encoded shellcode, underscoring sustained development and long-term operational use.

Source: The Hacker News

How Malloc can help? 👉 Malloc VPN hides the IP address and encrypts users' internet traffic in transit, adding tremendous value in terms of user privacy and security when communicating over unsecured networks.  Malloc's on-device VPN also blocks insecure HTTP traffic to thwart potential mercenary spyware infections when connected to suspicious networks. It also blocks spyware domains and detects spyware infections using advanced spyware indicators, alerting users.

Viral call-recording app Neon goes dark after exposing users’ phone numbers, call recordings, and transcripts

Neon, a viral call-recording app that pays users for recorded calls to sell data to AI companies, has been taken offline after a security flaw exposed users’ phone numbers, call recordings, and transcripts due to servers failing to restrict access, allowing logged-in users to retrieve others’ data via public links and metadata; founder Alex Kiam paused the service to add security layers but did not acknowledge the breach, and it remains unclear when service will resume, whether it complies with Apple/Google policies, if the flaw was exploited or logged, and claimed investors Upfront Ventures and Xfund have not commented.

Source: Tech Crunch

How Malloc can help? 👉 Malloc's Malicious App Scan helps detect malicious and rogue apps, their permission misuse, and trackers, and warns users. Malloc helps remove these apps from devices to protect user privacy. It also includes a VPN to block trackers and HTTP requests, hide IP locations, and encrypt traffic. Malloc has anti-phishing protection and blocks all kinds of malware and spyware domains locally using its on-device VPN. Stay connected to Malloc VPN at all times for maximum privacy.

Unpatched flaw in OnePlus phones lets rogue apps text messages

A vulnerability tracked as CVE-2025-10184 in OnePlus’s OxygenOS 12–15 lets any installed app access SMS data and metadata without permission due to misconfigured, exported providers in the customized Telephony package (e.g., PushMessageProvider, PushShopProvider, ServiceNumberProvider) that accept unsanitized inputs, enabling blind SQL injection to reconstruct messages; validated with a PoC by Rapid7 on devices including the OnePlus 8T and 10 Pro, this issue remains exploitable until a mid-October software update begins rolling out, so users should limit installed apps, switch from SMS-based 2FA to OTP apps, and use end-to-end encrypted messengers for sensitive communications.

Source: Bleeping Computer

How Malloc can help? 👉 Malloc is going to release a new Phishing Protector App to protect users against SMS phishing threats. The regular Malloc App also offers protection against phishing via its on-device VPN, and helps protect users when connected to the internet via its remote VPN. It also has additional security features like HTTP traffic blocking, protection against malicious domains and trackers, and includes malicious app scanning, device security scanning, and download file scanning.

Research Finds Apple iOS apps are worse at leaking sensitive data than Android apps

Mobile apps have become a prime target for API-based attacks, with over half of iOS apps and one-third of Android apps leaking sensitive data, enabling client-side tampering that lets attackers intercept and modify API calls to appear legitimate; traditional defenses (firewalls, gateways, API keys) and even SSL pinning leave gaps, while widespread PII exposure via console logs, external/local storage, and unencrypted transmissions—and risky third-party SDKs—heighten enterprise risk amid infected devices (about 3 per 1,000 overall and 1 in 5 Android encountering malware); reducing exposure requires in-app defenses, runtime protections, code obfuscation, strict permission and SDK auditing, encrypted storage and network traffic, and verifying API calls originate only from untampered clients.

Source: Tech Radar

How Malloc can help? 👉 Malloc's Malicious App Scan helps detect malicious and rogue apps, their permission misuse, and trackers, and warns users. Malloc helps remove these apps from devices to protect user privacy. It also includes a VPN to block trackers and HTTP requests, hide IP locations, and encrypt traffic. Malloc has anti-phishing protection and blocks all kinds of malware and spyware domains locally using its on-device VPN. Stay connected to Malloc VPN at all times for maximum privacy.

Google’s Gemini Integration with Chrome Begins Collecting Sensitive Data from Billions of Users

The rollout of Gemini in Chrome on smartphones introduces the browser’s biggest upgrade but raises serious privacy concerns, with collection of sensitive data such as name, location, device ID, browsing and search history, product interactions, and purchase history; a privacy analysis says Chrome with Gemini gathers 24 data types linked to users—more than other agentic AI browsers like Edge with Copilot, Perplexity, Opera, and Brave; while Google says it activates only when you ask, using it still enables data harvesting and location tracking, and installing AI extensions (e.g., ChatGPT) can expose more information to third parties; additionally, Nano Banana is flagged as similarly data-hungry, while Safari’s anti-fingerprinting in iOS 26 offers protections not available in Chrome on iPhone, prompting advice to switch browsers or skip the upgrade.

Source: Forbes

How Malloc can help? 👉 As Google continues to monopolize the market and collect more and more user data while reducing privacy-friendly alternatives, users need to take steps to secure their devices. Malloc's on-device system-wide VPN uses local block lists to block trackers and helps reduce first- and third-party data collection by blocking tracking domains. Malloc VPN also helps keep users private and secure by hiding their IP address and encrypting internet traffic in transit. Because Google cannot be trusted with user data and securing user privacy, trustworthy privacy tools like Malloc help keep users private.

Search Engine Poisoning Campaign Tied to Chinese Actor

A financially motivated Chinese-speaking threat actor is running an SEO poisoning campaign dubbed Operation Rewrite, using a malicious native IIS module called BadIIS on compromised legitimate servers acting as reverse proxies to manipulate search results and hijack traffic for profit. The operation, tracked as CL-UNK-1037, injects popular keywords and serves keyword-stuffed HTML via C2 to search crawlers, then redirects victims who click poisoned results to scam porn/gambling sites. Intrusion activity includes web shells, lateral movement, exfiltration of web app source code, and stealthy registration of DLL implants as IIS modules, with overlaps noted with DragonRank and ESET’s Group 9 and a recurring “zz” pattern in C2 URLs. Defenders should consult the provided indicators of compromise (IoCs) and apply advanced URL filtering, DNS security, and robust endpoint protections.

Source: Dark Reading

How Malloc can help? 👉 Search Engine Optimization Poisoning and the presence of malicious app download links in Google Search results are a threat to user privacy and security on all platforms, including mobile devices. Malloc Blocks Malicious Domains through its on-device VPN and also protects against malicious apps and malware, including spyware, through its malicious app scan, device security scan, and download file scan.

Google Project Zero Details Remote Memory Address Leak Vulnerability in Apple Devices

A researcher from Google Project Zero demonstrated a remote ASLR bypass on macOS and iOS by exploiting deterministic NSDictionary serialization (via NSKeyedArchiver) to leak the address of the NSNull singleton whose pointer-as-hash behavior enables reconstruction of addresses using the Chinese Remainder Theorem, undermining ASLR in the shared cache; the approach requires services that deserialize attacker data and echo re-serialized objects, involves no memory corruption or timing side channels, was responsibly disclosed and fixed on March 31, 2025, and mitigations include avoiding raw object pointers as hash keys or using a keyed hash function to prevent deterministic serialization leaks.

Source: Cyber Security News

How Malloc can help? 👉 Malloc offers complete 360° protection against all kinds of mobile threats—it blocks spyware connections in real time, thwarts phishing attempts, blocks trackers and insecure HTTP websites, and detects permission misuse by apps. On Android it also blocks microphone access, detects microphone and camera usage by rogue apps, stalkerware, and malware, and alerts users about such activity.  Malloc VPN, via its IP address obfuscation and encrypted tunnel, help secure user internet activity. Thus, it keeps you protected against the ever-increasing number of mobile security threats.

Deepfake Attacks Hit Two-Thirds of Businesses

Nearly 62% of organizations faced deepfake attacks in the past year, primarily via social engineering that impersonates executives on video/audio calls or exploits automated verification (face/voice biometrics), and the threat is rising as deepfake technologies improve; recommended defenses include integrating deepfake detection into collaboration tools (Microsoft Teams, Zoom), targeted awareness training, strengthening business processes with application-level authorization and phishing-resistant MFA, and tightening controls on shadow AI and access to approved AI applications; meanwhile 32% reported AI-targeted attacks such as prompt injection, with about 5% experiencing a major incident—signaling that while not the top threat, these risks require serious, proactive mitigation.

Source: Infosecurity Magazine

How Malloc can help? 👉 Stay tuned as Malloc continues to add more features to protect users from vishing and other deepfake threats using advanced AI detection. Even then, Malloc offers strong protection against scams and harmful actions done by users over fraudulent calls, as well as protection against smishing, through its advanced phishing protection and by detecting and blocking spyware, malware, and other malicious domains in real time. Stay protected with Malloc!

WhatsApp Introduces On-Device Message Translations on iOS and Android

WhatsApp is rolling out on-device message translations across iOS and Android, enabling in-chat translation for 1:1, groups, and Channels via long-press “Translate” with saved language preferences; Android starts with English, Spanish, Hindi, Portuguese, Russian, and Arabic and can auto-translate entire threads in real time, while iPhone launches with 19+ languages; translations run locally on-device with no server access and work offline once translation packs are downloaded; a gradual rollout will expand languages and availability, boosting competitiveness while reinforcing privacy and end-to-end encryption.

Source: Cyber Insider

How Malloc can help? 👉 Malloc VPN, which is fast and secure, is also a great supplement to existing end-to-end encryption (E2EE) in secure messaging apps and RCS messaging.  It hides a user's IP address, which is unique and accessible to hackers, ISPs, and governments, and encrypts internet traffic, offering an additional layer of protection.

US Strikes TikTok Deal to Keep User Data on American Soil

The White House approved a deal letting TikTok continue in the U.S. via a US-based joint venture with a qualified divestiture that makes US investors the majority, caps ByteDance’s stake under 20%, limits it to one of seven board seats, and excludes it from a US-only security committee overseeing algorithmic governance and user data. Oracle becomes the independent security provider, monitoring software changes, auditing data flows, and retraining algorithms, while all American data moves to a purpose-built US cloud with foreign access prohibited. The arrangement shifts control over recommendation systems, content moderation, and data storage to U.S. entities, preserving access for 170 million US users and safeguarding an estimated $178 billion in economic activity. While this addresses national security concerns behind the ban, critics warn that without federal privacy legislation, broader risks from commercial data harvesting remain.

Source: Cyber Insider

How Malloc can help? 👉 Malloc helps blocks trackers on users' mobile devices. These trackers are present on websites and in apps and are in many ways akin to spyware, which delivers sensitive personal user details to advertisers and thus helps greatly minimize the risk of such information being misused and used to target them by state and non-state actors via social engineering attacks.

Brits warned as illegal robo-callers with offshored call centers fined half a million

The UK’s Information Commissioner’s Office (ICO) fined two firms £550,000 for illegal automated marketing via offshored call centers using avatar robo-call technology that targeted elderly and vulnerable people with scare tactics about loft insulation; Green Spark Energy (£250k) made about 9.5 million calls with 497 complaints and Home Improvement Marketing (£300k) made 2.4 million calls, all without informed consent. Both were linked to director Matthew Terry, whose seized devices showed attempts to evade detection and push spray foam sales; regulators urged the public to spot telltale signs—slight pauses, limited answers, identical voices, no background noise—to aid enforcement action, as one faces a proposal to strike off and the other continues under new leadership.

Source: The Register

How Malloc can help? 👉 Stay tuned as Malloc continues to add more features to protect users from vishing and other deepfake threats using advanced AI detection. Even then, Malloc offers strong protection against scams and harmful actions done by users over fraudulent calls, as well as protection against smishing, through its advanced phishing protection and by detecting and blocking spyware, malware, and other malicious domains in real time. Stay protected with Malloc!

UK to roll out mandatory digital ID for right to work by 2029

The UK plans a mandatory digital ID for all legal residents by 2029, required to prove the right to work and stored in a government digital wallet on phones with non-smartphone alternatives after consultation; it won’t be needed for NHS or benefits, and renting isn’t included. Framed by Keir Starmer as immigration enforcement, ministers say it’s not a daily ID card but workers must produce it for checks. Critics, including Conservatives and Big Brother Watch, warn of extra red tape, minimal impact on illegal employment, and a “checkpoint society,” fueling a strong civil liberties backlash over a policy the government had previously ruled out.

Source: The Register

How Malloc can help? 👉 In these volatile times of rising geopolitical tensions and dangers to user privacy and state sovereignty from hostile states, securing mobile devices from data brokers, spyware, Trojans, and other threats is of utmost priority for both nation-states and individuals. Malloc offers complete protection against all kinds of mobile threats—it blocks spyware connections in real time, thwarts phishing attempts, blocks trackers and insecure HTTP websites, and detects permission misuse by apps. Malloc VPN helps protect your mobile device when connected to unsafe networks, keeping you protected against the ever-increasing number of mobile security threats.