Security

Tech Threats: PQC Advancements, AI Vulnerability Hunt, Piracy Dangers, Phishing Schemes & More

Published

2 hours ago

March 27, 2026

into plain text. As of March 4, 2026, over 500 unique compromised Android devices from nearly 50 different models have been detected. The majority of these devices are low-cost models manufactured by companies such as Allview, BLU, Dcode, DOOGEE, Gigaset, Gionee, Lava, and Ulefone. These compromised devices have been found in 40 countries around the world.

Additionally, there has been a resurgence in phishing services, particularly with the Tycoon2FA phishing service. Despite efforts by Europol and Microsoft to seize active domains and take legal action against individuals associated with Tycoon2FA, the service quickly rebounded to pre-disruption levels. The tactics used by Tycoon2FA, such as phishing emails and malicious JavaScript payloads, have remained consistent even after the disruption.

Furthermore, fake meeting invites for popular video conference applications like Zoom, Microsoft Teams, and Google Meet are being used in phishing campaigns to distribute remote access tools. By tricking users into downloading what appears to be a software update required for joining a video call, attackers are able to gain full administrative control over victims’ endpoints.

A fileless phishing campaign targeting healthcare and government organizations in Germany and Canada has been identified, delivering the PureLogs data-stealing malware. This campaign uses copyright-infringement notices to lure victims into downloading malicious executables disguised as PDF files. The malware chain involves encrypted payloads, dynamic decryption keys, and in-memory execution to evade detection.

Lastly, the Larva-26002 threat actor is targeting MS-SQL servers with a scanner malware named ICE Cloud Client. By exploiting the Bulk Copy Program utility of MS-SQL servers, threat actors are able to install ransomware and deploy the ICE Cloud Client scanner. The ICE Cloud Client functions as both a scanner and a brute-force tool to gain access to vulnerable MS-SQL servers. ClawHub has addressed the issue following responsible disclosure by Silverfort on March 16, 2026. The conflict between the U.S., Israel, and Iran last month led to a surge in exploitation attempts targeting IP cameras by Iran-affiliated threat actors, as reported by Check Point Research.

The Rise of Oblivion: A New Android Malware Threat

In a recent report by iVerify, it was revealed that a new Android malware threat named Oblivion has emerged, utilizing sophisticated tactics to target unsuspecting victims. The platform behind Oblivion offers a web-based APK builder for the implant, a dropper builder for creating fake Google Play update pages, and a C2 panel for controlling devices in real-time. Pricing for Oblivion ranges from $300 per month to a lifetime subscription of $2,200, with demo accounts available for 7 days.

Oblivion is distributed through dropper APKs sent to victims via social engineering attacks. Once installed, the dropper apps mimic Google Play update prompts to install the malicious RAT payload. Like other Android malware, Oblivion exploits the accessibility services API to gain permissions and steal sensitive data. The Accessibility Page builder plays a crucial role in the social engineering aspect, creating a convincing replica of Android’s accessibility service settings screen with full control over the device UI.

The Ever-Present Threat of Android Malware

Disruptions in the digital landscape are becoming more common, with threats like Oblivion constantly evolving and reappearing after being taken down. The tactics used by malware creators rely heavily on exploiting trust, using familiar tools and normal processes to deceive users. The line between legitimate and malicious actions is often blurred, making it challenging for users to discern the difference.

While each component of Oblivion may not be alarming on its own, the combination of tactics used paints a concerning picture. It is essential to remain vigilant and question any unusual prompts or requests on your device. Awareness and caution are key in protecting yourself from evolving cyber threats.