When it comes to targeting the sexes, generally malware has targeted men by enticing them to view videos or pictures of sexual content—Android malware is no different. For instance, Android.Oneclickfraud attempts to coerce a user into paying for a pornographic service and certain Android.Opfake variants are designed to allow users to view adult videos, but secretly send SMS texts to premium-rate numbers in the background. Recently, however, Symantec discovered Android.Loozfon, a rare example of malware that targets female Android users.

A group of scammers is attempting to lure female Android users in Japan into downloading an app by sending emails stating how the recipient can easily make...

Symantec reported new malware for Mac last month that we called OSX.Crisis. Kaspersky then reported that it arrives on the compromised computer through a JAR file by using social engineering techniques.

The JAR file contains two executable files for both Mac and Windows. It checks the compromised computer’s OS and drops the suitable executable file. Both these executable files open a back door on the compromised computer. However, we found two special functions in the Windows version of the threat that Symantec detects as W32.Crisis.

The threat uses three methods to spread itself: one is to copy itself and an autorun.inf file to a removable disk drive, another is to sneak onto a VMware virtual machine, and the final method is to drop modules onto a Windows Mobile device.
 

...

Java SE is a platform-independent programming language. It is used on all operating systems – Windows and *nix-based, which increases the scope of exploiting a security vulnerability in Java. I will examine two critical Java security vulnerabilities exploited in the wild during the last few months.

Applets in a sandbox

Java applets use a sandbox, which restricts them from accessing privileged operating system functionality and some privileged Java code. An applet developed by any programmer can therefore run safely in the browser without performing any malicious activities on the computer because applets are not permitted to do things like explicitly read or write from the file system or create network connections to external hosts. Attackers who exploit Java vulnerabilities escape the restrictions of the sandbox and are free to execute arbitrary code. This has potentially devastating effects on a computer.

Exploitation of Java security...

Symantec has found a privacy-infringing application called Call Cheater Lite previously distributed on Google Play that may also result in unwanted SMS charges . The purpose of this app is to block unwanted phone calls from certain individuals (debt collectors, ex-girlfriends and boyfriends, etc.) by giving the owner of the phone the ability to play any sound or pre-recorded message to an offensive or unwanted caller. According to the application description, the user can configure the app to play a pre-recorded message or sound to make the caller believe that the phone is disconnected or out of service.

While that sounds like a good idea at first (especially if you are annoyed by a constant barrage of unwanted calls), this application also sends out the following information:...