Droid Tools

Tag: exploit

  • Critical Snapdragon Exploit Takes Over Devices in Just 5 Minutes – What You Need to Know

    Critical Snapdragon Exploit Takes Over Devices in Just 5 Minutes – What You Need to Know

    Kaspersky ICS CERT has publicly detailed a critical hardware vulnerability hitting a wide array of Qualcomm Snapdragon chipsets. The exploit, presented at Black Hat Asia 2026 on April 23 and tracked as CVE-2026-25262, has rattled the security community. First confirmed by Qualcomm in April 2025, full technical details are now available, exposing a backdoor capable of total device takeover and data destruction.

    snapdragon exploit takes over device

    The Sahara Protocol and BootROM Flaw

    The issue lies deep in the BootROM, the silicon-hardcoded firmware that runs first when a device powers up. Because this code is etched into the hardware itself, standard OTA software updates can’t touch it, making patches nearly impossible.

    Researchers uncovered a major weakness in Qualcomm‘s Sahara protocol handling. For those who work with device flashing, Sahara manages low-level communication in Emergency Download (EDL) mode to load critical software before the main OS starts.

    With just a few minutes of physical access, attackers can exploit this to sidestep the entire secure boot chain. Once inside the application processor, they gain the ability to:

    • Install persistent backdoors that survive reboots.
    • Pull sensitive data like passwords, files, contacts, and real-time location.
    • Take over device sensors for covert camera and microphone access.

    The malware even fakes a system reboot to throw off users. Clearing the infection often requires draining the battery completely to wipe volatile memory, and detection remains extremely challenging.

    Affected Chipsets and Devices

    While newer flagships like Snapdragon 8 Elite have stronger defenses, this flaw hits many older and mid-range chips still in widespread use.

    Vulnerable Qualcomm Chipsets:

    • MSM8916 (Snapdragon 410) (Xiaomi REDMI 2)
    • SDX50 (Xiaomi Mi MIX 3 5G and Mi 9 Pro 5G)
    • MDM9x07
    • MDM9x45 (Xiaomi Mi 5, Mi 5s, Mi 5s Plus, Mi Note 2, Mi MIX)
    • MDM9x65
    • MSM8909
    • MSM8952

    Real-World Impact

    Physical access requirements limit mass remote attacks, but the risk to supply chains, repair shops, and targeted users remains severe. Compromised devices turn into perfect surveillance tools. With hardware deployed across consumer REDMI phones to industrial IoT systems, the potential fallout spans far beyond typical mobile threats.

    Source: Kaspersky

  • Google tops the list of most exploited platforms in the US

    Google tops the list of most exploited platforms in the US

    The foundation of our digital identity is our internet accounts, which are constantly targeted. Hackers are constantly looking for methods to access your data, whether it is through your social media accounts or your e-commerce login credentials, however they are more likely to target certain sites.

    Unsurprisingly, consumers’ Google accounts are the most commonly hijacked online platforms, according to a recent study from Click Insight that examined search trends between November 2024 and October 2025.

    It should come as no surprise that Google accounts are the holy grail for hackers since they are the key to unlocking a number of other native Google services. For this reason, there are more than 84,000 searches per month about “Google” account hacking.

    maxresdefault

    Now that Google is out of the way, Meta’s traditional heavyweight ranks second. According to search statistics, Facebook has 40,058 monthly queries, making it the second most abused site in the United States.

    Roblox, the third most commonly breached platform in the US, is ahead of another Meta-owned behemoth in the top five.

    RankPlatformAverage monthly hack-related searches
    1Google84,038
    2Facebook40,058
    3Roblox35,675
    4Instagram25,250
    5Microsoft18,643
    6Snapchat15,844
    7Apple13,906
    8Amazon9,092
    9TikTok8,508
    10Fortnite7,938

    Given that almost 40% of Roblox users are younger than 13, it is not shocking that threat actors find the site to be an easy target. Conversely, Instagram (#4), one of the most widely used social media sites, is a veritable treasure for hackers who want to obtain much more than simply data.

    Roblox and Instagram had 35,675 and 25,250 hack-related searches per month, respectively. With 18,643 monthly hack-related searches, Microsoft accounts complete the top five. Snapchat, Apple accounts, Amazon, TikTok, and Fortnite come next.

    You need to go beyond simple passwords in order to stay safe online, regardless of the platform. Enabling 2FA authentication and using a password manager that supports passkeys is your best line of defense against threat actors.

  • NFC mobile payments are abused in the new Ghost Tap exploit to steal money.

    NFC mobile payments are abused in the new Ghost Tap exploit to steal money.

    Cybercriminals have created a brand-new technique called “Ghost Tap,” which transmits NFC card information to money mules all around the world, to profit from stolen credit card information connected to mobile payment systems like Apple Pay and Google Pay.

    The strategy expands on techniques used by mobile viruses such as NGate, which were reported by ESET in August and involved using payment card Near Field Communication (NFC) signals. Ghost Tap employs money mules at several remote places connecting with Point of Sale (PoS) terminals, is more obfuscated and difficult to detect, and does not require the victim’s mobile or card. It also does not require constant victim interchange.

    121d article 220614 ghost touch

    Ghost Tap was found by mobile security company Threat Fabric, which cautions about the growing potential and adoption of the novel method. Threat Fabric told Droid Tools that it has recently observed an increase in the use of Ghost Tap in the field.

    An overview of Ghost Tap and a comparison with NGate

    The attack starts by stealing payment card information and intercepting the one-time passwords (OTP) required to register for a virtual wallet on Google Pay and Apple Pay. Payment card information can be stolen via phishing websites, keylogging, or banking malware that shows overlays that seem like digital payment apps.

    Malware that tracks text messages or social engineering are two ways that OTPs can be stolen. Previously, NGate-based assaults required the use of specialist software to mislead the victim into scanning their card via the NFC mechanism on their device.

    Payment card information is still transmitted using the NFCGate tool. But in the interim, a relay server is set up to transmit the information to a vast network of money mules while hiding their true locations. Using the NFC chip on their cellphone, the mules then make large-scale, multi-location retail purchases, making it challenging to identify the main attacker or map the fraud network.

    Threat actors were restricted to making minor contactless payments and ATM withdrawals during the NGate attacks, which jeopardized their identity and occasionally resulted in arrests.

    The threat actors have stopped making ATM withdrawals as a result of the new Ghost Taps operation. Rather, they merely carry out cash outs at the time of sale and distribute them around a vast global network of mules. This just endangers the mules by obscuring the path to the primary perpetrators of the nefarious conduct.

    diagram

    Defending Against Ghost Tap

    Threat Fabric cautions that because the transactions seem authentic and take place across several locations, the new strategy is difficult for financial institutions to identify and halt.

    The researchers claim that although many banks’ anti-fraud systems identify purchases made in odd places, as when visiting another nation, the many tiny payments might evade these detections.

    “The new tactic for cash-outs poses a challenge for financial organisations: the ability of cybercriminals to scale the fraudulent offline purchases, making multiple small payments in different places, might not trigger the anti-fraud mechanisms and might allow cybercriminals to successfully buy goods that can be further re-sold (like gift cards),” explains ThreatFabric.

    If the attack is used widely, the total amount lost might be substantial even though all of these tiny transactions seem to have originated from the same device (connected to the same Apple Pay or Google Pay account). The mules switched their handsets to “airplane mode,” which still permits the NFC system to operate normally, in order to avoid being tracked.

    Banks may only prevent Ghost Tap by flagging transactions made using the same card at locations that are physically impossible to visit in between charges. For instance, carrying out a fraudulent transaction in Cyprus 10 minutes after completing one in New York.

    From the standpoint of the customer, keeping an eye out for fraudulent transactions and promptly reporting them to your bank is essential for freezing the card and reducing losses.