EngageLab SDK intent redirection security flaw
Vulnerability
Summary
Hide ▲
Show ▼
A now-patched intent redirection vulnerability in the EngageLab SDK could let malicious apps bypass the Android security sandbox and access private data in apps using the SDK. The flaw was identified in version 4.5.4 and later fixed in version 5.2.1 after responsible disclosure in April 2025. Microsoft said the issue affected apps in the cryptocurrency and digital wallet ecosystem, with more than 30 million installations among wallet apps alone.
Related Happenings
Microsoft 365 Android apps token-sharing flaw (multiple vulnerabilities)
Vulnerability
H score21
First: 03.06.2026 17:56
Last: 03.06.2026 17:56
Sources 1
About this happening:
**Microsoft 365 Android apps** were exposed by a leftover **setIsDebugMode(true)** flag that let same-device apps steal account tokens and act as the signed-in user. The flaw coul...
Microsoft 365 Android apps token-sharing flaw (multiple vulnerabilities)
VulnerabilityAbout this happening: **Microsoft 365 Android apps** were exposed by a leftover **setIsDebugMode(true)** flag that let same-device apps steal account tokens and act as the signed-in user. The flaw coul...
Android 17 expands platform security and privacy protections
Security Tool/Service
H score15
First: 12.05.2026 20:00
Last: 12.05.2026 20:00
Sources 1
About this happening:
**Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...
Android 17 expands platform security and privacy protections
Security Tool/ServiceAbout this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...
CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific
Campaign
H score34
First: 08.05.2026 18:08
Last: 08.05.2026 18:08
Sources 1
About this happening:
The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...
CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific
CampaignAbout this happening: The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...
Microsoft SharePoint Server spoofing vulnerability (actively exploited) (CVE-2026-32201)
Vulnerability
H score55
First: 14.04.2026 20:41
Last: 14.04.2026 20:41
Sources 1
About this happening:
Microsoft patched **CVE-2026-32201** in **Microsoft SharePoint Server**, a **spoofing vulnerability** that was **exploited in attacks** and could affect **confidentiality** and **...
Microsoft SharePoint Server spoofing vulnerability (actively exploited) (CVE-2026-32201)
VulnerabilityAbout this happening: Microsoft patched **CVE-2026-32201** in **Microsoft SharePoint Server**, a **spoofing vulnerability** that was **exploited in attacks** and could affect **confidentiality** and **...
SparkCat malware variant in App Store and Google Play apps steals wallet recovery phrases
Malware Activity
H score29
First: 03.04.2026 12:10
Last: 03.04.2026 12:10
Sources 1
About this happening:
The **SparkCat** malware resurfaced in a new variant inside apps on the **Apple App Store** and **Google Play Store**, increasing the risk of mobile crypto wallet theft. The malwa...
SparkCat malware variant in App Store and Google Play apps steals wallet recovery phrases
Malware ActivityAbout this happening: The **SparkCat** malware resurfaced in a new variant inside apps on the **Apple App Store** and **Google Play Store**, increasing the risk of mobile crypto wallet theft. The malwa...
Timeline
-
09.04.2026 20:26 2 articles · 3mo ago
Microsoft reports EngageLab SDK intent redirection flaw
Initial DisclosureMicrosoft Defender Security Research Team said an intent redirection flaw in EngageLab SDK for Android could let a malicious app bypass the Android security sandbox and access private data in apps using the SDK, including cryptocurrency and digital wallet apps with more than 30 million installations; Microsoft said EngageLab released version 5.2.1 in November 2025 after responsible disclosure in April 2025, and all vulnerable apps detected were removed from the Google Play Store.
Show sources
- EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets — thehackernews.com — 09.04.2026 20:26
- Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users — www.securityweek.com — 10.04.2026 10:33