EngageLab SDK version 5.2.1 patch release
Security Patch Release
Summary
Hide ▲
Show ▼
EngageLab released version 5.2.1 to fix the EngageLab SDK flaw affecting Android apps that used vulnerable integrations. The update closed an intent redirection issue that could let a malicious app bypass the Android security sandbox and reach private data. The patch followed responsible disclosure in April 2025 and matters because the SDK was embedded in apps across the Android ecosystem, including high-value wallet software.
Related Happenings
Android 17 expands platform security and privacy protections
Security Tool/Service
First: 12.05.2026 20:00
Last: 12.05.2026 20:00
Sources 1
About this happening:
**Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...
Android 17 expands platform security and privacy protections
Security Tool/ServiceAbout this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...
CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific
Campaign
First: 08.05.2026 18:08
Last: 08.05.2026 18:08
Sources 1
About this happening:
The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...
CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific
CampaignAbout this happening: The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...
SparkCat malware variant in App Store and Google Play apps steals wallet recovery phrases
Malware Activity
First: 03.04.2026 12:10
Last: 03.04.2026 12:10
Sources 1
About this happening:
The **SparkCat** malware resurfaced in a new variant inside apps on the **Apple App Store** and **Google Play Store**, increasing the risk of mobile crypto wallet theft. The malwa...
SparkCat malware variant in App Store and Google Play apps steals wallet recovery phrases
Malware ActivityAbout this happening: The **SparkCat** malware resurfaced in a new variant inside apps on the **Apple App Store** and **Google Play Store**, increasing the risk of mobile crypto wallet theft. The malwa...
NoVoice Android malware hidden in Google Play apps
Malware Activity
First: 01.04.2026 21:07
Last: 01.04.2026 21:07
Sources 1
About this happening:
**NoVoice** Android malware was found hidden in **more than 50 Google Play apps**, exposing **at least 2.3 million downloads** to compromise. After installation, it used **old And...
NoVoice Android malware hidden in Google Play apps
Malware ActivityAbout this happening: **NoVoice** Android malware was found hidden in **more than 50 Google Play apps**, exposing **at least 2.3 million downloads** to compromise. After installation, it used **old And...
Perseus Android note-stealing and remote-control malware activity
Malware Activity
First: 19.03.2026 12:13
Last: 19.03.2026 12:13
Sources 1
About this happening:
The **Perseus** Android malware is now being used to inspect user notes for secrets, creating theft risk for **passwords**, **recovery phrases**, and **financial data**. It is als...
Perseus Android note-stealing and remote-control malware activity
Malware ActivityAbout this happening: The **Perseus** Android malware is now being used to inspect user notes for secrets, creating theft risk for **passwords**, **recovery phrases**, and **financial data**. It is als...
Timeline
-
09.04.2026 20:26 2 articles · 1mo ago
EngageLab SDK version 5.2.1 patch release
Initial DisclosureAfter responsible disclosure, **EngageLab** issued **version 5.2.1** in **November 2025** to remediate the Android SDK weakness. The patch is the fixed release for apps integrating the vulnerable SDK.
Show sources
- EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets — thehackernews.com — 09.04.2026 20:26
- Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users — www.securityweek.com — 10.04.2026 10:33