Security researchers have identified multiple vulnerabilities and malware threats targeting Android devices, including an intentionally vulnerable app named DVAC. A new malware named Wpeeper, which uses compromised WordPress sites to conceal its command-and-control servers, has been uncovered. This malware is capable of collecting device information, managing files, and executing malicious commands. Additionally, popular Android apps like Xiaomi File Manager and WPS Office, with a combined 4 billion installs, have been found vulnerable to a path traversal flaw, potentially affecting over 1.5 billion users. This flaw could allow hackers to overwrite files and execute malicious code. Another vulnerability, known as the 'Dirty stream' attack, has been identified, which is a common pattern in Android apps.