Locating the Trojan inside an infected COVID-19 contact tracing app
https://medium.com/@cryptax/locating-the-trojan-inside-an-infected-covid-19-contact-tracing-app-21e23f90fbfe
https://medium.com/@cryptax/locating-the-trojan-inside-an-infected-covid-19-contact-tracing-app-21e23f90fbfe
Medium
Locating the Trojan inside an infected COVID-19 contact tracing app
An italian company, SoftMining, developed an Android COVID-19 contact tracing application “SM-COVID-19”. Unfortunately, malware authors…
Exploitation of LAN vulnerability found in Firefox for Android [demo]
I tested this PoC exploit on 3 devices on same wifi network, it worked pretty well.
I was able to open custom URL on every smartphone using vulnerable Firefox (68.11.0 and below).
https://twitter.com/LukasStefanko/status/1307013106615418883
I tested this PoC exploit on 3 devices on same wifi network, it worked pretty well.
I was able to open custom URL on every smartphone using vulnerable Firefox (68.11.0 and below).
https://twitter.com/LukasStefanko/status/1307013106615418883
iOS and Android scam apps spreading via TikTok
https://blog.avast.com/scam-apps-spreading-via-tiktok-avast
https://blog.avast.com/scam-apps-spreading-via-tiktok-avast
Avast
iOS and Android scam apps spreading via TikTok
After a 12-year-old girl reported a rogue app circulating on TikTok to Avast, our team found a total of seven adware scam apps available on both the Google Play Store and the Apple App Store.
Vulnerabilities in ATM Milano's mobile app
https://blog.jacopojannone.com/en/post/atm-app-vulnerability/
https://blog.jacopojannone.com/en/post/atm-app-vulnerability/
Alien - the story of Cerberus' demise
https://www.threatfabric.com/blogs/alien_the_story_of_cerberus_demise.html
https://www.threatfabric.com/blogs/alien_the_story_of_cerberus_demise.html
ThreatFabric
Alien - the story of Cerberus' demise
The Alien banking Trojan expands 2020’s threat landscape alongside the demise of the infamous Cerberus Trojan. Learn more about its advanced capabilities and relation with Cerberus.
Code Execution Vulnerability in Instagram App for Android and iOS
https://research.checkpoint.com/2020/instagram_rce-code-execution-vulnerability-in-instagram-app-for-android-and-ios/
https://research.checkpoint.com/2020/instagram_rce-code-execution-vulnerability-in-instagram-app-for-android-and-ios/
Check Point Research
#Instagram_RCE: Code Execution Vulnerability in Instagram App for Android and iOS - Check Point Research
Research by: Gal Elbaz Background Instagram, with over 100+ million photos uploaded every day, is one of the most popular social media platforms. For that reason, we decided to audit the security of the Instagram app for both Android and iOS operating systems.…
Apps on Google Play Tainted with Cerberus Banker Malware
https://labs.bitdefender.com/2020/09/apps-on-google-play-tainted-with-cerberus-banker-malware/
https://labs.bitdefender.com/2020/09/apps-on-google-play-tainted-with-cerberus-banker-malware/
Bitdefender Labs
Daily source of cyber-threat information. Established 2001.
Into Android Meterpreter and how the malware launches it — part 2
https://medium.com/@cryptax/into-android-meterpreter-and-how-the-malware-launches-it-part-2-ef5aad2ebf12
https://medium.com/@cryptax/into-android-meterpreter-and-how-the-malware-launches-it-part-2-ef5aad2ebf12
Medium
Into Android Meterpreter and how the malware launches it — part 2
This is a part 2 of “Locating the Trojan inside an infected COVID-19 contact tracing app”. We are going to explain how the malware works.
Latest disclosed campaign of Android FinFisher used in 2019
https://www.amnesty.org/en/latest/research/2020/09/german-made-finspy-spyware-found-in-egypt-and-mac-and-linux-versions-revealed/
https://www.amnesty.org/en/latest/research/2020/09/german-made-finspy-spyware-found-in-egypt-and-mac-and-linux-versions-revealed/
Amnesty International
German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed
• FinSpy is a commercial spyware suite produced by the Munich-based company FinFisher Gmbh. Since 2011 researchers have documented numerous cases of targeting of Human Rights Defenders (HRDs) - including activists, journalists, and dissidents with the use…
Exploiting Android deep links and exported components
Slides: https://docs.google.com/presentation/d/1YnO_XF-iw2CvJa3rM-GdwYDV22SSzqVHQttXVedY3O4/edit#slide
PoCs: https://www.dropbox.com/sh/spwflkxxky37ruu/AAAf0KCItLdPr2lRp2vtQx2Aa?dl=0
Slides: https://docs.google.com/presentation/d/1YnO_XF-iw2CvJa3rM-GdwYDV22SSzqVHQttXVedY3O4/edit#slide
PoCs: https://www.dropbox.com/sh/spwflkxxky37ruu/AAAf0KCItLdPr2lRp2vtQx2Aa?dl=0
Google Docs
B3nac - Exploiting Android deep links and exported components
Exploiting Android deep links and exported components By Kyle B3nac @b3nac
MEDUZA - universal SSL unpinning tool for iOS
https://github.com/kov4l3nko/MEDUZA
https://github.com/kov4l3nko/MEDUZA
17 Joker Trojans found on Google Play caught stealing SMS messages, contact lists, and device information along with silently signing up the victim for premium wireless application protocol (WAP) services
https://www.zscaler.com/blogs/security-research/joker-playing-hide-and-seek-google-play
https://www.zscaler.com/blogs/security-research/joker-playing-hide-and-seek-google-play
Zscaler
Joker Playing Hide-and-Seek with Google Play | Zscaler
Joker is one of the most prominent types of malware targeting Android and keeps finding its way into Google’s official application market.
Using AT commands (not ADB commands) to extract sensitive Android device info via USB cable
AT commands could be used for Android forensics to extract filesystem images and for some cases even unlocking smartphone
https://www.instagram.com/p/CFtkDgkgHTj/
AT commands could be used for Android forensics to extract filesystem images and for some cases even unlocking smartphone
https://www.instagram.com/p/CFtkDgkgHTj/
Android Hacking Primer
How to get started hacking Android applications
https://vickieli.dev/hacking/intro-android/
How to get started hacking Android applications
https://vickieli.dev/hacking/intro-android/
Vickie Li's Security Blog
An Android Hacking Primer
How to get started hacking Android applications.
Forwarded from The Bug Bounty Hunter
Jailbreaking iOS without a Mac (1/4): The Plan
https://medium.com/bugbountywriteup/jailbreaking-ios-without-a-mac-1-4-the-plan-b49c0edc1759
https://medium.com/bugbountywriteup/jailbreaking-ios-without-a-mac-1-4-the-plan-b49c0edc1759
Medium
Jailbreaking iOS without a Mac (1/4): The Plan
Installing an unsigned iOS app (what is the prerequisite of jailbreaking) using Linux with (semi-)legitimate tools.
APT‑C‑23 group evolves its Android spyware
https://www.welivesecurity.com/2020/09/30/aptc23-group-evolves-its-android-spyware/
https://www.welivesecurity.com/2020/09/30/aptc23-group-evolves-its-android-spyware/
WeLiveSecurity
APT‑C‑23 group evolves its Android spyware
ESET research uncovers a new version of Android spyware that the APT-C-23 aka Two-tailed Scorpion threat group has used against targets in the Middle East.
Video demo how Android Spyware steals WhatsApp messages from received notifications
https://www.instagram.com/reel/CFwz9wMAwuL/
https://www.instagram.com/reel/CFwz9wMAwuL/
Instagram
Android Security & Hacking
What happens if you "Allow notification" access to malicious app. Video demo how easy it is for such malicious spyware to steal WhatsApp messages from received notifications . . . . . #hackers #hacking #hacker #cybersecurity #ethicalhacking #hack #kalilinux…
Dynamic Binary Instrumentation Techniques to Address Native Code Obfuscation
Paper: https://raw.githubusercontent.com/quarkslab/conf-presentations/master/BlackHat-Asia-20/asia-20-Thomas-Dynamic-Binary-Instrumentation-Techniques-to-Address-Native-Code-Obfuscation-wp.pdf
Slides: https://raw.githubusercontent.com/quarkslab/conf-presentations/master/BlackHat-Asia-20/asia-20-Thomas-Dynamic-Binary-Instrumentation-Techniques-to-Address-Native-Code-Obfuscation.pdf
Paper: https://raw.githubusercontent.com/quarkslab/conf-presentations/master/BlackHat-Asia-20/asia-20-Thomas-Dynamic-Binary-Instrumentation-Techniques-to-Address-Native-Code-Obfuscation-wp.pdf
Slides: https://raw.githubusercontent.com/quarkslab/conf-presentations/master/BlackHat-Asia-20/asia-20-Thomas-Dynamic-Binary-Instrumentation-Techniques-to-Address-Native-Code-Obfuscation.pdf
Mobile Threats and Incident Handling [free training]
Part I: https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material/technical-operational#mobile_threats
Part II: https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material/technical-operational/#mobile2
Part I: https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material/technical-operational#mobile_threats
Part II: https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material/technical-operational/#mobile2
Good news, Google will now search for security issues in other Android OEMs (Huawei, Meizu, ZTE, Vivo, OPPO...)
https://android-developers.googleblog.com/2020/10/announcing-launch-of-android-partner.html
https://android-developers.googleblog.com/2020/10/announcing-launch-of-android-partner.html
Android Developers Blog
Announcing the launch of the Android Partner Vulnerability Initiative
News and insights on the Android platform, developer tools, and events.
Discovered ACE vulnerability on Facebook for Android that was triaged through download file from group Files Tab
https://medium.com/@dPhoeniixx/arbitrary-code-execution-on-facebook-for-android-through-download-feature-fb6826e33e0f
https://medium.com/@dPhoeniixx/arbitrary-code-execution-on-facebook-for-android-through-download-feature-fb6826e33e0f
Medium
Arbitrary code execution on Facebook for Android through download feature
TL;DR