Link previews in chat apps can cause serious privacy problems
There were found several cases of apps with vulnerabilities such as: leaking IP addresses, exposing links sent in end-to-end encrypted chats, and unnecessarily downloading gigabytes of data quietly in the background
https://www.mysk.blog/2020/10/25/link-previews/
There were found several cases of apps with vulnerabilities such as: leaking IP addresses, exposing links sent in end-to-end encrypted chats, and unnecessarily downloading gigabytes of data quietly in the background
https://www.mysk.blog/2020/10/25/link-previews/
Mysk Blog – In-Depth Cybersecurity & Mobile App Privacy Research
Link Previews: How a Simple Feature Can Have Privacy and Security Risks
Link previews in chat apps can cause serious privacy problems if not done properly. We found several cases of apps with vulnerabilities such as: leaking IP addresses, exposing links sent in end-to-end encrypted chats, and unnecessarily downloading gigabytes…
On Google Play were found 21 gaming apps that were packed with hidden adware
https://blog.avast.com/new-malware-apps-on-google-play-avast
IoC: https://docs.google.com/spreadsheets/d/1Cu6KVYG6VWWCZMY0A-vXlewXyfm7yd0djQtTzc82cyY/edit#gid=0
https://blog.avast.com/new-malware-apps-on-google-play-avast
IoC: https://docs.google.com/spreadsheets/d/1Cu6KVYG6VWWCZMY0A-vXlewXyfm7yd0djQtTzc82cyY/edit#gid=0
Avast
Another 21 malware apps found on Google Play
Avast has uncovered another set of malicious apps in the Google Play Store. While adware is hidden by design, there are steps each person can take to protect themselves and their families.
Android banking malware grew in Q3 with its detections more than four times compared to Q2
https://www.welivesecurity.com/wp-content/uploads/2020/10/ESET_Threat_Report_Q32020.pdf
https://www.welivesecurity.com/wp-content/uploads/2020/10/ESET_Threat_Report_Q32020.pdf
DoNot Android APT group targets India, Pakistan and the Kashmir crisis
https://blog.talosintelligence.com/2020/10/donot-firestarter.html
https://blog.talosintelligence.com/2020/10/donot-firestarter.html
Cisco Talos Blog
DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread
By Warren Mercer, Paul Rascagneres and Vitor Ventura.
* The newly discovered Firestarter malware uses Google Firebase Cloud Messaging to notify its authors of the final payload location.
* Even if the command and control (C2) is taken down, the DoNot team…
* The newly discovered Firestarter malware uses Google Firebase Cloud Messaging to notify its authors of the final payload location.
* Even if the command and control (C2) is taken down, the DoNot team…
How to monitor Wi-Fi networks using Samsung S7 (link with tutorial, how to install NetHunter, prerequisites, wifi adapter support list, ROM)
https://www.instagram.com/reel/CHF3snlAOOa/
https://www.instagram.com/reel/CHF3snlAOOa/
👏1
Lockscreen and Authentication Improvements in Android 11
https://security.googleblog.com/2020/09/lockscreen-and-authentication.html
https://security.googleblog.com/2020/09/lockscreen-and-authentication.html
Google Online Security Blog
Lockscreen and Authentication Improvements in Android 11
Posted by Haining Chen, Vishwath Mohan, Kevin Chyn and Liz Louis, Android Security Team [Cross-posted from the Android Developers Blog ] ...
How to identify dynamically loaded binaries in Android apps. Useful for Bug Bounty and malware analysis of dynamically loaded payloads
Commands
# ps | grep "APP_NAME"
# cat /proc/PID/maps | grep "/data/data/"
Demo: https://www.instagram.com/tv/CHXv3iBAJ5V/
Info: https://sayfer.io/blog/dynamic-loading-in-android-applications-with-proc-maps/
Commands
# ps | grep "APP_NAME"
# cat /proc/PID/maps | grep "/data/data/"
Demo: https://www.instagram.com/tv/CHXv3iBAJ5V/
Info: https://sayfer.io/blog/dynamic-loading-in-android-applications-with-proc-maps/
Sayfer
Detecting Dynamic Loading in Android Applications With /proc/maps - Sayfer
Through dynamic loading malware authors can covertly load malicious code into their application in order to avoid detection. We can detect such loading...
New Android banking trojan - Ghimob - targets 122 financial institutions mainly in Brazil
https://securelist.com/ghimob-tetrade-threat-mobile-devices/99228/
https://securelist.com/ghimob-tetrade-threat-mobile-devices/99228/
Securelist
Ghimob: a Tétrade threat actor moves to infect mobile devices
Guildma's new creation, the Ghimob banking trojan, has been a move toward infecting mobile devices, targeting financial apps from banks, fintechs, exchanges and cryptocurrencies.
Joker’s New Tricks: Using Github To Hide Its Payload
https://www.trendmicro.com/en_us/research/20/k/an-old-jokers-new-tricks--using-github-to-hide-its-payload.html
https://www.trendmicro.com/en_us/research/20/k/an-old-jokers-new-tricks--using-github-to-hide-its-payload.html
Trend Micro
An Old Joker’s New Tricks: Using Github To Hide Its Payload
We recently detected a new version of the Joker mobile malware on a sample on Google Play. This update utilizes Github pages and repositories in an attempt to evade detection.
👍1
XPCSniffer dumps XPC information to a file and the console #iOS
https://github.com/evilpenguin/XPCSniffer
https://github.com/evilpenguin/XPCSniffer
GitHub
GitHub - evilpenguin/XPCSniffer: Sniff XPC goodies on your iOS device.
Sniff XPC goodies on your iOS device. Contribute to evilpenguin/XPCSniffer development by creating an account on GitHub.
VivaVideo Android app is responsible for unwanted premium subnoscription fraud and invisible ads
https://www.upstreamsystems.com/27-million-premium-subnoscription-fraud-and-invisible-ads-within-vivavideo-identified-by-secure-d/
https://www.upstreamsystems.com/27-million-premium-subnoscription-fraud-and-invisible-ads-within-vivavideo-identified-by-secure-d/
Upstream
$27 million Premium Subnoscription Fraud and Invisible Ads within VivaVideo Identified by Secure-D - Upstream
Upstream’s mobile security platform Secure-D identified that a popular Android app was responsible for over 20 million fraudulent transaction attempts.
Vulnerable Banking Application for Android
https://github.com/rewanth1997/Damn-Vulnerable-Bank
https://github.com/rewanth1997/Damn-Vulnerable-Bank
GitHub
GitHub - rewanthtammana/Damn-Vulnerable-Bank: Damn Vulnerable Bank is designed to be an intentionally vulnerable android application.…
Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills. - rewanthtammana/Damn-...
Evernote: Universal-XSS, theft of all cookies from all sites, and more
https://blog.oversecured.com/Evernote-Universal-XSS-theft-of-all-cookies-from-all-sites-and-more/
https://blog.oversecured.com/Evernote-Universal-XSS-theft-of-all-cookies-from-all-sites-and-more/
Remotely stealing cookies from Firefox for Android by visiting an exploit website (CVE-2020-15647)
PoC: https://gist.github.com/kanytu/7fe0640c87b0f3e57bda51e784a7255d
Research: https://medium.com/bugbountywriteup/firefox-and-how-a-website-could-steal-all-of-your-cookies-581fe4648e8d
PoC: https://gist.github.com/kanytu/7fe0640c87b0f3e57bda51e784a7255d
Research: https://medium.com/bugbountywriteup/firefox-and-how-a-website-could-steal-all-of-your-cookies-581fe4648e8d
Gist
CVE-2020-15647 PoC
CVE-2020-15647 PoC. GitHub Gist: instantly share code, notes, and snippets.
Unpatched vulnerability found in GO SMS Pro app allows unauthorized users to see shared media attachments
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/go-sms-pro-vulnerable-to-media-file-theft/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/go-sms-pro-vulnerable-to-media-file-theft/
Running code in the context of iOS Kernel: Part I + LPE POC on iOS 13.7
https://blog.zecops.com/vulnerabilities/running-code-in-the-context-of-ios-kernel-part-i-lpe-poc-on-ios-13-7/
https://blog.zecops.com/vulnerabilities/running-code-in-the-context-of-ios-kernel-part-i-lpe-poc-on-ios-13-7/
Mobile threat evolution Q3 2020
https://securelist.com/it-threat-evolution-q3-2020-mobile-statistics/99461/
https://securelist.com/it-threat-evolution-q3-2020-mobile-statistics/99461/
Securelist
IT threat evolution Q3 2020 Mobile statistics
The statistics presented here draw on detection verdicts returned by Kaspersky products and received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, the third quarter saw: 1,189 797 detected…
Vulnerability found in Facebook Messenger for Android that causes audio call to connect before callee has answered the call (bounty $60,000)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2098&s=03
https://bugs.chromium.org/p/project-zero/issues/detail?id=2098&s=03