Vulnerability found in Facebook for Android that could trigger malicious deep links, run arbitrary JavaScript or replace URLs to phishing pages
https://ash-king.co.uk/blog/Launching-internal-non-exported-deeplinks-on-Facebook
https://ash-king.co.uk/blog/Launching-internal-non-exported-deeplinks-on-Facebook
ash-king.co.uk
Launching internal & non-exported deeplinks on Facebook
Ash King - Software Developer & Security Researcher
👍1
Reverse engineering Flutter for Android + Doldrums (Doldrums is a reverse engineering tool for Flutter apps)
https://rloura.wordpress.com/2020/12/04/reversing-flutter-for-android-wip/
https://github.com/rscloura/Doldrums
https://rloura.wordpress.com/2020/12/04/reversing-flutter-for-android-wip/
https://github.com/rscloura/Doldrums
A Moment of Insanity
Reverse engineering Flutter for Android
Disclaimer: the contents of this article are the result of countless hours of personal investigation combined with exhaustive trial and error. I have never contacted Flutter or Dart development tea…
Dissecting a MediaTek BootROM exploit
https://tinyhack.com/2021/01/31/dissecting-a-mediatek-bootrom-exploit/
https://tinyhack.com/2021/01/31/dissecting-a-mediatek-bootrom-exploit/
Tinyhack.com
Dissecting a MediaTek BootROM exploit
A bricked Xiaomi phone led me to discover a project in Github that uses a MediaTek BootROM exploit that was undocumented. The exploit was found by Xyz, and implemented by Chaosmaster. The initial exploit was already available for quite a while. Since I have…
Data Driven Security Hardening in Android
https://security.googleblog.com/2021/01/data-driven-security-hardening-in.html
https://security.googleblog.com/2021/01/data-driven-security-hardening-in.html
Google Online Security Blog
Data Driven Security Hardening in Android
Posted by Kevin Deus, Joel Galenson, Billy Lau and Ivan Lozano, Android Security & Privacy Team The Android platform team is committed to ...
Hackers tried to trick iPhone users into installing a fake version of WhatsApp to spy on them.
How: By tricking users into installing configuration files or so-called Mobile Device Management (MDM) profiles, which can then potentially push malware onto a target device.
https://www.vice.com/en/article/akdqwa/a-spyware-vendor-seemingly-made-a-fake-whatsapp-to-hack-targets
How: By tricking users into installing configuration files or so-called Mobile Device Management (MDM) profiles, which can then potentially push malware onto a target device.
https://www.vice.com/en/article/akdqwa/a-spyware-vendor-seemingly-made-a-fake-whatsapp-to-hack-targets
VICE
A Spyware Vendor Seemingly Made a Fake WhatsApp to Hack Targets
Technical analyses by Citizen Lab and Motherboard found links between a fake version of WhatsApp and Cy4Gate, an Italian surveillance firm that works with cops and intelligence agencies.
New Android DDoS botnet called - Matryosh - communicates over TOR and infect devices via enabled ADB port
https://blog.netlab.360.com/matryosh-botnet-is-spreading-en/
https://blog.netlab.360.com/matryosh-botnet-is-spreading-en/
360 Netlab Blog - Network Security Research Lab at 360
New Threat: Matryosh Botnet Is Spreading
Background
On January 25, 2021, 360 netlab BotMon system labeled a suspicious ELF file as
Mirai, but the network traffic did not match Mirai's characteristics.
This anomaly caught our attention, and after analysis, we determined that it was a new botnet…
On January 25, 2021, 360 netlab BotMon system labeled a suspicious ELF file as
Mirai, but the network traffic did not match Mirai's characteristics.
This anomaly caught our attention, and after analysis, we determined that it was a new botnet…
CVE-2020-27932: iOS Kernel privesc with turnstiles
https://googleprojectzero.blogspot.com/p/rca-cve-2020-27932.html
https://googleprojectzero.blogspot.com/p/rca-cve-2020-27932.html
Blogspot
CVE-2020-27932: iOS Kernel privesc with turnstiles
This page has been moved to our new site. Please click here to go to the new location. Posted by Ian Beer, Project Zero (2021-02-04) Disc...
Analysis of Android downloader
https://cryptax.medium.com/an-apparently-benign-app-distribution-scheme-which-has-all-it-takes-to-turn-very-ugly-f733be528535
https://cryptax.medium.com/an-apparently-benign-app-distribution-scheme-which-has-all-it-takes-to-turn-very-ugly-f733be528535
Medium
An apparently benign app distribution scheme which has all it takes to turn (very) ugly
This articles discusses a recent Android sample from January 2021. It was first scanned on the 11th, but according to its certificate…
Barcode Scanner app on Google Play infects 10 million users with one update
https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/
https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/
Malwarebytes
Barcode Scanner app on Google Play infects 10 million users with one update | Malwarebytes Labs
In a single update, a popular barcode scanner app that had been on Google Play for years turned into malware.
Insecure Data Storage: Clear Text Storage of Sensitive Information (Hard-coded strings, credentials, tokens & keys)
https://medium.com/mobis3c/insecure-data-storage-clear-text-storage-of-sensitive-information-hard-coded-strings-fb7b056c0d0
https://medium.com/mobis3c/insecure-data-storage-clear-text-storage-of-sensitive-information-hard-coded-strings-fb7b056c0d0
Medium
Insecure Data Storage: Clear Text Storage of Sensitive Information (Hard-coded strings, credentials, tokens & keys)
Before we get started, we need to have the apk which can be extracted from the device by installing the application through the play store…
Domestic Kitten (APT-C-50) – An Inside Look at the Iranian Surveillance Operations
https://research.checkpoint.com/2021/domestic-kitten-an-inside-look-at-the-iranian-surveillance-operations/
https://research.checkpoint.com/2021/domestic-kitten-an-inside-look-at-the-iranian-surveillance-operations/
Check Point Research
Domestic Kitten – An Inside Look at the Iranian Surveillance Operations - Check Point Research
Overview Despite the reveal of “Domestic Kitten” by Check Point in 2018, APT-C-50 has not stopped conducting extensive surveillance operations against Iranian citizens that could pose a threat to the stability of the Iranian regime, including internal dissidents…
Couple of bugs disclosed for Huawei, Motorola, OPPO, Mediatek, Vivo, Meizu, ZTE, K-Touch, Transsion, Digitime devices
Issues: ADB private key leak, a cloud services key leak, and permissions bypass for system APIs
https://bugs.chromium.org/p/apvi/issues/list?q=&can=1
Issues: ADB private key leak, a cloud services key leak, and permissions bypass for system APIs
https://bugs.chromium.org/p/apvi/issues/list?q=&can=1
Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows
https://blog.talosintelligence.com/2021/02/kasablanka-lodarat.html
https://blog.talosintelligence.com/2021/02/kasablanka-lodarat.html
Cisco Talos Blog
Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows
* The developers of LodaRAT have added Android as a targeted platform.
* A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities.
* The operators behind LodaRAT tied to a specific campaign targeting Bangladesh…
* A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities.
* The operators behind LodaRAT tied to a specific campaign targeting Bangladesh…
Discovered Confucius APT Android Spyware Linked to India-Pakistan Conflict
https://blog.lookout.com/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict
https://blog.lookout.com/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict
Lookout
Confucius APT Android Spyware Linked to India-Pakistan Conflict | Threat Intel
The Lookout Threat Intelligence team has discovered two novel Android surveillanceware – Hornbill and SunBird.
SHAREit Flaw Could Lead to Remote Code Execution
https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html
https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html
Trend Micro
SHAREit Flaw Could Lead to Remote Code Execution
We discovered vulnerabilities in the SHAREit application. These vulnerabilities can be abused to leak a user’s sensitive data, execute arbitrary code, and possibly lead to remote code execution. The app has over 1 billion downloads.
👍1
Stealing Facebook access token and WebView cookies from SHAREit using 3rd party app (not fixed)
https://youtu.be/D2d8AL1jtes
https://youtu.be/D2d8AL1jtes
Hunting for bugs in Telegram's animated stickers remote attack surface
https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/
https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/
Shielder
Shielder - Hunting for bugs in Telegram's animated stickers remote attack surface
polict's 2020 journey in researching the lottie animation format, its integration in mobile apps and the vulnerabilities triggerable by a remote attacker against any Telegram user.
Analyzing Clubhouse for fun and profit
https://theori.io/research/korean/analyzing-clubhouse/
https://theori.io/research/korean/analyzing-clubhouse/
“ScamClub” Bypasses Iframe Sandboxing With postMessage() to deliver malvertism ads [CVE-2021–1801]
https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
Medium
Malvertiser “ScamClub” Bypasses Iframe Sandboxing With postMessage() Shenanigans [CVE-2021–1801]
This blog post is about the mechanics of a long tail iframe sandbox bypass found in a payload belonging to the persistent malvertising…