Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows
https://blog.talosintelligence.com/2021/02/kasablanka-lodarat.html
https://blog.talosintelligence.com/2021/02/kasablanka-lodarat.html
Cisco Talos Blog
Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows
* The developers of LodaRAT have added Android as a targeted platform.
* A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities.
* The operators behind LodaRAT tied to a specific campaign targeting Bangladesh…
* A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities.
* The operators behind LodaRAT tied to a specific campaign targeting Bangladesh…
Discovered Confucius APT Android Spyware Linked to India-Pakistan Conflict
https://blog.lookout.com/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict
https://blog.lookout.com/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict
Lookout
Confucius APT Android Spyware Linked to India-Pakistan Conflict | Threat Intel
The Lookout Threat Intelligence team has discovered two novel Android surveillanceware – Hornbill and SunBird.
SHAREit Flaw Could Lead to Remote Code Execution
https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html
https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html
Trend Micro
SHAREit Flaw Could Lead to Remote Code Execution
We discovered vulnerabilities in the SHAREit application. These vulnerabilities can be abused to leak a user’s sensitive data, execute arbitrary code, and possibly lead to remote code execution. The app has over 1 billion downloads.
👍1
Stealing Facebook access token and WebView cookies from SHAREit using 3rd party app (not fixed)
https://youtu.be/D2d8AL1jtes
https://youtu.be/D2d8AL1jtes
Hunting for bugs in Telegram's animated stickers remote attack surface
https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/
https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/
Shielder
Shielder - Hunting for bugs in Telegram's animated stickers remote attack surface
polict's 2020 journey in researching the lottie animation format, its integration in mobile apps and the vulnerabilities triggerable by a remote attacker against any Telegram user.
Analyzing Clubhouse for fun and profit
https://theori.io/research/korean/analyzing-clubhouse/
https://theori.io/research/korean/analyzing-clubhouse/
“ScamClub” Bypasses Iframe Sandboxing With postMessage() to deliver malvertism ads [CVE-2021–1801]
https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
Medium
Malvertiser “ScamClub” Bypasses Iframe Sandboxing With postMessage() Shenanigans [CVE-2021–1801]
This blog post is about the mechanics of a long tail iframe sandbox bypass found in a payload belonging to the persistent malvertising…
How to intercept traffic from Android apps with Objection and Burp
https://youtu.be/Ft3H-3J67UE
https://youtu.be/Ft3H-3J67UE
YouTube
How to intercept traffic from Android apps with Objection and Burp
Raw and uncut tutorial on how to MITM Android apps with Objection and Burp.
Social:
Twitter: https://twitter.com/b3nac
Website: https://b3nac.com
Twitch: https://www.twitch.tv/b3nac_sec
Need a VPS? $100 for DigitalOcean:
https://m.do.co/c/9348bb7410b4…
Social:
Twitter: https://twitter.com/b3nac
Website: https://b3nac.com
Twitch: https://www.twitch.tv/b3nac_sec
Need a VPS? $100 for DigitalOcean:
https://m.do.co/c/9348bb7410b4…
Reverse Engineering Clubhouse
https://www.klmlabs.co/blog/club-house-observations-th5x8
https://www.klmlabs.co/blog/club-house-observations-th5x8
Samsung Investigation Part 1: TEEs, TrustZone and TEEGRIS
https://www.riscure.com/blog/samsung-investigation-part1
https://www.riscure.com/blog/samsung-investigation-part1
Activation of arbitrary intent due to unsafe deserialization - CVE-2020-0082
This leads to EoP in Android 10.
It could start any privileged intent without permission.
With this vulnerability it would be possible to silently install and uninstall any app.
https://github.com/0x742/CVE-2020-0082-ExternalVibration
This leads to EoP in Android 10.
It could start any privileged intent without permission.
With this vulnerability it would be possible to silently install and uninstall any app.
https://github.com/0x742/CVE-2020-0082-ExternalVibration
GitHub
GitHub - 0x742/CVE-2020-0082-ExternalVibration: This repo contains a proof-of-concept for 📱🚀👑⚡, a deserialization vuln for local…
This repo contains a proof-of-concept for 📱🚀👑⚡, a deserialization vuln for local escalation of privilege to system_server in Android 10. This proof-of-concept only activates a privileged intent. - ...
A Special Attack Surface in Android (Ⅱ) — The dangerous deeplinks
https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1359026676922851328
https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1359026676922851328
Using Frida to find hooks in Android applications (security products, malware, or even games deploying anti-cheat software)
https://corellium.com/blog/android-frida-finding-hooks
https://corellium.com/blog/android-frida-finding-hooks
Corellium
Using Frida to Find Hooks | Corellium Support Center
Frida is a dynamic code instrumentation toolkit for developing, researching, and reversing applications.
Use-After-Free in Browser Process that can be used to escape the Chromium sandbox on Android Devices
PoC + denoscription: https://microsoftedge.github.io/edgevr/posts/yet-another-uaf/
PoC + denoscription: https://microsoftedge.github.io/edgevr/posts/yet-another-uaf/
Microsoft Browser Vulnerability Research
Yet another RenderFrameHostImpl UAF
Introduction Back in 2020 while reviewing Chromium code, I found issue 1068395, a Use-After-Free in Browser Process that can be used to escape the Chromium sandbox on Android Devices. This is an interesting vulnerability as it’s a bug pattern that keeps happening…
Vulnerability found in Aiwinn multiple OEM devices allow silent installation of attacker provided app [CVE-2020-0222]
https://bugs.chromium.org/p/apvi/issues/detail?id=36&q=&can=1
https://bugs.chromium.org/p/apvi/issues/detail?id=36&q=&can=1
APKLeaks - scans APK files for URIs, endpoints & secrets
Tool: https://github.com/dwisiswant0/apkleaks
Demo: https://fb.watch/40Jd7HoAqs/
Tool: https://github.com/dwisiswant0/apkleaks
Demo: https://fb.watch/40Jd7HoAqs/
GitHub
GitHub - dwisiswant0/apkleaks: Scanning APK file for URIs, endpoints & secrets.
Scanning APK file for URIs, endpoints & secrets. Contribute to dwisiswant0/apkleaks development by creating an account on GitHub.
Android FluBot (aka Cabassous) - banking malware responsible for spam SMS campaings in Spain & Poland impersonates FedEx, DHL, Correos, Chrome.
FluBot has already infected more than 60,000 victims and stolen 11 million+ phone numbers
https://raw.githubusercontent.com/prodaft/malware-ioc/master/FluBot/FluBot.pdf
FluBot has already infected more than 60,000 victims and stolen 11 million+ phone numbers
https://raw.githubusercontent.com/prodaft/malware-ioc/master/FluBot/FluBot.pdf
👍1
How we could have tracked anyone's live location using Truecaller's "Guardians" app
https://www.pingsafe.ai/blog/hacking-truecallers-guardian-application-to-track-you
https://www.pingsafe.ai/blog/hacking-truecallers-guardian-application-to-track-you