Pre-installed auto installer threat found on Android mobile devices in Germany
https://blog.malwarebytes.com/android/2021/04/pre-installed-auto-installer-threat-found-on-android-mobile-devices-in-germany/
https://blog.malwarebytes.com/android/2021/04/pre-installed-auto-installer-threat-found-on-android-mobile-devices-in-germany/
Malwarebytes Labs
Pre-installed auto installer threat found on Android mobile devices in Germany
Gigaset mobile devices contain an Update app which is a pre-installed system app infected with Android/PUP.Riskware.Autoins.Redstone.
Malware found on the Huawei's AppGallery app store for the first time (10 apps were installed by 538,000 users)
https://news.drweb.com/show/?i=14182
https://news.drweb.com/show/?i=14182
Dr.Web
Malware found on the AppGallery app store for the first time
Doctor Web’s virus analysts have uncovered the first malware on AppGallery―the official app store from the Huawei Android device manufacturer. They turned out to be dangerous Android.Joker trojans that function primarily to subscribe users to premium mobile…
❤1
Unprotected Exported Intents Expose Sensitive Information in LAVA app (CVE-2020-27069)
https://bugs.chromium.org/p/apvi/issues/detail?id=42&q=&can=1
https://bugs.chromium.org/p/apvi/issues/detail?id=42&q=&can=1
Wormable Android Malware Spreads by Creating Auto-Replies to Messages in WhatsApp
Demo: https://www.instagram.com/p/CNXpGCZAv36/
Research: https://research.checkpoint.com/2021/new-wormable-android-malware-spreads-by-creating-auto-replies-to-messages-in-whatsapp/
Demo: https://www.instagram.com/p/CNXpGCZAv36/
Research: https://research.checkpoint.com/2021/new-wormable-android-malware-spreads-by-creating-auto-replies-to-messages-in-whatsapp/
Triada Trojan detected in APKPure client app
https://news.drweb.com/show/?i=14188&lng=en
https://news.drweb.com/show/?i=14188&lng=en
Dr.Web
Trojan detected in APKPure Android app store client software
Doctor Web specialists have discovered a malicious functionality in APKPure—the official client application of the popular third-party Android app store. The trojan built into it downloads and installs various apps, including other malware, without users’…
SiAAA - Auto Install Scripts for i0S and Android Application Analysis
https://m2sup3rn0va.github.io/SiAAA/siaaa.html
https://m2sup3rn0va.github.io/SiAAA/siaaa.html
Clubhouse data leak: 1.3 million user records leaked online for free
User ID
Name
Photo URL
Username
Twitter handle
Instagram handle
Number of followers
Number of people followed by the user
Account creation date
Invited by user profile name
https://cybernews.com/security/clubhouse-data-leak-1-3-million-user-records-leaked-for-free-online/
User ID
Name
Photo URL
Username
Twitter handle
Instagram handle
Number of followers
Number of people followed by the user
Account creation date
Invited by user profile name
https://cybernews.com/security/clubhouse-data-leak-1-3-million-user-records-leaked-for-free-online/
Cybernews
Clubhouse data leak: 1.3 million scraped user records leaked online for free
An SQL database containing 1.3 million Clubhouse user records has been leaked for free on a popular hacker forum.
How to use Android as Rubber Ducky from NetHunter | Tutorial
https://youtu.be/bYfict-752k
https://youtu.be/bYfict-752k
BRATA Android Banking Malware Keeps Sneaking into Google Play, Now Targeting USA and Spain
Blog: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/brata-keeps-sneaking-into-google-play-now-targeting-usa-and-spain/
Full report: https://www.mcafee.com/enterprise/en-us/assets/reports/rp-brata.pdf
Blog: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/brata-keeps-sneaking-into-google-play-now-targeting-usa-and-spain/
Full report: https://www.mcafee.com/enterprise/en-us/assets/reports/rp-brata.pdf
McAfee Blog
BRATA Keeps Sneaking into Google Play, Now Targeting USA and Spain | McAfee Blog
Recently, the McAfee Mobile Research Team uncovered several new variants of the Android malware family BRATA being distributed in Google Play, ironically
Solving OWASP UnCrackable Android App Level 1 with Runtime Mobile Security (RMS)
https://youtu.be/P6rNPkM2DdY
https://youtu.be/P6rNPkM2DdY
YouTube
Solving OWASP UnCrackable Android App Level 1 with Runtime Mobile Security (RMS) 📱🔥
Solving OWASP UnCrackable Android App Level 1 with
Runtime Mobile Security (RMS) 📱🔥
Github Repo: https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security
UnCrackable App for Android Level 1 - Download: https://github.com/OWASP/owasp-mstg/tree/master/Crackmes…
Runtime Mobile Security (RMS) 📱🔥
Github Repo: https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security
UnCrackable App for Android Level 1 - Download: https://github.com/OWASP/owasp-mstg/tree/master/Crackmes…
Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)
Research: https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/
PoC: https://github.com/CENSUS/whatsapp-mitd-mitm
Research: https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/
PoC: https://github.com/CENSUS/whatsapp-mitd-mitm
Census-Labs
CENSUS | Cybersecurity Engineering
In this article we will have a look at how a simple phishing attack through an Android messaging application could result in the direct leakage of data found in unprotected device storage (/sdcard). Then we will show how the two aforementioned WhatsApp vulnerabilities…
Google Photos : Theft of Database & Arbitrary Files Android Vulnerability
PoC + research: https://servicenger.com/blog/mobile/google-photos-theft-of-database-arbitrary-files-android-vulnerability/
PoC + research: https://servicenger.com/blog/mobile/google-photos-theft-of-database-arbitrary-files-android-vulnerability/
Hunting for bugs in Telegram's animated stickers remote attack surface
https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/
https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/
Shielder
Shielder - Hunting for bugs in Telegram's animated stickers remote attack surface
polict's 2020 journey in researching the lottie animation format, its integration in mobile apps and the vulnerabilities triggerable by a remote attacker against any Telegram user.
How to setup Android as Rubber Ducky without NetHunter - part 2 | Tutorial
https://youtu.be/Mek9DMGy8os
https://youtu.be/Mek9DMGy8os
Clever Billing Fraud Applications on Google Play: Etinu
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clever-billing-fraud-applications-on-google-play-etinu/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clever-billing-fraud-applications-on-google-play-etinu/
McAfee Blog
Clever Billing Fraud Applications on Google Play: Etinu | McAfee Blog
Authored by: Sang Ryol Ryu and Chanung Pak A new wave of fraudulent apps has made its way to the Google Play store, targeting Android users in Southwest
Taking Action Against Hackers in Palestine
Summary: https://about.fb.com/news/2021/04/taking-action-against-hackers-in-palestine/
Report: https://about.fb.com/wp-content/uploads/2021/04/Technical-threat-report-Arid-Viper-April-2021.pdf
Summary: https://about.fb.com/news/2021/04/taking-action-against-hackers-in-palestine/
Report: https://about.fb.com/wp-content/uploads/2021/04/Technical-threat-report-Arid-Viper-April-2021.pdf
Meta Newsroom
Taking Action Against Hackers in Palestine
We’re sharing actions we took against two separate groups of hackers — removing their ability to abuse our platform, distribute malware and hack people’s accounts across the internet.
Android TapJacking Attacks, a thorough guide LAST PART (3)
https://valsamaras.medium.com/tapjacking-attacks-a-thorough-guide-last-part-3-f19614314b7
https://valsamaras.medium.com/tapjacking-attacks-a-thorough-guide-last-part-3-f19614314b7
Medium
TapJacking Attacks, a thorough guide LAST PART (3)
Recap
InternalBlue - Bluetooth → Wi-Fi Code Execution & Wi-Fi Debugging
Blog: https://naehrdine.blogspot.com/2021/04/bluetooth-wi-fi-code-execution-wi-fi.html
PoCs: https://github.com/seemoo-lab/internalblue
Blog: https://naehrdine.blogspot.com/2021/04/bluetooth-wi-fi-code-execution-wi-fi.html
PoCs: https://github.com/seemoo-lab/internalblue
Blogspot
Bluetooth → Wi-Fi Code Execution & Wi-Fi Debugging
Wireless and firmware hacking, PhD life, Technology
How to analyze mobile malware: a Cabassous/FluBot Case study
https://blog.nviso.eu/2021/04/19/how-to-analyze-mobile-malware-a-cabassous-flubot-case-study/
https://blog.nviso.eu/2021/04/19/how-to-analyze-mobile-malware-a-cabassous-flubot-case-study/
NVISO Labs
How to analyze mobile malware: a Cabassous/FluBot Case study
This blogpost explains all the steps I took while analyzing the Cabassous/FluBot malware. I wrote this while analyzing the sample and I’ve written down both successful and failed attempts at …
How to exploit memory corruption bugs on Android + an example of such issue in PayPal app
https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/
https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/
News, Techniques & Guides
Exploiting memory corruption vulnerabilities on Android
In today's blog, we'll discuss memory corruption vulnerabilities in Android apps and how they can be exploited. At the end of the article, we'll show how we found such a vulnerability in PayPal apps and what the result could be.
Forwarded from The Bug Bounty Hunter
Decrypting Mobile App Traffic using AES Killer and Frida
https://n00b.sh/posts/aes-killer-mobile-app-demo/
https://n00b.sh/posts/aes-killer-mobile-app-demo/