How to use Android as Rubber Ducky from NetHunter | Tutorial
https://youtu.be/bYfict-752k
https://youtu.be/bYfict-752k
BRATA Android Banking Malware Keeps Sneaking into Google Play, Now Targeting USA and Spain
Blog: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/brata-keeps-sneaking-into-google-play-now-targeting-usa-and-spain/
Full report: https://www.mcafee.com/enterprise/en-us/assets/reports/rp-brata.pdf
Blog: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/brata-keeps-sneaking-into-google-play-now-targeting-usa-and-spain/
Full report: https://www.mcafee.com/enterprise/en-us/assets/reports/rp-brata.pdf
McAfee Blog
BRATA Keeps Sneaking into Google Play, Now Targeting USA and Spain | McAfee Blog
Recently, the McAfee Mobile Research Team uncovered several new variants of the Android malware family BRATA being distributed in Google Play, ironically
Solving OWASP UnCrackable Android App Level 1 with Runtime Mobile Security (RMS)
https://youtu.be/P6rNPkM2DdY
https://youtu.be/P6rNPkM2DdY
YouTube
Solving OWASP UnCrackable Android App Level 1 with Runtime Mobile Security (RMS) 📱🔥
Solving OWASP UnCrackable Android App Level 1 with
Runtime Mobile Security (RMS) 📱🔥
Github Repo: https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security
UnCrackable App for Android Level 1 - Download: https://github.com/OWASP/owasp-mstg/tree/master/Crackmes…
Runtime Mobile Security (RMS) 📱🔥
Github Repo: https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security
UnCrackable App for Android Level 1 - Download: https://github.com/OWASP/owasp-mstg/tree/master/Crackmes…
Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027)
Research: https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/
PoC: https://github.com/CENSUS/whatsapp-mitd-mitm
Research: https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/
PoC: https://github.com/CENSUS/whatsapp-mitd-mitm
Census-Labs
CENSUS | Cybersecurity Engineering
In this article we will have a look at how a simple phishing attack through an Android messaging application could result in the direct leakage of data found in unprotected device storage (/sdcard). Then we will show how the two aforementioned WhatsApp vulnerabilities…
Google Photos : Theft of Database & Arbitrary Files Android Vulnerability
PoC + research: https://servicenger.com/blog/mobile/google-photos-theft-of-database-arbitrary-files-android-vulnerability/
PoC + research: https://servicenger.com/blog/mobile/google-photos-theft-of-database-arbitrary-files-android-vulnerability/
Hunting for bugs in Telegram's animated stickers remote attack surface
https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/
https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/
Shielder
Shielder - Hunting for bugs in Telegram's animated stickers remote attack surface
polict's 2020 journey in researching the lottie animation format, its integration in mobile apps and the vulnerabilities triggerable by a remote attacker against any Telegram user.
How to setup Android as Rubber Ducky without NetHunter - part 2 | Tutorial
https://youtu.be/Mek9DMGy8os
https://youtu.be/Mek9DMGy8os
Clever Billing Fraud Applications on Google Play: Etinu
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clever-billing-fraud-applications-on-google-play-etinu/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clever-billing-fraud-applications-on-google-play-etinu/
McAfee Blog
Clever Billing Fraud Applications on Google Play: Etinu | McAfee Blog
Authored by: Sang Ryol Ryu and Chanung Pak A new wave of fraudulent apps has made its way to the Google Play store, targeting Android users in Southwest
Taking Action Against Hackers in Palestine
Summary: https://about.fb.com/news/2021/04/taking-action-against-hackers-in-palestine/
Report: https://about.fb.com/wp-content/uploads/2021/04/Technical-threat-report-Arid-Viper-April-2021.pdf
Summary: https://about.fb.com/news/2021/04/taking-action-against-hackers-in-palestine/
Report: https://about.fb.com/wp-content/uploads/2021/04/Technical-threat-report-Arid-Viper-April-2021.pdf
Meta Newsroom
Taking Action Against Hackers in Palestine
We’re sharing actions we took against two separate groups of hackers — removing their ability to abuse our platform, distribute malware and hack people’s accounts across the internet.
Android TapJacking Attacks, a thorough guide LAST PART (3)
https://valsamaras.medium.com/tapjacking-attacks-a-thorough-guide-last-part-3-f19614314b7
https://valsamaras.medium.com/tapjacking-attacks-a-thorough-guide-last-part-3-f19614314b7
Medium
TapJacking Attacks, a thorough guide LAST PART (3)
Recap
InternalBlue - Bluetooth → Wi-Fi Code Execution & Wi-Fi Debugging
Blog: https://naehrdine.blogspot.com/2021/04/bluetooth-wi-fi-code-execution-wi-fi.html
PoCs: https://github.com/seemoo-lab/internalblue
Blog: https://naehrdine.blogspot.com/2021/04/bluetooth-wi-fi-code-execution-wi-fi.html
PoCs: https://github.com/seemoo-lab/internalblue
Blogspot
Bluetooth → Wi-Fi Code Execution & Wi-Fi Debugging
Wireless and firmware hacking, PhD life, Technology
How to analyze mobile malware: a Cabassous/FluBot Case study
https://blog.nviso.eu/2021/04/19/how-to-analyze-mobile-malware-a-cabassous-flubot-case-study/
https://blog.nviso.eu/2021/04/19/how-to-analyze-mobile-malware-a-cabassous-flubot-case-study/
NVISO Labs
How to analyze mobile malware: a Cabassous/FluBot Case study
This blogpost explains all the steps I took while analyzing the Cabassous/FluBot malware. I wrote this while analyzing the sample and I’ve written down both successful and failed attempts at …
How to exploit memory corruption bugs on Android + an example of such issue in PayPal app
https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/
https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/
News, Techniques & Guides
Exploiting memory corruption vulnerabilities on Android
In today's blog, we'll discuss memory corruption vulnerabilities in Android apps and how they can be exploited. At the end of the article, we'll show how we found such a vulnerability in PayPal apps and what the result could be.
Forwarded from The Bug Bounty Hunter
Decrypting Mobile App Traffic using AES Killer and Frida
https://n00b.sh/posts/aes-killer-mobile-app-demo/
https://n00b.sh/posts/aes-killer-mobile-app-demo/
Android apps targeting JIO users in India
https://www.zscaler.com/blogs/security-research/android-apps-targeting-jio-users-india
https://www.zscaler.com/blogs/security-research/android-apps-targeting-jio-users-india
Zscaler
Android apps targeting JIO users in India | Zscaler Blog
The attack infection chain begins with a shortened URL link sent via SMS or Whatsapp, which redirects the user to a Weebly website controlled by the attacker.
Mobile Apps Exposing AWS Keys Affect 100M+ Users’ Data
https://bevigil.com/blog/mobile-apps-exposing-aws-keys-affect-100m-users-data/
https://bevigil.com/blog/mobile-apps-exposing-aws-keys-affect-100m-users-data/
Possibilities how to unlock PIN protected Android device using ADB or HID method
https://youtu.be/x5Rt93jshC8
https://youtu.be/x5Rt93jshC8
❤2
Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/roaming-mantis-amplifies-smishing-campaign-with-os-specific-android-malware/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/roaming-mantis-amplifies-smishing-campaign-with-os-specific-android-malware/
McAfee Blog
Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware | McAfee Blog
The Roaming Mantis smishing campaign has been impersonating a logistics company to steal SMS messages and contact lists from Asian Android users since
Security Vulnerabilities fixed in Firefox 88.0.1, Firefox for Android 88.1.3 (CVE-2021-29953: Universal Cross-Site Scripting)
https://www.mozilla.org/en-US/security/advisories/mfsa2021-20/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-20/
Mozilla
Security Vulnerabilities fixed in Firefox 88.0.1, Firefox for Android 88.1.3