Taking Action Against Hackers in Palestine
Summary: https://about.fb.com/news/2021/04/taking-action-against-hackers-in-palestine/
Report: https://about.fb.com/wp-content/uploads/2021/04/Technical-threat-report-Arid-Viper-April-2021.pdf
Summary: https://about.fb.com/news/2021/04/taking-action-against-hackers-in-palestine/
Report: https://about.fb.com/wp-content/uploads/2021/04/Technical-threat-report-Arid-Viper-April-2021.pdf
Meta Newsroom
Taking Action Against Hackers in Palestine
We’re sharing actions we took against two separate groups of hackers — removing their ability to abuse our platform, distribute malware and hack people’s accounts across the internet.
Android TapJacking Attacks, a thorough guide LAST PART (3)
https://valsamaras.medium.com/tapjacking-attacks-a-thorough-guide-last-part-3-f19614314b7
https://valsamaras.medium.com/tapjacking-attacks-a-thorough-guide-last-part-3-f19614314b7
Medium
TapJacking Attacks, a thorough guide LAST PART (3)
Recap
InternalBlue - Bluetooth → Wi-Fi Code Execution & Wi-Fi Debugging
Blog: https://naehrdine.blogspot.com/2021/04/bluetooth-wi-fi-code-execution-wi-fi.html
PoCs: https://github.com/seemoo-lab/internalblue
Blog: https://naehrdine.blogspot.com/2021/04/bluetooth-wi-fi-code-execution-wi-fi.html
PoCs: https://github.com/seemoo-lab/internalblue
Blogspot
Bluetooth → Wi-Fi Code Execution & Wi-Fi Debugging
Wireless and firmware hacking, PhD life, Technology
How to analyze mobile malware: a Cabassous/FluBot Case study
https://blog.nviso.eu/2021/04/19/how-to-analyze-mobile-malware-a-cabassous-flubot-case-study/
https://blog.nviso.eu/2021/04/19/how-to-analyze-mobile-malware-a-cabassous-flubot-case-study/
NVISO Labs
How to analyze mobile malware: a Cabassous/FluBot Case study
This blogpost explains all the steps I took while analyzing the Cabassous/FluBot malware. I wrote this while analyzing the sample and I’ve written down both successful and failed attempts at …
How to exploit memory corruption bugs on Android + an example of such issue in PayPal app
https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/
https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/
News, Techniques & Guides
Exploiting memory corruption vulnerabilities on Android
In today's blog, we'll discuss memory corruption vulnerabilities in Android apps and how they can be exploited. At the end of the article, we'll show how we found such a vulnerability in PayPal apps and what the result could be.
Forwarded from The Bug Bounty Hunter
Decrypting Mobile App Traffic using AES Killer and Frida
https://n00b.sh/posts/aes-killer-mobile-app-demo/
https://n00b.sh/posts/aes-killer-mobile-app-demo/
Android apps targeting JIO users in India
https://www.zscaler.com/blogs/security-research/android-apps-targeting-jio-users-india
https://www.zscaler.com/blogs/security-research/android-apps-targeting-jio-users-india
Zscaler
Android apps targeting JIO users in India | Zscaler Blog
The attack infection chain begins with a shortened URL link sent via SMS or Whatsapp, which redirects the user to a Weebly website controlled by the attacker.
Mobile Apps Exposing AWS Keys Affect 100M+ Users’ Data
https://bevigil.com/blog/mobile-apps-exposing-aws-keys-affect-100m-users-data/
https://bevigil.com/blog/mobile-apps-exposing-aws-keys-affect-100m-users-data/
Possibilities how to unlock PIN protected Android device using ADB or HID method
https://youtu.be/x5Rt93jshC8
https://youtu.be/x5Rt93jshC8
❤2
Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/roaming-mantis-amplifies-smishing-campaign-with-os-specific-android-malware/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/roaming-mantis-amplifies-smishing-campaign-with-os-specific-android-malware/
McAfee Blog
Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware | McAfee Blog
The Roaming Mantis smishing campaign has been impersonating a logistics company to steal SMS messages and contact lists from Asian Android users since
Security Vulnerabilities fixed in Firefox 88.0.1, Firefox for Android 88.1.3 (CVE-2021-29953: Universal Cross-Site Scripting)
https://www.mozilla.org/en-US/security/advisories/mfsa2021-20/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-20/
Mozilla
Security Vulnerabilities fixed in Firefox 88.0.1, Firefox for Android 88.1.3
128M customers have downloaded the 2500+ apps that were containing malware known as XCodeGhost from the App Store
https://www.vice.com/amp/en/article/n7bbmz/the-fortnite-trial-is-exposing-details-about-the-biggest-iphone-hack-of-all-time
https://www.vice.com/amp/en/article/n7bbmz/the-fortnite-trial-is-exposing-details-about-the-biggest-iphone-hack-of-all-time
Trigger custom URL in Medium Android app
https://medium.com/@Mrcyberwarrior/exploiting-activity-in-medium-android-app-e2e6f3553eef
https://medium.com/@Mrcyberwarrior/exploiting-activity-in-medium-android-app-e2e6f3553eef
Medium
Exploiting Activity in medium android app
Hello friends I am Raju Kumar A.k.a Mrcyberwarrior. Let’s come to the story, I found vulnerabilities in the web as well as android…
Technical analysis of Android banking malware called TeaBot aka Antsa aka Toddler (it is not a FluBot)
https://f.hubspotusercontent10.net/hubfs/3993512/%5BTLP_WHITE%5DCleafyLABS_TeaBot_Technical_Analysis.pdf
https://f.hubspotusercontent10.net/hubfs/3993512/%5BTLP_WHITE%5DCleafyLABS_TeaBot_Technical_Analysis.pdf
Android overlay attacks on Belgian financial applications #TeaBot
https://blog.nviso.eu/2021/05/11/android-overlay-attacks-on-belgian-financial-applications/
https://blog.nviso.eu/2021/05/11/android-overlay-attacks-on-belgian-financial-applications/
NVISO Labs
New mobile malware family now also targets Belgian financial apps
While banking trojans have been around for a very long time now, we have never seen a mobile malware family attack the applications of Belgian financial institutions. Until today… Earlier thi…
Analysis and replication of tampered Instagram story that crashes the app
https://youtu.be/4jCetFetFQA
https://youtu.be/4jCetFetFQA
Fake Android and iOS apps disguise as trading and cryptocurrency apps
https://news.sophos.com/en-us/2021/05/12/fake-android-and-ios-apps-disguise-as-trading-and-cryptocurrency-apps/
https://news.sophos.com/en-us/2021/05/12/fake-android-and-ios-apps-disguise-as-trading-and-cryptocurrency-apps/
Sophos News
Fake Android and iOS apps disguise as trading and cryptocurrency apps
Criminals have published hundreds of bogus banking, finance, and cryptocurrency apps that steal your money
👍1
Android stalkerware vulnerabilities
Manual analysis of 58 Android stalkerware apps revealed 158 security and privacy issues
https://www.welivesecurity.com/2021/05/17/android-stalkerware-threatens-victims-further-exposes-snoopers-themselves/
Manual analysis of 58 Android stalkerware apps revealed 158 security and privacy issues
https://www.welivesecurity.com/2021/05/17/android-stalkerware-threatens-victims-further-exposes-snoopers-themselves/
WeLiveSecurity
Android stalkerware threatens victims further and exposes snoopers themselves
ESET research shows that Android stalkerware apps are riddled with security flaws that may also expose the privacy and security of the stalkers themselves.
How Flubot targets Android phone users and their money
https://www.nortonlifelock.com/blogs/research-group/flubot-targets-android-phone-users
https://www.nortonlifelock.com/blogs/research-group/flubot-targets-android-phone-users