Samsung advice their users to scan their TVs for malware.
https://twitter.com/SamsungSupport/status/1140409768743452672
https://twitter.com/SamsungSupport/status/1140409768743452672
Running iOS in QEMU to an interactive bash shell (1): tutorial
https://alephsecurity.com/2019/06/17/xnu-qemu-arm64-1/
https://alephsecurity.com/2019/06/17/xnu-qemu-arm64-1/
Alephsecurity
Running iOS in QEMU to an interactive bash shell (1): tutorial
Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East
Over 660 Android victims infected via malicious webs promoted on social media. Main goal was espionage.
https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/
Over 660 Android victims infected via malicious webs promoted on social media. Main goal was espionage.
https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/
Trendmicro
Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East - TrendLabs Security Intelligence Blog
We uncovered a cyberespionage campaign targeting Middle Eastern countries we named “Bouncing Golf” based on the malware’s code in the package named “golf.”
QR code app on Google Play with over 1,000,000 installs requests $100 trial payment
https://www.androidpolice.com/2019/06/18/qr-code-app-on-play-store-ripping-people-off-for-100-through-shady-trial-scheme/
https://www.androidpolice.com/2019/06/18/qr-code-app-on-play-store-ripping-people-off-for-100-through-shady-trial-scheme/
Android Police
QR code app on Play Store ripping people off for $100+ through shady trial scheme
With over two million applications in the Play Store, there are bound to be a few bad apples here and there. However, the creatively named "QR Code... by Richard Gao in Applications, News
Malicious photo editor app found on Google Play with 10K+ installs
Malware signed users for unwanted subnoscription and intercepted SMS verification codes by having access to notifications.
https://www.kaspersky.com/blog/malicious-camera-app/27391/
Malware signed users for unwanted subnoscription and intercepted SMS verification codes by having access to notifications.
https://www.kaspersky.com/blog/malicious-camera-app/27391/
Kaspersky
A photo editor with a difference
How a photo editor app from Google Play secretly signed up users for unwanted paid services.
Mobile cryptojacking and related abuse
https://t.co/I40ye67huy (pdf)
https://t.co/I40ye67huy (pdf)
Vulnerabilities and threats in mobile applications, 2019
https://www.ptsecurity.com/ww-en/analytics/mobile-application-security-threats-and-vulnerabilities-2019/
https://www.ptsecurity.com/ww-en/analytics/mobile-application-security-threats-and-vulnerabilities-2019/
👍1
Microsoft Outlook for Android Open to XSS Attacks
The attacker who successfully exploited this vulnerability could then perform cross-site noscripting attacks on the affected systems and run noscripts in the security context of the current user.
https://threatpost.com/microsoft-outlook-android-xss/145924/
The attacker who successfully exploited this vulnerability could then perform cross-site noscripting attacks on the affected systems and run noscripts in the security context of the current user.
https://threatpost.com/microsoft-outlook-android-xss/145924/
Threat Post
Microsoft Outlook for Android Open to XSS Attacks
A spoofing bug (CVE-2019-1105) can open the door to an email attack chain.
New cryptocurrency-mining botnet malware arrives via open ADB (Android Debug Bridge) ports and can spread via SSH
https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-mining-botnet-arrives-through-adb-and-spreads-through-ssh/
https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-mining-botnet-arrives-through-adb-and-spreads-through-ssh/
Trend Micro
Cryptocurrency-Mining Botnet Spreads via ADB, SSH
We observed a new cryptocurrency-mining botnet that arrives via open ADB (Android Debug Bridge) ports and can spread via SSH. This attack takes advantage of the way open ADB ports don’t have authentication by default.
Frida Android unpack
Script for Android O and Android P to get unpacked DEX file from memory.
https://github.com/xiaokanghub/Frida-Android-unpack/blob/master/README.md
Script for Android O and Android P to get unpacked DEX file from memory.
https://github.com/xiaokanghub/Frida-Android-unpack/blob/master/README.md
GitHub
Frida-Android-unpack/README.md at master · xiaokanghub/Frida-Android-unpack
this unpack noscript for Android O and Android P. Contribute to xiaokanghub/Frida-Android-unpack development by creating an account on GitHub.
Dont hack mobile devices, hack cell network providers to conduct targeted surveillance on individuals of interest.
At least 10 cell networks have been hacked over the past 7 years.
https://techcrunch.com/2019/06/24/hackers-cell-networks-call-records-theft/
At least 10 cell networks have been hacked over the past 7 years.
https://techcrunch.com/2019/06/24/hackers-cell-networks-call-records-theft/
TechCrunch
Hackers are stealing years of call records from hacked cell networks
Security researchers say they have uncovered a massive espionage campaign involving the theft of call records from hacked cell network providers to conduct targeted surveillance on individuals of interest. The hackers have systematically broken in to more…
Another mobile banking Trojan family - Riltok
This demonstrate that misusing Accessibility services by Android banking malware is common feature now.
https://securelist.com/mobile-banker-riltok/91374/
This demonstrate that misusing Accessibility services by Android banking malware is common feature now.
https://securelist.com/mobile-banker-riltok/91374/
Securelist
Riltok mobile Trojan: A banker with global reach
Riltok is one of numerous families of mobile banking Trojans with standard (for such malware) functions and distribution methods. Originally intended to target the Russian audience, the banker was later adapted for the European “market.
The story of an Android application called MFSocket, a new monitoring tool made in China.
https://medium.com/@fs0c131y/mfsocket-a-chinese-surveillance-tool-58e8850c3de4
https://medium.com/@fs0c131y/mfsocket-a-chinese-surveillance-tool-58e8850c3de4
Medium
MFSocket: A Chinese surveillance tool
It is well known that China spies on its fellow citizens. In this article I will tell you the story of an Android application called…
Tracing the Supply Chain Attack on Android
Who is behind supply chain attack that resulted deliver malicious software being pre-installed on millions of new budget Android devices?
https://krebsonsecurity.com/2019/06/tracing-the-supply-chain-attack-on-android-2/
Who is behind supply chain attack that resulted deliver malicious software being pre-installed on millions of new budget Android devices?
https://krebsonsecurity.com/2019/06/tracing-the-supply-chain-attack-on-android-2/
ViceLeaker Operation: mobile espionage targeting Middle East
This campaign is mostly spread via Telegram and WhatsApp channels by posting Trojanized Android apps - Sex Game, Psiphon, English Story book...
https://securelist.com/fanning-the-flames-viceleaker-operation/90877/
This campaign is mostly spread via Telegram and WhatsApp channels by posting Trojanized Android apps - Sex Game, Psiphon, English Story book...
https://securelist.com/fanning-the-flames-viceleaker-operation/90877/
Securelist
ViceLeaker Operation: mobile espionage targeting Middle East | Securelist
In May 2018, we discovered a campaign targeting dozens of mobile Android devices belonging to Israeli citizens. We decided to call the operation “ViceLeaker”, because of strings and variables in its…
Apple Watch Forensics: Analysis
▪️Analyzing backups of a paired iPhone
▪️Extracting data from Apple Watch
▪️Device Information and the list of installed apps
▪️Extracting device logs
▪️Cloud acquisition
https://blog.elcomsoft.com/2019/06/apple-watch-forensics-02-analysis/
▪️Analyzing backups of a paired iPhone
▪️Extracting data from Apple Watch
▪️Device Information and the list of installed apps
▪️Extracting device logs
▪️Cloud acquisition
https://blog.elcomsoft.com/2019/06/apple-watch-forensics-02-analysis/
ElcomSoft blog
Apple Watch Forensics 02: Analysis
Over the last several years, the use of smart wearables has increased significantly. With 141 million smartwatch units sold in 2018, the number of smart wearables sold has nearly doubled compared to the year before. Among the various competitors, the Apple…
EvilParcel vulnerabilities analysis
Android Malware that exploit the EvilParcel vulnerabilities are granted higher privileges and can:
▪️installing and removing applications
▪️infecting software installed on the device and replacing clean originals with infected copies
▪️resetting the lock screen PIN
https://habr.com/en/company/drweb/blog/457610/
Android Malware that exploit the EvilParcel vulnerabilities are granted higher privileges and can:
▪️installing and removing applications
▪️infecting software installed on the device and replacing clean originals with infected copies
▪️resetting the lock screen PIN
https://habr.com/en/company/drweb/blog/457610/
Habr
EvilParcel vulnerabilities analysis
Introduction In mid-April, we published news about the Android.InfectionAds.1 trojan, which exploited several critical vulnerabilities in Android. One of them, CVE-2017-13156 (also known as Janus),...
Massive-Scale Espionage: Hackers Reportedly Steal Records From Cell Phone Providers Worldwide
https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers
https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers
Cybereason
Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers
In 2018, the Cybereason Nocturnus team identified Operation Soft Cell, an advanced, persistent attack targeting global telecommunications providers.
Using Apple iCloud and Google to track users in real time
https://www.dropbox.com/s/3mb9t4rpk2pklxk/2019_Real-time_evidence_ElcomSoft.pdf
https://www.dropbox.com/s/3mb9t4rpk2pklxk/2019_Real-time_evidence_ElcomSoft.pdf
Dropbox
2019_Real-time_evidence_ElcomSoft.pdf
Shared with Dropbox