Creating a powerful Android app context protector with Frida and r2
https://docs.google.com/presentation/d/1BktWJ91ill5iI_-ENzh2Uq14BGIHxxpONzNYybYJIC4/edit#slide=id.p
https://docs.google.com/presentation/d/1BktWJ91ill5iI_-ENzh2Uq14BGIHxxpONzNYybYJIC4/edit#slide=id.p
Google Docs
Creating a powerful protector with frida
Creating a powerful Android app context protector With frida and r2 Giovanni - iGio90 - Rocca @Ultrapowa | @Defunct | @Bha | @Pepper | @VeronicaPabloOsorio m0lecon 2020
iOS zero-day let SolarWinds hackers compromise fully updated iPhones
https://arstechnica.com/gadgets/2021/07/solarwinds-hackers-used-an-ios-0-day-to-steal-google-and-microsoft-credentials/
https://arstechnica.com/gadgets/2021/07/solarwinds-hackers-used-an-ios-0-day-to-steal-google-and-microsoft-credentials/
Ars Technica
iOS zero-day let SolarWinds hackers compromise fully updated iPhones
Flaw was exploited when government officials clicked on links in LinkedIn messages.
Blog post about the anti-jailbreak, anti-Frida, anti-debug used in PokemonGO
https://www.romainthomas.fr/post/21-07-pokemongo-anti-frida-jailbreak-bypass/
https://www.romainthomas.fr/post/21-07-pokemongo-anti-frida-jailbreak-bypass/
Romain Thomas
Gotta Catch 'Em All: Frida & jailbreak detection | Romain Thomas
This blog post analyzes the Frida and Jailbreak detection in PokemonGO for iOS.
Meet WiFiDemon: iOS WiFi RCE 0-Day Vulnerability & a 'Zero-Click' Vulnerability That was Silently Patched
https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/
https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/
Jamf
Jamf Threat Labs | Blog
Forensic Methodology Report: How to catch NSO Group’s Pegasus
https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
Amnesty International
Forensic Methodology Report: How to catch NSO Group’s Pegasus
NSO Group claims that its Pegasus spyware is only used to “investigate terrorism and crime” and “leaves no traces whatsoever”. This Forensic Methodology Report shows that neither of these statements are true. This report accompanies the release of the Pegasus…
Some URL shortener services distribute Android malware, including banking or SMS trojans
https://www.welivesecurity.com/2021/07/20/url-shortener-services-android-malware-banking-sms-trojans/
https://www.welivesecurity.com/2021/07/20/url-shortener-services-android-malware-banking-sms-trojans/
WeLiveSecurity
Some URL shortener services distribute Android malware, including banking or SMS trojans
On iOS we have seen link shortener services pushing spam calendar files to victims’ devices.
Forwarded from The Bug Bounty Hunter
Pentesting iOS| Starting With iOS Emulator Corellium & Re-signing IPA
https://justm0rph3u5.medium.com/pentesting-ios-starting-with-ios-emulator-corellium-re-signing-ipa-9ce3cbd19721
https://justm0rph3u5.medium.com/pentesting-ios-starting-with-ios-emulator-corellium-re-signing-ipa-9ce3cbd19721
Medium
Pentesting iOS| Starting With iOS Emulator Corellium & Re-signing IPA
Corellium provided virtual iOS-based devices for individual accounts on our groundbreaking security research platform, CORSEC. Corellium’s…
The Coper―a new Android banking trojan targeting Colombian users
https://news.drweb.com/show/?i=14259&lng=en&c=5
https://news.drweb.com/show/?i=14259&lng=en&c=5
Dr.Web
The Coper―a new Android banking trojan targeting Colombian users
Doctor Web warns of a newly discovered family of Android banking trojans dubbed Android.BankBot.Coper. The malicious apps have a modular architecture and a multi-stage infection mechanism. They also have several protective techniques helping them withstand…
StrongPity APT Group Deploys Android Malware for the First Time on the Syrian e-Gov website
https://www.trendmicro.com/en_us/research/21/g/strongpity-apt-group-deploys-android-malware-for-the-first-time.html
https://www.trendmicro.com/en_us/research/21/g/strongpity-apt-group-deploys-android-malware-for-the-first-time.html
Trend Micro
StrongPity APT Group Deploys Android Malware for the First Time
We recently conducted an investigation into a malicious Android malware sample, which we believe can be attributed to the StrongPity APT group, that was posted on the Syrian e-Gov website. To the best of our knowledge, this is the first time that the group…
Signal fixes bug in Android app that sent random images to wrong contacts
https://www.bleepingcomputer.com/news/security/signal-fixes-bug-that-sent-random-images-to-wrong-contacts/
https://www.bleepingcomputer.com/news/security/signal-fixes-bug-that-sent-random-images-to-wrong-contacts/
BleepingComputer
Signal fixes bug that sent random images to wrong contacts
Signal has fixed a serious bug in its Android app that, in some cases, sent random unintended pictures to contacts without an obvious explanation. Although the issue was reported in December 2020, given the difficulty of reproducing the bug, it isn't until…
Android Vultur RAT — new remote access trojan can record screen, keylog user input, steal banking credentials and has VNC module to provide remote access
https://threatfabric.com/blogs/vultur-v-for-vnc.html
https://threatfabric.com/blogs/vultur-v-for-vnc.html
Threatfabric
Vultur, with a V for VNC
New Android RAT Vultur using keylogging and VNC-based screen recording to target banking apps.
Detailed analysis of Android Spyware spread via URL links as Google Play
https://github.com/cynychwr/android-malware/tree/main/samples/Backdoor/com.gmrdc.keep
https://github.com/cynychwr/android-malware/tree/main/samples/Backdoor/com.gmrdc.keep
GitHub
android-malware/samples/Backdoor/com.gmrdc.keep at main · cynychwr/android-malware
Contribute to cynychwr/android-malware development by creating an account on GitHub.
Oscorp evolves into UBEL: an advanced Android malware spreading across the globe
https://www.cleafy.com/cleafy-labs/ubel-oscorp-evolution
https://www.cleafy.com/cleafy-labs/ubel-oscorp-evolution
Cleafy
Oscorp evolves into UBEL: an Android malware spreading across the globe | Cleafy Labs
The Android malware Oscorp keeps evolving. UBEL was born, a new advanced threat targeting banks across the globe: here is the full technical report
XXE in Public Transport Ticketing Mobile APP
https://blog.niksthehacker.com/xxe-in-public-transport-ticketing-mobile-app-81ae245c01a1
https://blog.niksthehacker.com/xxe-in-public-transport-ticketing-mobile-app-81ae245c01a1
Medium
XXE in Public Transport Ticketing Mobile APP
This finding was an another private bug bounty program. The scope of the target was a ticketing android app (Prod). This app was a major…
NSA guidance how to secure wireless devices
https://media.defense.gov/2021/Jul/29/2002815141/-1/-1/0/CSI_SECURING_WIRELESS_DEVICES_IN_PUBLIC.PDF
https://media.defense.gov/2021/Jul/29/2002815141/-1/-1/0/CSI_SECURING_WIRELESS_DEVICES_IN_PUBLIC.PDF
👍1
ProtonMail : forensic decryption of iOS App
https://xperylab.medium.com/protonmail-forensic-decryption-of-ios-app-8e9ae9f50953
https://xperylab.medium.com/protonmail-forensic-decryption-of-ios-app-8e9ae9f50953
Medium
ProtonMail : forensic decryption of iOS App
ProtonMail is a full PGP end-to-end encrypted email provider who is claiming privacy, anonymity and security. As forensic examiners, we…
Facebook Messenger for Android indirect thread deletion vulnerability
https://servicenger.com/blog/mobile/android/facebook-messenger-for-android-indirect-thread-deletion/
https://servicenger.com/blog/mobile/android/facebook-messenger-for-android-indirect-thread-deletion/
FlyTrap Android Malware Compromises Thousands of Facebook Accounts
https://blog.zimperium.com/flytrap-android-malware-compromises-thousands-of-facebook-accounts/
https://blog.zimperium.com/flytrap-android-malware-compromises-thousands-of-facebook-accounts/
Bahamut Threat Group Targeting Users Through Phishing Campaign https://blog.cyble.com/2021/08/10/bahamut-threat-group-targeting-users-through-phishing-campaign/
Cyble
Cyble - Bahamut Threat Group Targeting Users Through Phishing Campaign
A phishing campaign from a Twitter post. The Threat Actor (TA) hosts malicious Android APK files on a counterfeit version of Jamaat websites.