Signal fixes bug in Android app that sent random images to wrong contacts
https://www.bleepingcomputer.com/news/security/signal-fixes-bug-that-sent-random-images-to-wrong-contacts/
https://www.bleepingcomputer.com/news/security/signal-fixes-bug-that-sent-random-images-to-wrong-contacts/
BleepingComputer
Signal fixes bug that sent random images to wrong contacts
Signal has fixed a serious bug in its Android app that, in some cases, sent random unintended pictures to contacts without an obvious explanation. Although the issue was reported in December 2020, given the difficulty of reproducing the bug, it isn't until…
Android Vultur RAT — new remote access trojan can record screen, keylog user input, steal banking credentials and has VNC module to provide remote access
https://threatfabric.com/blogs/vultur-v-for-vnc.html
https://threatfabric.com/blogs/vultur-v-for-vnc.html
Threatfabric
Vultur, with a V for VNC
New Android RAT Vultur using keylogging and VNC-based screen recording to target banking apps.
Detailed analysis of Android Spyware spread via URL links as Google Play
https://github.com/cynychwr/android-malware/tree/main/samples/Backdoor/com.gmrdc.keep
https://github.com/cynychwr/android-malware/tree/main/samples/Backdoor/com.gmrdc.keep
GitHub
android-malware/samples/Backdoor/com.gmrdc.keep at main · cynychwr/android-malware
Contribute to cynychwr/android-malware development by creating an account on GitHub.
Oscorp evolves into UBEL: an advanced Android malware spreading across the globe
https://www.cleafy.com/cleafy-labs/ubel-oscorp-evolution
https://www.cleafy.com/cleafy-labs/ubel-oscorp-evolution
Cleafy
Oscorp evolves into UBEL: an Android malware spreading across the globe | Cleafy Labs
The Android malware Oscorp keeps evolving. UBEL was born, a new advanced threat targeting banks across the globe: here is the full technical report
XXE in Public Transport Ticketing Mobile APP
https://blog.niksthehacker.com/xxe-in-public-transport-ticketing-mobile-app-81ae245c01a1
https://blog.niksthehacker.com/xxe-in-public-transport-ticketing-mobile-app-81ae245c01a1
Medium
XXE in Public Transport Ticketing Mobile APP
This finding was an another private bug bounty program. The scope of the target was a ticketing android app (Prod). This app was a major…
NSA guidance how to secure wireless devices
https://media.defense.gov/2021/Jul/29/2002815141/-1/-1/0/CSI_SECURING_WIRELESS_DEVICES_IN_PUBLIC.PDF
https://media.defense.gov/2021/Jul/29/2002815141/-1/-1/0/CSI_SECURING_WIRELESS_DEVICES_IN_PUBLIC.PDF
👍1
ProtonMail : forensic decryption of iOS App
https://xperylab.medium.com/protonmail-forensic-decryption-of-ios-app-8e9ae9f50953
https://xperylab.medium.com/protonmail-forensic-decryption-of-ios-app-8e9ae9f50953
Medium
ProtonMail : forensic decryption of iOS App
ProtonMail is a full PGP end-to-end encrypted email provider who is claiming privacy, anonymity and security. As forensic examiners, we…
Facebook Messenger for Android indirect thread deletion vulnerability
https://servicenger.com/blog/mobile/android/facebook-messenger-for-android-indirect-thread-deletion/
https://servicenger.com/blog/mobile/android/facebook-messenger-for-android-indirect-thread-deletion/
FlyTrap Android Malware Compromises Thousands of Facebook Accounts
https://blog.zimperium.com/flytrap-android-malware-compromises-thousands-of-facebook-accounts/
https://blog.zimperium.com/flytrap-android-malware-compromises-thousands-of-facebook-accounts/
Bahamut Threat Group Targeting Users Through Phishing Campaign https://blog.cyble.com/2021/08/10/bahamut-threat-group-targeting-users-through-phishing-campaign/
Cyble
Cyble - Bahamut Threat Group Targeting Users Through Phishing Campaign
A phishing campaign from a Twitter post. The Threat Actor (TA) hosts malicious Android APK files on a counterfeit version of Jamaat websites.
Solving CTF with Frida - Part 5 https://cmrodriguez.me/blog/hpandro-5/
cmrodriguez.me
Cesar Rodriguez | Personal blog
frida ctf challenge root detection
Android security guides, roadmap, docs, courses, write-ups, and teryaagh https://github.com/Ralireza/Android-Security-Teryaagh
GitHub
GitHub - Ralireza/Android-Security-Teryaagh: Android security guides, roadmap, docs, courses, write-ups, and teryaagh.
Android security guides, roadmap, docs, courses, write-ups, and teryaagh. - GitHub - Ralireza/Android-Security-Teryaagh: Android security guides, roadmap, docs, courses, write-ups, and teryaagh.
The second part of discovered vulnerabilities in pre-installed apps on Samsung devices
https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/
https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/
News, Techniques & Guides
Two weeks of securing Samsung devices: Part 2
As mentioned in the [first part](https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/) of this series,Oversecured spent two weeks finding security bugs in Samsung’s built-in apps.
Reversing ActionSpy Android Malware https://0x00sec.org/t/reversing-actionspy-android-malware/26537
Analysis of Huawei’s OTA Fix For BootROM Vulnerabilities https://labs.taszk.io/articles/post/huawei_kirin990_bootrom_patch/
labs.taszk.io
Test Point Break: Analysis of Huawei’s OTA Fix For BootROM Vulnerabilities
Reverse engineering the OTA that broke the bootrom exploits
Accept Facebook friend requests without unlocking your Android [Unpatched] https://seclists.org/fulldisclosure/2021/Aug/10
seclists.org
Full Disclosure: Accept Facebook friend requests without unlocking your Android
[Unpatched]
[Unpatched]
Common mistakes when using permissions in Android
https://blog.oversecured.com/Common-mistakes-when-using-permissions-in-Android/
https://blog.oversecured.com/Common-mistakes-when-using-permissions-in-Android/
News, Techniques & Guides
Common mistakes when using permissions in Android
When an Android app needs access to sensitive resources on the device, the app developers make use of the permissions model. While the model can be quite simple to use, developers often make mistakes when using permissions and this leads to security problems.
Triada Trojan in WhatsApp mod
https://securelist.com/triada-trojan-in-whatsapp-mod/103679/
https://securelist.com/triada-trojan-in-whatsapp-mod/103679/
Securelist
Triada Trojan in WhatsApp mod
We discovered that the Trojan Triada snook into one of modified versions of the WhatsApp messenger called FMWhatsapp 16.80.0 together with the advertising software development kit (SDK).
From Pearl to Pegasus Bahraini Government Hacks Activists with NSO Group Zero-Click iPhone Exploits
https://citizenlab.ca/2021/08/bahrain-hacks-activists-with-nso-group-zero-click-iphone-exploits/
https://citizenlab.ca/2021/08/bahrain-hacks-activists-with-nso-group-zero-click-iphone-exploits/
The Citizen Lab
From Pearl to Pegasus
We identified nine Bahraini activists whose iPhones were successfully hacked with NSO Group’s Pegasus spyware between June 2020 and February 2021. The hacked activists included three members of Waad (a secular Bahraini political society), three members of…