Phishing Android Malware Targets Taxpayers in India
Demo: https://www.instagram.com/reel/CTZwQM1Dbv8/
Research: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/phishing-android-malware-targets-taxpayers-in-india
Demo: https://www.instagram.com/reel/CTZwQM1Dbv8/
Research: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/phishing-android-malware-targets-taxpayers-in-india
McAfee Blog
Phishing Android Malware Targets Taxpayers in India | McAfee Blog
Authored by ChanUng Pak McAfee’s Mobile Research team recently found a new Android malware, Elibomi, targeting taxpayers in India. The
Malware found preinstalled in classic push-button phones sold in Russia
https://therecord.media/malware-found-preinstalled-in-classic-push-button-phones-sold-in-russia/
https://therecord.media/malware-found-preinstalled-in-classic-push-button-phones-sold-in-russia/
therecord.media
Malware found preinstalled in classic push-button phones sold in Russia
A security researcher has discovered malicious code inside the firmware of four low-budget push-button mobile phones sold through Russian online stores.
ThatWebInspector - Enabled Web Inspector for all iOS apps
https://github.com/evilpenguin/ThatWebInspector
https://github.com/evilpenguin/ThatWebInspector
GitHub
GitHub - evilpenguin/ThatWebInspector: Enabled Web Inspector for all iOS apps
Enabled Web Inspector for all iOS apps. Contribute to evilpenguin/ThatWebInspector development by creating an account on GitHub.
Rudroid - Writing the World's worst Android Emulator in Rust
https://fuzzing.science/page/rudroid-worlds-worst-android-emulator/
https://fuzzing.science/page/rudroid-worlds-worst-android-emulator/
Analysis of Android espionage against Kurdish ethnic group using commercial 888 RAT that was distributed via dedicated Facebook profiles
https://www.welivesecurity.com/2021/09/07/bladehawk-android-espionage-kurdish/
https://www.welivesecurity.com/2021/09/07/bladehawk-android-espionage-kurdish/
WeLiveSecurity
BladeHawk group: Android espionage against Kurdish ethnic group
ESET researchers have investigated a targeted mobile espionage campaign against the Kurdish ethnic group, that has been active since at least March 2020.
Detailed report on new Android banker - S.O.V.A.
- discovered in August 2021
- includes a new feature - stealing session cookies
S.O.V.A in WebView displays legit targeted website for user to login and then steals account cookies
https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html
- discovered in August 2021
- includes a new feature - stealing session cookies
S.O.V.A in WebView displays legit targeted website for user to login and then steals account cookies
https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html
ThreatFabric
S.O.V.A. - A new Android Banking trojan with fowl intentions
A new Android trojan was advertised on hacking forums, featuring overlays, keylogging and with intentions of adding Ransomware attacks and DDoS
👍2
FORCEDENTRY - NSO Group iMessage Zero-Click Exploit Captured in the Wild (CVE-2021-30860 - processing a maliciously crafted PDF may lead to arbitrary code execution)
https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
The Citizen Lab
FORCEDENTRY
While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we discovered a zero-day zero-click exploit against iMessage. The exploit, which we call FORCEDENTRY, targets Apple’s image rendering library, and was effective against…
Android malware distributed in Mexico uses Covid-19 to steal financial credentials
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/android-malware-distributed-in-mexico-uses-covid-19-to-steal-financial-credentials/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/android-malware-distributed-in-mexico-uses-covid-19-to-steal-financial-credentials/
McAfee Blog
Android malware distributed in Mexico uses Covid-19 to steal financial credentials | McAfee Blog
Authored by Fernando Ruiz McAfee Mobile Malware Research Team has identified malware targeting Mexico. It poses as a security banking tool or as a bank
BRATA malware for Android devices passed off as AntiSPAM
http://translate.google.com/translate?hl=en&sl=auto&tl=en&u=https%3A%2F%2Fcert-agid.gov.it%2Fnews%2Fbrata-malware-per-dispositivi-android-spacciato-per-antispam%2F
http://translate.google.com/translate?hl=en&sl=auto&tl=en&u=https%3A%2F%2Fcert-agid.gov.it%2Fnews%2Fbrata-malware-per-dispositivi-android-spacciato-per-antispam%2F
Flubot’s Smishing Campaigns under the Microscope
https://www.telekom.com/en/blog/group/article/flubot-under-the-microscope-636368
https://www.telekom.com/en/blog/group/article/flubot-under-the-microscope-636368
Telekom
Flubot’s Smishing Campaigns under the Microscope
Maybe Flubot is for SMS what Emotet was for email: a spam kingpin. How does it work and how do the operators prevent infiltration?
Analyzing The ForcedEntry Zero-Click iPhone Exploit Used By Pegasus
https://www.trendmicro.com/en_us/research/21/i/analyzing-pegasus-spywares-zero-click-iphone-exploit-forcedentry.html
https://www.trendmicro.com/en_us/research/21/i/analyzing-pegasus-spywares-zero-click-iphone-exploit-forcedentry.html
Trend Micro
Analyzing The ForcedEntry Zero-Click iPhone Exploit Used By Pegasus
Citizen Lab has released a report on a new iPhone threat dubbed ForcedEntry. This zero-click exploit seems to be able to circumvent Apple's BlastDoor security, and allow attackers access to a device without user interaction.
Another analysis of S.O.V.A. Android Banking Trojan
https://blog.cyble.com/2021/09/14/deep-dive-analysis-of-s-o-v-a-android-banking-trojan/
https://blog.cyble.com/2021/09/14/deep-dive-analysis-of-s-o-v-a-android-banking-trojan/
iOS14.8: Patch CVE-2021-1740 again silently
https://jhftss.github.io/CVE-2021-1740-Invalid-Patch/
https://jhftss.github.io/CVE-2021-1740-Invalid-Patch/
jhftss.github.io
iOS14.8: Patch CVE-2021-1740 again silently
As well known, iOS14.8 patched two 0 days in the wild, one of which is the pegasus 0-click vulnerability. You can get the root cause and more interesting findings by reading my analysis from here.
Joker Unleashes Itself Again on Google Play Store
https://labs.k7computing.com/index.php/joker-unleashes-itself-again-on-google-play-store/
https://labs.k7computing.com/index.php/joker-unleashes-itself-again-on-google-play-store/
K7 Labs
Joker Unleashes Itself Again on Google Play Store
Joker malware on Google Play Store continues to scare Android users. Its variants continue to find new tricks and tactics […]
Python r2pipe noscript to automatically create a Frida hook to intercept TLS traffic for Flutter based apps
https://github.com/Hamz-a/boring-flutter
https://github.com/Hamz-a/boring-flutter
GitHub
GitHub - Hamz-a/boring-flutter
Contribute to Hamz-a/boring-flutter development by creating an account on GitHub.
Google will auto-reset unused permissions for billion Android apps
https://android-developers.googleblog.com/2021/09/making-permissions-auto-reset-available.html
https://android-developers.googleblog.com/2021/09/making-permissions-auto-reset-available.html
Android Developers Blog
Making permissions auto-reset available to billions more devices
Posted by Peter Visontay, Software Engineer; Bessie Jiang, Software Engineer Contributors: Inara Ramji, Software Engineer; Rodrigo Farel...
Researcher discloses iPhone lock screen bypass on iOS 15 launch day
https://therecord.media/researcher-discloses-iphone-lock-screen-bypass-on-ios-15-launch-day/
https://therecord.media/researcher-discloses-iphone-lock-screen-bypass-on-ios-15-launch-day/
The Record
Researcher discloses iPhone lock screen bypass on iOS 15 launch day
On the day Apple released iOS 15, a Spanish security researcher disclosed an iPhone lock screen bypass that can be exploited to grant attackers access to a user's notes.
Burp Suite Mobile Assistant for testing iOS apps with Burp Suite
https://portswigger.net/burp/documentation/desktop/tools/mobile-assistant/installing
https://portswigger.net/burp/documentation/desktop/tools/mobile-assistant/installing
portswigger.net
Mobile testing - PortSwigger
You can use Burp Suite to perform security tests for mobile applications. To do this, you need to configure the mobile device to proxy its traffic via Burp ...
A Stalkerware Firm Is Leaking Real-Time Screenshots of People's Phones Online
https://www.vice.com/en/article/m7ezj8/stalkerware-leaking-phone-screenshots-pctattletale
https://www.vice.com/en/article/m7ezj8/stalkerware-leaking-phone-screenshots-pctattletale
VICE
A Stalkerware Firm Is Leaking Real-Time Screenshots of People's Phones Online
pcTattleTale, which markets itself for monitoring spouses without their consent, lets anyone view screenshots of infected devices by just visiting specific URLs.
TangleBot aka Medusa: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures
https://www.cloudmark.com/en/blog/mobile/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19
https://www.cloudmark.com/en/blog/mobile/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19
Cloudmark
TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures | Cloudmark EN
Key Takeaways
A clever and complicated new SMS malware attack has been discovered in the United States and Canada.
This malware, coined TangleBot, can directly obtainpersonal information, control device interaction with apps and overlay screens, and steal account…
A clever and complicated new SMS malware attack has been discovered in the United States and Canada.
This malware, coined TangleBot, can directly obtainpersonal information, control device interaction with apps and overlay screens, and steal account…