Malicious photo editor app found on Google Play with 10K+ installs
Malware signed users for unwanted subnoscription and intercepted SMS verification codes by having access to notifications.
https://www.kaspersky.com/blog/malicious-camera-app/27391/
Malware signed users for unwanted subnoscription and intercepted SMS verification codes by having access to notifications.
https://www.kaspersky.com/blog/malicious-camera-app/27391/
Kaspersky
A photo editor with a difference
How a photo editor app from Google Play secretly signed up users for unwanted paid services.
Mobile cryptojacking and related abuse
https://t.co/I40ye67huy (pdf)
https://t.co/I40ye67huy (pdf)
Vulnerabilities and threats in mobile applications, 2019
https://www.ptsecurity.com/ww-en/analytics/mobile-application-security-threats-and-vulnerabilities-2019/
https://www.ptsecurity.com/ww-en/analytics/mobile-application-security-threats-and-vulnerabilities-2019/
👍1
Microsoft Outlook for Android Open to XSS Attacks
The attacker who successfully exploited this vulnerability could then perform cross-site noscripting attacks on the affected systems and run noscripts in the security context of the current user.
https://threatpost.com/microsoft-outlook-android-xss/145924/
The attacker who successfully exploited this vulnerability could then perform cross-site noscripting attacks on the affected systems and run noscripts in the security context of the current user.
https://threatpost.com/microsoft-outlook-android-xss/145924/
Threat Post
Microsoft Outlook for Android Open to XSS Attacks
A spoofing bug (CVE-2019-1105) can open the door to an email attack chain.
New cryptocurrency-mining botnet malware arrives via open ADB (Android Debug Bridge) ports and can spread via SSH
https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-mining-botnet-arrives-through-adb-and-spreads-through-ssh/
https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-mining-botnet-arrives-through-adb-and-spreads-through-ssh/
Trend Micro
Cryptocurrency-Mining Botnet Spreads via ADB, SSH
We observed a new cryptocurrency-mining botnet that arrives via open ADB (Android Debug Bridge) ports and can spread via SSH. This attack takes advantage of the way open ADB ports don’t have authentication by default.
Frida Android unpack
Script for Android O and Android P to get unpacked DEX file from memory.
https://github.com/xiaokanghub/Frida-Android-unpack/blob/master/README.md
Script for Android O and Android P to get unpacked DEX file from memory.
https://github.com/xiaokanghub/Frida-Android-unpack/blob/master/README.md
GitHub
Frida-Android-unpack/README.md at master · xiaokanghub/Frida-Android-unpack
this unpack noscript for Android O and Android P. Contribute to xiaokanghub/Frida-Android-unpack development by creating an account on GitHub.
Dont hack mobile devices, hack cell network providers to conduct targeted surveillance on individuals of interest.
At least 10 cell networks have been hacked over the past 7 years.
https://techcrunch.com/2019/06/24/hackers-cell-networks-call-records-theft/
At least 10 cell networks have been hacked over the past 7 years.
https://techcrunch.com/2019/06/24/hackers-cell-networks-call-records-theft/
TechCrunch
Hackers are stealing years of call records from hacked cell networks
Security researchers say they have uncovered a massive espionage campaign involving the theft of call records from hacked cell network providers to conduct targeted surveillance on individuals of interest. The hackers have systematically broken in to more…
Another mobile banking Trojan family - Riltok
This demonstrate that misusing Accessibility services by Android banking malware is common feature now.
https://securelist.com/mobile-banker-riltok/91374/
This demonstrate that misusing Accessibility services by Android banking malware is common feature now.
https://securelist.com/mobile-banker-riltok/91374/
Securelist
Riltok mobile Trojan: A banker with global reach
Riltok is one of numerous families of mobile banking Trojans with standard (for such malware) functions and distribution methods. Originally intended to target the Russian audience, the banker was later adapted for the European “market.
The story of an Android application called MFSocket, a new monitoring tool made in China.
https://medium.com/@fs0c131y/mfsocket-a-chinese-surveillance-tool-58e8850c3de4
https://medium.com/@fs0c131y/mfsocket-a-chinese-surveillance-tool-58e8850c3de4
Medium
MFSocket: A Chinese surveillance tool
It is well known that China spies on its fellow citizens. In this article I will tell you the story of an Android application called…
Tracing the Supply Chain Attack on Android
Who is behind supply chain attack that resulted deliver malicious software being pre-installed on millions of new budget Android devices?
https://krebsonsecurity.com/2019/06/tracing-the-supply-chain-attack-on-android-2/
Who is behind supply chain attack that resulted deliver malicious software being pre-installed on millions of new budget Android devices?
https://krebsonsecurity.com/2019/06/tracing-the-supply-chain-attack-on-android-2/
ViceLeaker Operation: mobile espionage targeting Middle East
This campaign is mostly spread via Telegram and WhatsApp channels by posting Trojanized Android apps - Sex Game, Psiphon, English Story book...
https://securelist.com/fanning-the-flames-viceleaker-operation/90877/
This campaign is mostly spread via Telegram and WhatsApp channels by posting Trojanized Android apps - Sex Game, Psiphon, English Story book...
https://securelist.com/fanning-the-flames-viceleaker-operation/90877/
Securelist
ViceLeaker Operation: mobile espionage targeting Middle East | Securelist
In May 2018, we discovered a campaign targeting dozens of mobile Android devices belonging to Israeli citizens. We decided to call the operation “ViceLeaker”, because of strings and variables in its…
Apple Watch Forensics: Analysis
▪️Analyzing backups of a paired iPhone
▪️Extracting data from Apple Watch
▪️Device Information and the list of installed apps
▪️Extracting device logs
▪️Cloud acquisition
https://blog.elcomsoft.com/2019/06/apple-watch-forensics-02-analysis/
▪️Analyzing backups of a paired iPhone
▪️Extracting data from Apple Watch
▪️Device Information and the list of installed apps
▪️Extracting device logs
▪️Cloud acquisition
https://blog.elcomsoft.com/2019/06/apple-watch-forensics-02-analysis/
ElcomSoft blog
Apple Watch Forensics 02: Analysis
Over the last several years, the use of smart wearables has increased significantly. With 141 million smartwatch units sold in 2018, the number of smart wearables sold has nearly doubled compared to the year before. Among the various competitors, the Apple…
EvilParcel vulnerabilities analysis
Android Malware that exploit the EvilParcel vulnerabilities are granted higher privileges and can:
▪️installing and removing applications
▪️infecting software installed on the device and replacing clean originals with infected copies
▪️resetting the lock screen PIN
https://habr.com/en/company/drweb/blog/457610/
Android Malware that exploit the EvilParcel vulnerabilities are granted higher privileges and can:
▪️installing and removing applications
▪️infecting software installed on the device and replacing clean originals with infected copies
▪️resetting the lock screen PIN
https://habr.com/en/company/drweb/blog/457610/
Habr
EvilParcel vulnerabilities analysis
Introduction In mid-April, we published news about the Android.InfectionAds.1 trojan, which exploited several critical vulnerabilities in Android. One of them, CVE-2017-13156 (also known as Janus),...
Massive-Scale Espionage: Hackers Reportedly Steal Records From Cell Phone Providers Worldwide
https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers
https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers
Cybereason
Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers
In 2018, the Cybereason Nocturnus team identified Operation Soft Cell, an advanced, persistent attack targeting global telecommunications providers.
Using Apple iCloud and Google to track users in real time
https://www.dropbox.com/s/3mb9t4rpk2pklxk/2019_Real-time_evidence_ElcomSoft.pdf
https://www.dropbox.com/s/3mb9t4rpk2pklxk/2019_Real-time_evidence_ElcomSoft.pdf
Dropbox
2019_Real-time_evidence_ElcomSoft.pdf
Shared with Dropbox
Exclusive: German Police Raid OmniRAT Developer and Seize Digital Assets
Just like any other remote administration tool like DroidJack, DarkComet, AndroRAT, and njRAT, some customers of OmniRAT also used the tool for illicit purposes, especially because it was available at a far cheaper price than other RATs in the market.
https://thehackernews.com/2019/06/police-raid-omnirat-developer.html
Just like any other remote administration tool like DroidJack, DarkComet, AndroRAT, and njRAT, some customers of OmniRAT also used the tool for illicit purposes, especially because it was available at a far cheaper price than other RATs in the market.
https://thehackernews.com/2019/06/police-raid-omnirat-developer.html
Remote Code Execution in Android emulator - BlueStacks.
Affected versions are lower than 4.90.0.1046
https://www.bleepingcomputer.com/news/security/bluestacks-flaw-lets-attackers-remotely-control-android-emulator/
Affected versions are lower than 4.90.0.1046
https://www.bleepingcomputer.com/news/security/bluestacks-flaw-lets-attackers-remotely-control-android-emulator/
BleepingComputer
BlueStacks Flaw Lets Attackers Remotely Control Android Emulator
Vulnerabilities in the BlueStacks Android emulator were fixed at the end of May that allowed attackers to perform remote code execution, information disclosure, and to steal backups of the VM and its data.
Forwarded from The Bug Bounty Hunter
Security of mobile OAuth 2.0
https://habr.com/en/company/mailru/blog/456702/
https://habr.com/en/company/mailru/blog/456702/
Habr
Security of mobile OAuth 2.0
Popularity of mobile applications continues to grow. So does OAuth 2.0 protocol on mobile apps. It's not enough to implement standard as is to make OAuth 2.0...
Compass app from Google Play requests €215 per month. Obviously a scam.
https://twitter.com/s_metanka/status/1144377792760619008?s=19
https://twitter.com/s_metanka/status/1144377792760619008?s=19