Frida Android unpack
Script for Android O and Android P to get unpacked DEX file from memory.
https://github.com/xiaokanghub/Frida-Android-unpack/blob/master/README.md
Script for Android O and Android P to get unpacked DEX file from memory.
https://github.com/xiaokanghub/Frida-Android-unpack/blob/master/README.md
GitHub
Frida-Android-unpack/README.md at master · xiaokanghub/Frida-Android-unpack
this unpack noscript for Android O and Android P. Contribute to xiaokanghub/Frida-Android-unpack development by creating an account on GitHub.
Dont hack mobile devices, hack cell network providers to conduct targeted surveillance on individuals of interest.
At least 10 cell networks have been hacked over the past 7 years.
https://techcrunch.com/2019/06/24/hackers-cell-networks-call-records-theft/
At least 10 cell networks have been hacked over the past 7 years.
https://techcrunch.com/2019/06/24/hackers-cell-networks-call-records-theft/
TechCrunch
Hackers are stealing years of call records from hacked cell networks
Security researchers say they have uncovered a massive espionage campaign involving the theft of call records from hacked cell network providers to conduct targeted surveillance on individuals of interest. The hackers have systematically broken in to more…
Another mobile banking Trojan family - Riltok
This demonstrate that misusing Accessibility services by Android banking malware is common feature now.
https://securelist.com/mobile-banker-riltok/91374/
This demonstrate that misusing Accessibility services by Android banking malware is common feature now.
https://securelist.com/mobile-banker-riltok/91374/
Securelist
Riltok mobile Trojan: A banker with global reach
Riltok is one of numerous families of mobile banking Trojans with standard (for such malware) functions and distribution methods. Originally intended to target the Russian audience, the banker was later adapted for the European “market.
The story of an Android application called MFSocket, a new monitoring tool made in China.
https://medium.com/@fs0c131y/mfsocket-a-chinese-surveillance-tool-58e8850c3de4
https://medium.com/@fs0c131y/mfsocket-a-chinese-surveillance-tool-58e8850c3de4
Medium
MFSocket: A Chinese surveillance tool
It is well known that China spies on its fellow citizens. In this article I will tell you the story of an Android application called…
Tracing the Supply Chain Attack on Android
Who is behind supply chain attack that resulted deliver malicious software being pre-installed on millions of new budget Android devices?
https://krebsonsecurity.com/2019/06/tracing-the-supply-chain-attack-on-android-2/
Who is behind supply chain attack that resulted deliver malicious software being pre-installed on millions of new budget Android devices?
https://krebsonsecurity.com/2019/06/tracing-the-supply-chain-attack-on-android-2/
ViceLeaker Operation: mobile espionage targeting Middle East
This campaign is mostly spread via Telegram and WhatsApp channels by posting Trojanized Android apps - Sex Game, Psiphon, English Story book...
https://securelist.com/fanning-the-flames-viceleaker-operation/90877/
This campaign is mostly spread via Telegram and WhatsApp channels by posting Trojanized Android apps - Sex Game, Psiphon, English Story book...
https://securelist.com/fanning-the-flames-viceleaker-operation/90877/
Securelist
ViceLeaker Operation: mobile espionage targeting Middle East | Securelist
In May 2018, we discovered a campaign targeting dozens of mobile Android devices belonging to Israeli citizens. We decided to call the operation “ViceLeaker”, because of strings and variables in its…
Apple Watch Forensics: Analysis
▪️Analyzing backups of a paired iPhone
▪️Extracting data from Apple Watch
▪️Device Information and the list of installed apps
▪️Extracting device logs
▪️Cloud acquisition
https://blog.elcomsoft.com/2019/06/apple-watch-forensics-02-analysis/
▪️Analyzing backups of a paired iPhone
▪️Extracting data from Apple Watch
▪️Device Information and the list of installed apps
▪️Extracting device logs
▪️Cloud acquisition
https://blog.elcomsoft.com/2019/06/apple-watch-forensics-02-analysis/
ElcomSoft blog
Apple Watch Forensics 02: Analysis
Over the last several years, the use of smart wearables has increased significantly. With 141 million smartwatch units sold in 2018, the number of smart wearables sold has nearly doubled compared to the year before. Among the various competitors, the Apple…
EvilParcel vulnerabilities analysis
Android Malware that exploit the EvilParcel vulnerabilities are granted higher privileges and can:
▪️installing and removing applications
▪️infecting software installed on the device and replacing clean originals with infected copies
▪️resetting the lock screen PIN
https://habr.com/en/company/drweb/blog/457610/
Android Malware that exploit the EvilParcel vulnerabilities are granted higher privileges and can:
▪️installing and removing applications
▪️infecting software installed on the device and replacing clean originals with infected copies
▪️resetting the lock screen PIN
https://habr.com/en/company/drweb/blog/457610/
Habr
EvilParcel vulnerabilities analysis
Introduction In mid-April, we published news about the Android.InfectionAds.1 trojan, which exploited several critical vulnerabilities in Android. One of them, CVE-2017-13156 (also known as Janus),...
Massive-Scale Espionage: Hackers Reportedly Steal Records From Cell Phone Providers Worldwide
https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers
https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers
Cybereason
Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers
In 2018, the Cybereason Nocturnus team identified Operation Soft Cell, an advanced, persistent attack targeting global telecommunications providers.
Using Apple iCloud and Google to track users in real time
https://www.dropbox.com/s/3mb9t4rpk2pklxk/2019_Real-time_evidence_ElcomSoft.pdf
https://www.dropbox.com/s/3mb9t4rpk2pklxk/2019_Real-time_evidence_ElcomSoft.pdf
Dropbox
2019_Real-time_evidence_ElcomSoft.pdf
Shared with Dropbox
Exclusive: German Police Raid OmniRAT Developer and Seize Digital Assets
Just like any other remote administration tool like DroidJack, DarkComet, AndroRAT, and njRAT, some customers of OmniRAT also used the tool for illicit purposes, especially because it was available at a far cheaper price than other RATs in the market.
https://thehackernews.com/2019/06/police-raid-omnirat-developer.html
Just like any other remote administration tool like DroidJack, DarkComet, AndroRAT, and njRAT, some customers of OmniRAT also used the tool for illicit purposes, especially because it was available at a far cheaper price than other RATs in the market.
https://thehackernews.com/2019/06/police-raid-omnirat-developer.html
Remote Code Execution in Android emulator - BlueStacks.
Affected versions are lower than 4.90.0.1046
https://www.bleepingcomputer.com/news/security/bluestacks-flaw-lets-attackers-remotely-control-android-emulator/
Affected versions are lower than 4.90.0.1046
https://www.bleepingcomputer.com/news/security/bluestacks-flaw-lets-attackers-remotely-control-android-emulator/
BleepingComputer
BlueStacks Flaw Lets Attackers Remotely Control Android Emulator
Vulnerabilities in the BlueStacks Android emulator were fixed at the end of May that allowed attackers to perform remote code execution, information disclosure, and to steal backups of the VM and its data.
Forwarded from The Bug Bounty Hunter
Security of mobile OAuth 2.0
https://habr.com/en/company/mailru/blog/456702/
https://habr.com/en/company/mailru/blog/456702/
Habr
Security of mobile OAuth 2.0
Popularity of mobile applications continues to grow. So does OAuth 2.0 protocol on mobile apps. It's not enough to implement standard as is to make OAuth 2.0...
Compass app from Google Play requests €215 per month. Obviously a scam.
https://twitter.com/s_metanka/status/1144377792760619008?s=19
https://twitter.com/s_metanka/status/1144377792760619008?s=19
Android horror game with over 50,000 installs was phishing for Google and Facebook credentials
https://www.wandera.com/mobile-security/scary-granny-game-stealing-data/
https://www.wandera.com/mobile-security/scary-granny-game-stealing-data/
Go Cheats – Mod & Hack with 100,000+ installs.
App had fake user interface, ads and root tools.
This fake app is now removed from Google Play!
https://twitter.com/s_metanka/status/1145116266962804737?s=03
App had fake user interface, ads and root tools.
This fake app is now removed from Google Play!
https://twitter.com/s_metanka/status/1145116266962804737?s=03
Twitter
smtnk
This "Mod & Hack" #Android app's code is packed with jiagu and contains the fake UI, ads, public root tools. (the latter provided via UI or over HTTP server) 100,000+ installs https://t.co/nCpYhUZjex @GooglePlay P.S. I defy you to try to understand the app's…
👍1
Android analysis of Nicro malware
https://github.com/maddiestone/ConPresentations/blob/master/REcon2019.PathToThePayload.pdf
https://github.com/maddiestone/ConPresentations/blob/master/REcon2019.PathToThePayload.pdf
You have to pay $1.99 for deleting your profile in dating app.
New scam technique?
"Because of the huge workload, we will charge $1.99 as service fee."
https://www.reddit.com/r/assholedesign/comments/c7nqw5/i_got_a_dating_app_but_wanted_to_delete_my/
New scam technique?
"Because of the huge workload, we will charge $1.99 as service fee."
https://www.reddit.com/r/assholedesign/comments/c7nqw5/i_got_a_dating_app_but_wanted_to_delete_my/
I went to Cirque du Soleil show - TORUK, where they offer app to be part of the show App would sync all the devices in audience with effects.
The first thing that came to my mind was if I can hack them...next day I found bug where I could control the show.
TORUK app left open port 6161 and accepted any request to perform commands at the show:
-change volume settings
-discover nearby Bluetooth devices
-display animations
-read or write to shared preferences
-set the position of the “Like” Facebook
https://androidappwatch.eset.com/latest-posts/a-great-show-is-now-history-as-is-its-insecure-mobile-app/
The first thing that came to my mind was if I can hack them...next day I found bug where I could control the show.
TORUK app left open port 6161 and accepted any request to perform commands at the show:
-change volume settings
-discover nearby Bluetooth devices
-display animations
-read or write to shared preferences
-set the position of the “Like” Facebook
https://androidappwatch.eset.com/latest-posts/a-great-show-is-now-history-as-is-its-insecure-mobile-app/
ESET
A great show is now history, as is its insecure mobile app
News about ESET's awards and recognitions, directly from the maker of legendary NOD32 technology.