New trojan detected in 190 games on AppGallery app catalog
https://news.drweb.com/show/?i=14360&lng=en&c=5
https://news.drweb.com/show/?i=14360&lng=en&c=5
Dr.Web
New trojan detected on AppGallery app catalog
Doctor Web malware analysts discovered dozens of games on the AppGallery catalog that have an <a href="https://vms.drweb.com/search/?q=Android.Cynos.7.origin&lng=en"><b>Android.Cynos.7.origin</b></a> trojan built into them. This trojan is designed to collect…
Android APT spyware, targeting Middle East victims, enhances evasiveness
https://news.sophos.com/en-us/2021/11/23/android-apt-spyware-targeting-middle-east-victims-improves-its-capabilities/
https://news.sophos.com/en-us/2021/11/23/android-apt-spyware-targeting-middle-east-victims-improves-its-capabilities/
Sophos News
Android APT spyware, targeting Middle East victims, enhances evasiveness
The phone spyware has new features that confer resistance to takedowns or manual removal
Apple sues spyware firm NSO Group
https://www.apple.com/newsroom/2021/11/apple-sues-nso-group-to-curb-the-abuse-of-state-sponsored-spyware/
https://www.apple.com/newsroom/2021/11/apple-sues-nso-group-to-curb-the-abuse-of-state-sponsored-spyware/
Apple Newsroom
Apple sues NSO Group to curb the abuse of state-sponsored spyware
Apple today filed a lawsuit against NSO Group to hold it accountable for abusive surveillance and the targeting of a small number of Apple users.
Bugs discovered in MediaTek chips affect 37% of smartphones and IoT devices
https://research.checkpoint.com/2021/looking-for-vulnerabilities-in-mediatek-audio-dsp/
https://research.checkpoint.com/2021/looking-for-vulnerabilities-in-mediatek-audio-dsp/
Check Point Research
Looking for vulnerabilities in MediaTek audio DSP - Check Point Research
Research By: Slava Makkaveev Introduction Taiwan’s MediaTek has been the global smartphone chip leader since Q3 2020. MediaTek Systems on a chip (SoCs) are embedded in approximately 37% of all smartphones and IoT devices in the world, including high-end phones…
👍1😁1
Root shell vulnerability found in OnePlus Nord 2 It grants root shell access within minutes on a locked bootloader, without a data wipe
https://www.xda-developers.com/oneplus-nord-2-vulnerability-root-shell/
https://www.xda-developers.com/oneplus-nord-2-vulnerability-root-shell/
XDA
OnePlus Nord 2 has a vulnerability that grants root shell access within minutes on a locked bootloader, without a data wipe
The OnePlus Nord 2 has a vulnerability that allows an attacker to get unrestricted root shell access. Read on to know more!
North Korean hackers posed as Samsung recruiters to target security researchers
https://therecord.media/north-korean-hackers-posed-as-samsung-recruiters-to-target-security-researchers/
https://therecord.media/north-korean-hackers-posed-as-samsung-recruiters-to-target-security-researchers/
therecord.media
North Korean hackers posed as Samsung recruiters to target security researchers
North Korean state-sponsored hackers posed as Samsung recruiters and sent fake job offers to employees at South Korean security companies that sell anti-malware software, Google said this week in the first edition of its new Threat Horizons report.
Android Chinotto multiplatform malware used in espionage campaign by North Korea (Group name: ScarCruft AKA APT37 AKA TempReaper)
https://securelist.com/scarcruft-surveilling-north-korean-defectors-and-human-rights-activists/105074/
https://securelist.com/scarcruft-surveilling-north-korean-defectors-and-human-rights-activists/105074/
Securelist
ScarCruft surveilling North Korean defectors and human rights activists
The ScarCruft group (also known as APT37 or Temp.Reaper) is a nation-state sponsored APT actor. Recently, we had an opportunity to perform a deeper investigation on a host compromised by this group.
Doctor Web discovered vulnerabilities in children’s smart watches (Elari Kidphone 4G Smartwatch, Wokka Lokka Q50 Smartwatch, Elari FixiTime Lite Smartwatch, Smart Baby Watch Q19 Smartwatch)
Blog: https://news.drweb.com/show/?i=14350&lng=en&c=5
Report: https://f2.drweb.com/get+meta+file/?k=271caf73c9901a0a5ab997757ec10c88
Blog: https://news.drweb.com/show/?i=14350&lng=en&c=5
Report: https://f2.drweb.com/get+meta+file/?k=271caf73c9901a0a5ab997757ec10c88
Dr.Web
«Doctor Web discovered vulnerabilities in children’s smart watches
Smishing Android Botnets Going Viral in Iran
https://research.checkpoint.com/2021/smishing-botnets-going-viral-in-iran/
https://research.checkpoint.com/2021/smishing-botnets-going-viral-in-iran/
Check Point Research
Smishing Botnets Going Viral in Iran - Check Point Research
Research by: Shmuel Cohen Introduction In the last few months, multiple Iranian media and social networks have published warnings about ongoing SMS phishing campaigns impersonating Iranian government services. The story is as old as time: victims click on…
👍2
Android: vold's incremental-fs APIs trust paths from system_server for mounting (CVE-2022-20002)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2221
https://bugs.chromium.org/p/project-zero/issues/detail?id=2221
Analysis of request forgery using Android deep link in CafeBazaar app
https://securityflow.io/impact-of-an-insecure-deep-link/
https://securityflow.io/impact-of-an-insecure-deep-link/
Popular Android malware threats discovered in November, 2021
Full list - https://sk3ptre.github.io/Malware-Timeline-2021/
Download samples - https://github.com/sk3ptre/AndroidMalware_2021
Full list - https://sk3ptre.github.io/Malware-Timeline-2021/
Download samples - https://github.com/sk3ptre/AndroidMalware_2021
sk3ptre
Android Malware Timeline 2021
Popular Android malware seen in 2021, I have uploaded APK files for all the entries that I could on my Github repository
January:
New Android spyware targets users in Pakistan
Going Rogue- a Mastermind behind Android Malware Returns with a New RAT
Imitation…
January:
New Android spyware targets users in Pakistan
Going Rogue- a Mastermind behind Android Malware Returns with a New RAT
Imitation…
👍1
Mobile banking fraud: BRATA strikes again
https://www.cleafy.com/cleafy-labs/mobile-banking-fraud-brata-strikes-again
https://www.cleafy.com/cleafy-labs/mobile-banking-fraud-brata-strikes-again
Cleafy
Mobile banking fraud: BRATA strikes again | Cleafy Labs
The mobile banking malware BRATA strikes again, and it is slowly spreading all over Europe. Read here the new Technical Report, which explains in detail how it works and how to prevent it.
Vulnerability found in Android/Linux kernel leads to use-after-free (CVE-2021-1048)
https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2021/CVE-2021-1048.html
https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2021/CVE-2021-1048.html
Mobile espionage in Palestine Region by APT-C-23 group
https://raw.githubusercontent.com/T-SecLab/APT-C-23/main/cyber%20espionage%20in%20palestine%20region%20.pdf
https://raw.githubusercontent.com/T-SecLab/APT-C-23/main/cyber%20espionage%20in%20palestine%20region%20.pdf
How a bug in Android and Microsoft Teams could have caused this user’s 911 call to fail
https://medium.com/@mmrahman123/how-a-bug-in-android-and-microsoft-teams-could-have-caused-this-users-911-call-to-fail-6525f9ba5e63
https://medium.com/@mmrahman123/how-a-bug-in-android-and-microsoft-teams-could-have-caused-this-users-911-call-to-fail-6525f9ba5e63
Medium
How a bug in Android and Microsoft Teams could have caused this user’s 911 call to fail
Written by Mishaal Rahman (@MishaalRahman) and edited by @linuxct, Kuba Wojciechowski (@Za_Raczke), and Al Sutton (@alsutton).
Use cryptography in mobile apps the right way
https://blog.oversecured.com/Use-cryptography-in-mobile-apps-the-right-way/
https://blog.oversecured.com/Use-cryptography-in-mobile-apps-the-right-way/
News, Techniques & Guides
Use cryptography in mobile apps the right way
At Oversecured, we scan thousands of apps every month. We observe that some vulnerabilities now come up much less frequently than they did a few years ago.
👍1
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
projectzero.google
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution - Project Zero
Posted by Ian Beer & Samuel Groß of Google Project Zero We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit with us, and...