The story of an Android application called MFSocket, a new monitoring tool made in China.
https://medium.com/@fs0c131y/mfsocket-a-chinese-surveillance-tool-58e8850c3de4

Tracing the Supply Chain Attack on Android

Who is behind supply chain attack that resulted deliver malicious software being pre-installed on millions of new budget Android devices?
https://krebsonsecurity.com/2019/06/tracing-the-supply-chain-attack-on-android-2/

ViceLeaker Operation: mobile espionage targeting Middle East

This campaign is mostly spread via Telegram and WhatsApp channels by posting Trojanized Android apps - Sex Game, Psiphon, English Story book...
https://securelist.com/fanning-the-flames-viceleaker-operation/90877/

Apple Watch Forensics: Analysis

▪️Analyzing backups of a paired iPhone
▪️Extracting data from Apple Watch
▪️Device Information and the list of installed apps
▪️Extracting device logs
▪️Cloud acquisition
https://blog.elcomsoft.com/2019/06/apple-watch-forensics-02-analysis/

EvilParcel vulnerabilities analysis

Android Malware that exploit the EvilParcel vulnerabilities are granted higher privileges and can:

▪️installing and removing applications
▪️infecting software installed on the device and replacing clean originals with infected copies
▪️resetting the lock screen PIN
https://habr.com/en/company/drweb/blog/457610/

Massive-Scale Espionage: Hackers Reportedly Steal Records From Cell Phone Providers Worldwide
https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers

Using Apple iCloud and Google to track users in real time
https://www.dropbox.com/s/3mb9t4rpk2pklxk/2019_Real-time_evidence_ElcomSoft.pdf

Exclusive: German Police Raid OmniRAT Developer and Seize Digital Assets

Just like any other remote administration tool like DroidJack, DarkComet, AndroRAT, and njRAT, some customers of OmniRAT also used the tool for illicit purposes, especially because it was available at a far cheaper price than other RATs in the market.
https://thehackernews.com/2019/06/police-raid-omnirat-developer.html

Remote Code Execution in Android emulator - BlueStacks.

Affected versions are lower than 4.90.0.1046
https://www.bleepingcomputer.com/news/security/bluestacks-flaw-lets-attackers-remotely-control-android-emulator/

Security of mobile OAuth 2.0
https://habr.com/en/company/mailru/blog/456702/

Compass app from Google Play requests €215 per month. Obviously a scam.
https://twitter.com/s_metanka/status/1144377792760619008?s=19

Cerberus Android BOT

New Android botnet available for sale on underground forum.

Android horror game with over 50,000 installs was phishing for Google and Facebook credentials
https://www.wandera.com/mobile-security/scary-granny-game-stealing-data/

Go Cheats – Mod & Hack with 100,000+ installs.

App had fake user interface, ads and root tools.
This fake app is now removed from Google Play!
https://twitter.com/s_metanka/status/1145116266962804737?s=03

Android analysis of Nicro malware
https://github.com/maddiestone/ConPresentations/blob/master/REcon2019.PathToThePayload.pdf

You have to pay $1.99 for deleting your profile in dating app.
New scam technique?

"Because of the huge workload, we will charge $1.99 as service fee."
https://www.reddit.com/r/assholedesign/comments/c7nqw5/i_got_a_dating_app_but_wanted_to_delete_my/

I went to Cirque du Soleil show - TORUK, where they offer app to be part of the show App would sync all the devices in audience with effects.
The first thing that came to my mind was if I can hack them...next day I found bug where I could control the show.

TORUK app left open port 6161 and accepted any request to perform commands at the show:
-change volume settings
-discover nearby Bluetooth devices
-display animations
-read or write to shared preferences
-set the position of the “Like” Facebook
https://androidappwatch.eset.com/latest-posts/a-great-show-is-now-history-as-is-its-insecure-mobile-app/

Adware campaign discovered on Google Play

111 apps were found on Play Store with 9M+ installs.
https://blog.trendmicro.com/trendlabs-security-intelligence/adware-campaign-identified-from-182-game-and-camera-apps-on-google-play-and-third-party-stores-like-9apps/

Malicious campaign that for years was using Facebook pages to spread malware across mobile and desktop environments targeting Libya 🇱🇾.
Threat actor used known open source Android RAT tools such as SpyNote.
https://research.checkpoint.com/operation-tripoli/

Top Android malware threats of June, 2019

Full list - http://skptr.me/malware_timeline_2019.html
Download samples - https://github.com/sk3ptre/AndroidMalware_2019/blob/master/README.md

HiddenApp Adware with 50k+ installs found on Google Play
https://twitter.com/s_metanka/status/1145744992582995968?s=19