Building userDebug Android images with root access and debug capabilities for a Google Pixel (sailfish)
https://www.linkedin.com/pulse/building-userdebug-android-images-google-pixel-sailfish-basanta
https://www.linkedin.com/pulse/building-userdebug-android-images-google-pixel-sailfish-basanta
Linkedin
Building userDebug Android images for a Google Pixel (sailfish).
Beforehand, i'm sorry for my english writing. I'm in practice for improve it.
👍1
Poland: Use of Pegasus spyware to hack politicians highlights threat to civil society
https://www.amnesty.org/en/latest/news/2022/01/poland-use-of-pegasus-spyware-to-hack-politicians-highlights-threat-to-civil-society/
https://www.amnesty.org/en/latest/news/2022/01/poland-use-of-pegasus-spyware-to-hack-politicians-highlights-threat-to-civil-society/
Amnesty International
Poland: Use of Pegasus spyware to hack politicians highlights threat to civil society
Confirming that Amnesty International has independently confirmed that Pegasus spyware was used to hack Polish senator, Krzysztof Brejza, when he was running the opposition’s 2019 parliamentary election campaign, Amnesty International Poland’s Director Anna…
👍1
Project Torogoz - Extensive Hacking of Media & Civil Society in El Salvador with Pegasus Spyware
https://citizenlab.ca/2022/01/project-torogoz-extensive-hacking-media-civil-society-el-salvador-pegasus-spyware/
https://citizenlab.ca/2022/01/project-torogoz-extensive-hacking-media-civil-society-el-salvador-pegasus-spyware/
The Citizen Lab
Project Torogoz
Journalists and members of civil society had their phones successfully infected with NSO’s Pegasus spyware between July 2020 - November 2021.
👍1
RCE in Adobe Acrobat Reader for Android (CVE-2021-40724)
analysis: https://hulkvision.github.io/blog/post1/
analysis: https://hulkvision.github.io/blog/post1/
hulkvision.github.io
RCE in Adobe Acrobat Reader for android(CVE-2021-40724)
# Summary
While testing Adobe Acrobat reader app , the app has a feature which allows user to open pdfs directly from http/https url. This feature was vulnerable to path traversal vulnerability.
Abode reader was also using Google play core library for dynamic…
While testing Adobe Acrobat reader app , the app has a feature which allows user to open pdfs directly from http/https url. This feature was vulnerable to path traversal vulnerability.
Abode reader was also using Google play core library for dynamic…
Multidex trick to unpack Android BianLian malware family
https://cryptax.medium.com/multidex-trick-to-unpack-android-bianlian-ed52eb791e56
https://cryptax.medium.com/multidex-trick-to-unpack-android-bianlian-ed52eb791e56
Medium
Multidex trick to unpack Android/BianLian
This article explains how to unpack sample sha256 5b9049c392eaf83b12b98419f14ece1b00042592b003a17e4e6f0fb466281368 which was served from…
AERoot - command line tool that allows you to give root privileges on-the-fly to any process running on the Android emulator with Google Play flavors AVDs
https://github.com/quarkslab/AERoot
https://github.com/quarkslab/AERoot
GitHub
GitHub - quarkslab/AERoot: AERoot is a command line tool that allows you to give root privileges on-the-fly to any process running…
AERoot is a command line tool that allows you to give root privileges on-the-fly to any process running on the Android emulator with Google Play flavors AVDs. - quarkslab/AERoot
👍1👏1
Analysis of Android banking malware - BRATA
https://www.cleafy.com/cleafy-labs/how-brata-is-monitoring-your-bank-account
https://www.cleafy.com/cleafy-labs/how-brata-is-monitoring-your-bank-account
Cleafy
How BRATA is monitoring your bank account | Cleafy Labs
The mobile banking malware BRATA keeps evolving. Read here the new Technical Report, which explains in detail how it monitors banks account and how to prevent it.
👍2
Android CapraRAT analysis - part of APT36 group (politically motivated advanced persistent threat (APT) group, has historically targeted Indian military and diplomatic resources)
https://www.trendmicro.com/en_us/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html
https://www.trendmicro.com/en_us/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html
Trend Micro
Investigating APT36 or Earth Karkaddans Attack Chain and Malware Arsenal
👍1🔥1
Android Interruptor - human-friendly interrupts hook library based on Frida's Stalker
https://github.com/FrenchYeti/interruptor
https://github.com/FrenchYeti/interruptor
GitHub
GitHub - FrenchYeti/interruptor: Human-friendly cross-platform system call tracing and hooking library based on Frida's Stalker
Human-friendly cross-platform system call tracing and hooking library based on Frida's Stalker - FrenchYeti/interruptor
👍3
Doctor Web’s overview of virus activity on mobile devices in 2021
https://news.drweb.com/show/review/?i=14395&lng=en
https://news.drweb.com/show/review/?i=14395&lng=en
Dr.Web
Dr.Web — Doctor Web’s overview of virus activity on mobile devices in 2021
Find out on Doctor Web’s site about the latest virus threats and information security issues.
👍1👏1
Dark Herring - Financially Motivated Mobile Scamware Exceeds 100M Installations
https://blog.zimperium.com/dark-herring-android-scamware-exceeds-100m-installations/
https://blog.zimperium.com/dark-herring-android-scamware-exceeds-100m-installations/
Zimperium
Financially Motivated Mobile Scamware Exceeds 100M Installations - Zimperium
Research by Aazim Bill SE Yaswant and Nipun Gupta While some financially motivated scams may seem simple on the surface, the truth of the matter is that
👍1
TianySpy - new mobile malware infection chain targeting both Android and iPhone device
https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html
https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html
Trend Micro
TianySpy Malware Uses Smishing Disguised as Message From Telco
Trend Micro confirmed a new mobile malware infection chain targeting both Android and iPhone devices. The malware might have been designed to steal credentials associated with membership websites of major Japanese telecommunication services.
👍1
IOMobileFrameBuffer vulnerability in iPhone 6s and later (until iOS 15.3) has been actively exploited (CVE-2022-22587)
Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited
https://support.apple.com/en-us/HT213053
Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited
https://support.apple.com/en-us/HT213053
Apple Support
About the security content of iOS 15.3 and iPadOS 15.3
This document describes the security content of iOS 15.3 and iPadOS 15.3.
New FluBot and TeaBot Global Malware Campaigns Discovered
https://www.bitdefender.com/blog/labs/new-flubot-and-teabot-global-malware-campaigns-discovered
https://www.bitdefender.com/blog/labs/new-flubot-and-teabot-global-malware-campaigns-discovered
Bitdefender Labs
New FluBot and TeaBot Global Malware Campaigns Discovered
Some malware and phishing campaigns have short lives, tending to dissipate after
they're identified by security solutions.
they're identified by security solutions.
👍2
Facestealer – The Rise of Facebook Credential Stealer Malware
https://labs.k7computing.com/index.php/facestealer-the-rise-of-facebook-credential-stealer-malware/
https://labs.k7computing.com/index.php/facestealer-the-rise-of-facebook-credential-stealer-malware/
K7 Labs
Facestealer – The Rise of Facebook Credential Stealer Malware
Threat actors are constantly employing new tricks while also maintaining their old tried-and-tested tactics. One such evergreen tactic, is to deploy […]
Malicious app on Google Play drops banking malware on users’ devices
https://blog.pradeo.com/vultur-malware-dropper-google-play
https://blog.pradeo.com/vultur-malware-dropper-google-play
Pradeo
Malicious app on Google Play drops banking malware on users’ devices
Pradeo’s researchers discovered a malicious mobile application called 2FA Authenticator distributed on Google Play and installed by 10K+ users.
🥰2
How Android updates work: A peek behind the curtains from an insider
https://medium.com/@Za_Raczke/how-android-updates-work-a-peek-behind-the-curtains-from-an-insider-1d8e1a48ec0b
https://medium.com/@Za_Raczke/how-android-updates-work-a-peek-behind-the-curtains-from-an-insider-1d8e1a48ec0b
Medium
How Android updates work: A peek behind the curtains from an insider
Updates on Android were always a topic of discussion in the tech communities. Even though they are a crazily complicated topic and very few…
How to bypass root detection and SSL pinning on Android and iOS using Frida and Objection
https://securitycafe.ro/2022/02/01/root-detection-and-ssl-pinning-bypass/
https://securitycafe.ro/2022/02/01/root-detection-and-ssl-pinning-bypass/
Security Café
Root detection and SSL pinning bypass
There are multiple methods to circumvent the client-side security that blocks the usage of the tested application in an unsafe environment such as Rooted or Jailbroken devices. Next, I will give yo…
A Primer On Android Forensics
https://nex.sx/tech/2022/01/28/a-primer-on-android-forensics.html
https://nex.sx/tech/2022/01/28/a-primer-on-android-forensics.html
nex.sx
A Primer On Android Forensics - Nex
A lot has already been said on iOS forensics for the purpose of discovering traces of compromise and spyware execution. And although a lot more is left to ex...
👍1