Apple Watch Forensics: Analysis

▪️Analyzing backups of a paired iPhone
▪️Extracting data from Apple Watch
▪️Device Information and the list of installed apps
▪️Extracting device logs
▪️Cloud acquisition
https://blog.elcomsoft.com/2019/06/apple-watch-forensics-02-analysis/

EvilParcel vulnerabilities analysis

Android Malware that exploit the EvilParcel vulnerabilities are granted higher privileges and can:

▪️installing and removing applications
▪️infecting software installed on the device and replacing clean originals with infected copies
▪️resetting the lock screen PIN
https://habr.com/en/company/drweb/blog/457610/

Massive-Scale Espionage: Hackers Reportedly Steal Records From Cell Phone Providers Worldwide
https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers

Using Apple iCloud and Google to track users in real time
https://www.dropbox.com/s/3mb9t4rpk2pklxk/2019_Real-time_evidence_ElcomSoft.pdf

Exclusive: German Police Raid OmniRAT Developer and Seize Digital Assets

Just like any other remote administration tool like DroidJack, DarkComet, AndroRAT, and njRAT, some customers of OmniRAT also used the tool for illicit purposes, especially because it was available at a far cheaper price than other RATs in the market.
https://thehackernews.com/2019/06/police-raid-omnirat-developer.html

Remote Code Execution in Android emulator - BlueStacks.

Affected versions are lower than 4.90.0.1046
https://www.bleepingcomputer.com/news/security/bluestacks-flaw-lets-attackers-remotely-control-android-emulator/

Security of mobile OAuth 2.0
https://habr.com/en/company/mailru/blog/456702/

Compass app from Google Play requests €215 per month. Obviously a scam.
https://twitter.com/s_metanka/status/1144377792760619008?s=19

Cerberus Android BOT

New Android botnet available for sale on underground forum.

Android horror game with over 50,000 installs was phishing for Google and Facebook credentials
https://www.wandera.com/mobile-security/scary-granny-game-stealing-data/

Go Cheats – Mod & Hack with 100,000+ installs.

App had fake user interface, ads and root tools.
This fake app is now removed from Google Play!
https://twitter.com/s_metanka/status/1145116266962804737?s=03

Android analysis of Nicro malware
https://github.com/maddiestone/ConPresentations/blob/master/REcon2019.PathToThePayload.pdf

You have to pay $1.99 for deleting your profile in dating app.
New scam technique?

"Because of the huge workload, we will charge $1.99 as service fee."
https://www.reddit.com/r/assholedesign/comments/c7nqw5/i_got_a_dating_app_but_wanted_to_delete_my/

I went to Cirque du Soleil show - TORUK, where they offer app to be part of the show App would sync all the devices in audience with effects.
The first thing that came to my mind was if I can hack them...next day I found bug where I could control the show.

TORUK app left open port 6161 and accepted any request to perform commands at the show:
-change volume settings
-discover nearby Bluetooth devices
-display animations
-read or write to shared preferences
-set the position of the “Like” Facebook
https://androidappwatch.eset.com/latest-posts/a-great-show-is-now-history-as-is-its-insecure-mobile-app/

Adware campaign discovered on Google Play

111 apps were found on Play Store with 9M+ installs.
https://blog.trendmicro.com/trendlabs-security-intelligence/adware-campaign-identified-from-182-game-and-camera-apps-on-google-play-and-third-party-stores-like-9apps/

Malicious campaign that for years was using Facebook pages to spread malware across mobile and desktop environments targeting Libya 🇱🇾.
Threat actor used known open source Android RAT tools such as SpyNote.
https://research.checkpoint.com/operation-tripoli/

Top Android malware threats of June, 2019

Full list - http://skptr.me/malware_timeline_2019.html
Download samples - https://github.com/sk3ptre/AndroidMalware_2019/blob/master/README.md

HiddenApp Adware with 50k+ installs found on Google Play
https://twitter.com/s_metanka/status/1145744992582995968?s=19

Android Security Bulletin—July 2019

The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
Stay updated, stay secure.
https://source.android.com/security/bulletin/2019-07-01.html#2019-07-01-details

FridaLoader - One click tool to download and launch the latest version of the Frida x86 Server on a Genymotion emulator. #tool
https://github.com/dineshshetty/FridaLoader

New version of WannaLocker, the WannaCry copycat for mobile, which bundles spyware, remote-access-Trojan (RAT) malware, and banking Trojan malware in one nasty package.
https://blog.avast.com/wannalocker-targets-banks-in-brazil