Directory traversal vulnerability discovered in Android Slack lead to disclosure of auth tokens https://hackerone.com/reports/1378889
HackerOne
Slack disclosed on HackerOne: [Android] Directory traversal leading...
Files uploaded to and opened in Slack with specially-crafted names could cause the Android operating system to overwrite configuration files on customer devices, potentially exposing Slack data to...
👍13🥰2
Intercepting Android Emulator SSL traffic with burp using magisk
https://infosecwriteups.com/intercepting-android-emulator-ssl-traffic-with-burp-using-magisk-bc948dca68f9
https://infosecwriteups.com/intercepting-android-emulator-ssl-traffic-with-burp-using-magisk-bc948dca68f9
Medium
Intercepting Android Emulator SSL traffic with burp using magisk
In an android security testing intercepting SSL traffic from the apk is one of the basic requirement. Their are many ways in which it can…
👍20🤩5
How to execute running Java code directly on Android (without creating an APK)
Part 1: https://raccoon.onyxbits.de/blog/run-java-app-android/
Part 2: https://raccoon.onyxbits.de/blog/programmatically-talking-to-the-android-system-adb-shell/
Part 1: https://raccoon.onyxbits.de/blog/run-java-app-android/
Part 2: https://raccoon.onyxbits.de/blog/programmatically-talking-to-the-android-system-adb-shell/
raccoon.onyxbits.de
How to run Java programs directly on Android (without creating an APK)
A step by step instruction for compiling a Java program into an Android executable and using ADB to run it.
👍12
FireFox extension for generating Frida snippet noscripts from official Android developer documentation
Right click on function names (public methods section) or fields and it will automatically copy generated Frida snippet
https://github.com/eybisi/android-developer-frida (no overload support for now)
Right click on function names (public methods section) or fields and it will automatically copy generated Frida snippet
https://github.com/eybisi/android-developer-frida (no overload support for now)
GitHub
GitHub - eybisi/android-developer-frida: frida snippet generator firefox extension for developer.android.com
frida snippet generator firefox extension for developer.android.com - eybisi/android-developer-frida
👍11
PoC for CVE-2021-30955 has been publicly released affecting iOS 15.2
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
https://gist.github.com/jakeajames/37f72c58c775bfbdda3aa9575149a8aa
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
https://gist.github.com/jakeajames/37f72c58c775bfbdda3aa9575149a8aa
Gist
CVE-2021-30955 PoC
CVE-2021-30955 PoC. GitHub Gist: instantly share code, notes, and snippets.
👍11
Bug found in Zenly - Social-Media App with 50M+ installs - Allowed Account Takeover
https://checkmarx.com/blog/zenly-fixes-user-data-exposure-and-account-takeover-risks/
https://checkmarx.com/blog/zenly-fixes-user-data-exposure-and-account-takeover-risks/
Checkmarx.com
Zenly Fixes User Data Exposure and Account Takeover Risks
The Checkmarx Security Research Team responsibly notified Zenly, providing detailed information of our research findings, instructions to reproduce the issues, and recommendations. Zenly has now fixed the issues we discovered.
👍11❤1
Smali2Frida - generate Frida Hooks from .smali files
https://github.com/apkunpacker/Smali2Frida
https://github.com/apkunpacker/Smali2Frida
GitHub
GitHub - apkunpacker/Smali2Frida
Contribute to apkunpacker/Smali2Frida development by creating an account on GitHub.
👍7🥰3
Another iOS 15.1 kernel exploit PoC for CVE-2021-30955
https://github.com/b1n4r1b01/desc_race
https://github.com/b1n4r1b01/desc_race
GitHub
GitHub - b1n4r1b01/desc_race: iOS 15.1 kernel exploit POC for CVE-2021-30955
iOS 15.1 kernel exploit POC for CVE-2021-30955. Contribute to b1n4r1b01/desc_race development by creating an account on GitHub.
👍1
Android TeaBot banking malware with 10K+ installs is still available on Google Play Store
QR Code downloads main.apk that drops payload and targets over 400 apps
https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe
QR Code downloads main.apk that drops payload and targets over 400 apps
https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe
Cleafy
TeaBot is now spreading across the globe | Cleafy Labs
Since TeaBot first discovery in 2021, Cleafy's Threat Intelligence Team has been following this banking trojan's trails to understand how it acts against banks. To know more, read here our latest report.
👍3
Android banking malware TeaBot with 10,000+ installs is still available on Google Play Store
Double check which QR code app you are about to install or are using already
https://youtube.com/shorts/FvuqEhI9LjQ
Double check which QR code app you are about to install or are using already
https://youtube.com/shorts/FvuqEhI9LjQ
👍7🔥3
SMS PVA: Underground Service for Cybercriminals
Part 1: https://www.trendmicro.com/en_us/research/22/b/sms-pva-cybercriminals-part-1.html
Part 2: https://www.trendmicro.com/en_us/research/22/b/sms-pva-cybercriminals-part-2.html
Part 1: https://www.trendmicro.com/en_us/research/22/b/sms-pva-cybercriminals-part-1.html
Part 2: https://www.trendmicro.com/en_us/research/22/b/sms-pva-cybercriminals-part-2.html
Trend Micro
SMS PVA Part 1: Underground Service for Cybercriminals
This is a 3-part blog entry about SMS PVA, a service that lets cybercriminals compromise smartphone cybersecurity.
👍15🤯5
SharkBot - Two Android bankers discovered on Google Play ironically impersonate Antivirus apps
https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
Fox-IT International blog
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
Authors: Alberto Segura, Malware analystRolf Govers, Malware analyst & Forensic IT Expert NCC Group, as well as many other researchers noticed a rise in Android malware last year, especillay An…
👍3
New version of #AbereBot banking Trojan is rebranded as #Escobar and available for rent on underground market
https://twitter.com/LukasStefanko/status/1499659018066964481
https://twitter.com/LukasStefanko/status/1499659018066964481
Twitter
Lukas Stefanko
New version of #AbereBot is rebranded as #Escobar and available for rent -1 month rent/$3000 -doesn't use Telegram as c&c anymore -new features: audio recording, take photos, use VNC, make calls, get Google Authenticator 2FA codes, uninstall any app -targets…
👍8❤4🔥4
Native2Frida - Give It Decompiled IDA Code and get Frida Script for All Functions which have Char as argument or return type as char
https://github.com/apkunpacker/Native2Frida
https://github.com/apkunpacker/Native2Frida
GitHub
GitHub - apkunpacker/Native2Frida
Contribute to apkunpacker/Native2Frida development by creating an account on GitHub.
👍11🔥5
Jeb2Frida - JEB noscript to automatically generate a Frida hook for a given method
https://github.com/cryptax/misc-code/tree/master/jeb
https://github.com/cryptax/misc-code/tree/master/jeb
GitHub
misc-code/jeb at master · cryptax/misc-code
Miscellaneous code. Contribute to cryptax/misc-code development by creating an account on GitHub.
👍8
Dirty Pipe vulnerability affects Linux Kernel since 5.8 including Android (CVE-2022-0847)
This issue leads to LPE because unprivileged processes can inject code into root processes
Details and PoC exploit: https://dirtypipe.cm4all.com/
Demo of exploitation: https://www.instagram.com/p/Ca2JIOjgwF6/
This issue leads to LPE because unprivileged processes can inject code into root processes
Details and PoC exploit: https://dirtypipe.cm4all.com/
Demo of exploitation: https://www.instagram.com/p/Ca2JIOjgwF6/
👍13
Reverse engineering of a trojanized medical app — Android/Joker
- 4 different stages of DEX & JARs https://cryptax.medium.com/live-reverse-engineering-of-a-trojanized-medical-app-android-joker-632d114073c1
- 4 different stages of DEX & JARs https://cryptax.medium.com/live-reverse-engineering-of-a-trojanized-medical-app-android-joker-632d114073c1
Medium
Live reverse engineering of a trojanized medical app — Android/Joker
A few days ago, a tweet reporting an Android malware caught my attention, because it was apparently found inside a health-related…
👍10
A attacker can open a malicious url or 3rd party app in NextCloud Talk app https://hackerone.com/reports/1337178
HackerOne
Nextcloud disclosed on HackerOne: objectId in share location can be...
## Summary:
The NextCloud Talk app allows a user to share their location in the Mobile App.
The objectId= in ```/ocs/v2.php/apps/spreed/api/v1/chat/$token/share``` Can be set to a URL or Deeplink,...
The NextCloud Talk app allows a user to share their location in the Mobile App.
The objectId= in ```/ocs/v2.php/apps/spreed/api/v1/chat/$token/share``` Can be set to a URL or Deeplink,...
👍7👏5
Exploring the archived APKs powering Android’s new app archiving feature https://blog.esper.io/android-dessert-bites-16-app-archiving-857169/
Esper Blog
Offload app for Android: How app archiving works
Android's new app archiving feature can save loads of storage space thanks to a new archived APK file. Here's how it all works.
👍12👏3👎2
iOS Hacking - A Beginner's Guide to Hacking iOS Apps [2022 Edition]
https://martabyte.github.io/ios/hacking/2022/03/13/ios-hacking-en.html
https://martabyte.github.io/ios/hacking/2022/03/13/ios-hacking-en.html
martabyte
iOS Hacking - A Beginner’s Guide to Hacking iOS Apps [2022 Edition]
My first post will be about iOS Hacking, a topic I’m currently working on, so this will be a kind of gathering of all information I have found in my research. It must be noted that I won’t be using any MacOS tools, since the computer used for this task will…
👍22👏2👎1
Global Mobile Threat Report for 2021:
-30% of the known, zero-day vulnerabilities discovered in 2021 targeted mobile devices
-466% increase in exploited, zero-day vulnerabilities used in active attacks against mobile endpoints
-75% of the phishing sites analyzed specifically targeted mobile devices
-2,034,217 new mobile malware samples were detected
https://blog.zimperium.com/global-mobile-threat-report-key-insights/
-30% of the known, zero-day vulnerabilities discovered in 2021 targeted mobile devices
-466% increase in exploited, zero-day vulnerabilities used in active attacks against mobile endpoints
-75% of the phishing sites analyzed specifically targeted mobile devices
-2,034,217 new mobile malware samples were detected
https://blog.zimperium.com/global-mobile-threat-report-key-insights/
Zimperium
2022 Global Mobile Threat Report: Key Insights on the State of Mobile Security - Zimperium
What’s the mobile security landscape like today, how has it changed, and what can security teams expect over the course of 2022? To provide answers, we’ve
👍9🔥3