Dirty Pipe vulnerability affects Linux Kernel since 5.8 including Android (CVE-2022-0847)
This issue leads to LPE because unprivileged processes can inject code into root processes
Details and PoC exploit: https://dirtypipe.cm4all.com/
Demo of exploitation: https://www.instagram.com/p/Ca2JIOjgwF6/
This issue leads to LPE because unprivileged processes can inject code into root processes
Details and PoC exploit: https://dirtypipe.cm4all.com/
Demo of exploitation: https://www.instagram.com/p/Ca2JIOjgwF6/
👍13
Reverse engineering of a trojanized medical app — Android/Joker
- 4 different stages of DEX & JARs https://cryptax.medium.com/live-reverse-engineering-of-a-trojanized-medical-app-android-joker-632d114073c1
- 4 different stages of DEX & JARs https://cryptax.medium.com/live-reverse-engineering-of-a-trojanized-medical-app-android-joker-632d114073c1
Medium
Live reverse engineering of a trojanized medical app — Android/Joker
A few days ago, a tweet reporting an Android malware caught my attention, because it was apparently found inside a health-related…
👍10
A attacker can open a malicious url or 3rd party app in NextCloud Talk app https://hackerone.com/reports/1337178
HackerOne
Nextcloud disclosed on HackerOne: objectId in share location can be...
## Summary:
The NextCloud Talk app allows a user to share their location in the Mobile App.
The objectId= in ```/ocs/v2.php/apps/spreed/api/v1/chat/$token/share``` Can be set to a URL or Deeplink,...
The NextCloud Talk app allows a user to share their location in the Mobile App.
The objectId= in ```/ocs/v2.php/apps/spreed/api/v1/chat/$token/share``` Can be set to a URL or Deeplink,...
👍7👏5
Exploring the archived APKs powering Android’s new app archiving feature https://blog.esper.io/android-dessert-bites-16-app-archiving-857169/
Esper Blog
Offload app for Android: How app archiving works
Android's new app archiving feature can save loads of storage space thanks to a new archived APK file. Here's how it all works.
👍12👏3👎2
iOS Hacking - A Beginner's Guide to Hacking iOS Apps [2022 Edition]
https://martabyte.github.io/ios/hacking/2022/03/13/ios-hacking-en.html
https://martabyte.github.io/ios/hacking/2022/03/13/ios-hacking-en.html
martabyte
iOS Hacking - A Beginner’s Guide to Hacking iOS Apps [2022 Edition]
My first post will be about iOS Hacking, a topic I’m currently working on, so this will be a kind of gathering of all information I have found in my research. It must be noted that I won’t be using any MacOS tools, since the computer used for this task will…
👍22👏2👎1
Global Mobile Threat Report for 2021:
-30% of the known, zero-day vulnerabilities discovered in 2021 targeted mobile devices
-466% increase in exploited, zero-day vulnerabilities used in active attacks against mobile endpoints
-75% of the phishing sites analyzed specifically targeted mobile devices
-2,034,217 new mobile malware samples were detected
https://blog.zimperium.com/global-mobile-threat-report-key-insights/
-30% of the known, zero-day vulnerabilities discovered in 2021 targeted mobile devices
-466% increase in exploited, zero-day vulnerabilities used in active attacks against mobile endpoints
-75% of the phishing sites analyzed specifically targeted mobile devices
-2,034,217 new mobile malware samples were detected
https://blog.zimperium.com/global-mobile-threat-report-key-insights/
Zimperium
2022 Global Mobile Threat Report: Key Insights on the State of Mobile Security - Zimperium
What’s the mobile security landscape like today, how has it changed, and what can security teams expect over the course of 2022? To provide answers, we’ve
👍9🔥3
I created a Discord community for a better categorization and visibility of mobile InfoSec posts with option for you to participate and share or ask questions.
Join & share: https://discord.gg/ByrVsEvVTg
Join & share: https://discord.gg/ByrVsEvVTg
Discord
Join the Mobile Hacker Discord Server!
Check out the Mobile Hacker community on Discord - hang out with 756 other members and enjoy free voice and text chat.
👍18👏1
Theft of protected files by 3rd party Android app from ownCloud application
https://hackerone.com/reports/1454002
https://hackerone.com/reports/1454002
HackerOne
ownCloud disclosed on HackerOne: Theft of protected files on Android
There is an issue that allows to retrieve any files from protected directory of application - ```/data/data/com.owncloud.android/*```.
The issue is caused by exported activity...
The issue is caused by exported activity...
👍1
Frida iOS video tutorials
Introduction to Frida and iOS, low-level iOS interfaces (GCD, XPC, IOKit, Mach), and Objective-C instrumentation
Part I: https://youtu.be/h070-YZKOKE
Part II: https://youtu.be/qpEIRe2CP-w
Part III: https://youtu.be/x48y2ehfWGE
Introduction to Frida and iOS, low-level iOS interfaces (GCD, XPC, IOKit, Mach), and Objective-C instrumentation
Part I: https://youtu.be/h070-YZKOKE
Part II: https://youtu.be/qpEIRe2CP-w
Part III: https://youtu.be/x48y2ehfWGE
YouTube
iOS Reverse Engineering :: Part I :: Dynamic Reversing and iOS Basics
The first part covers Frida basics, such as using frida-trace and the stalker. Then, some more internals about debugging on iOS in general are added, such as debug profile, enhancing logging with jailbreaks, and the debugserver.
Find more iOS dynamic reversing…
Find more iOS dynamic reversing…
❤17👍4
Crypto Scam - CryptoRom - targets vulnerable iPhone (iOS TestFlight and WebClips) and Android users (APK)
How it works:
The campaign works by approaching potential targets through dating apps like Bumble, Tinder, Facebook Dating, and Grindr, before moving the conversation to messaging apps such as WhatsApp and urging the victims to install a cryptocurrency trading application that's designed to mimic popular brands and lock people out of their accounts and freeze their funds.
https://news.sophos.com/en-us/2022/03/16/cryptorom-bitcoin-swindlers-continue-to-target-vulnerable-iphone-and-android-users/
How it works:
The campaign works by approaching potential targets through dating apps like Bumble, Tinder, Facebook Dating, and Grindr, before moving the conversation to messaging apps such as WhatsApp and urging the victims to install a cryptocurrency trading application that's designed to mimic popular brands and lock people out of their accounts and freeze their funds.
https://news.sophos.com/en-us/2022/03/16/cryptorom-bitcoin-swindlers-continue-to-target-vulnerable-iphone-and-android-users/
Sophos News
CryptoRom Bitcoin swindlers continue to target vulnerable iPhone and Android users
Abuse of iOS TestFlight and WebClips—along with social engineering and lookalike web pages—lead to double- and triple-dipping by criminals into victims’ pockets.
👍3
Forwarded from The Bug Bounty Hunter
Unraveling Assets from Android Apps at Scale
https://bevigil.com/blog/unraveling-assets-from-android-apps-at-scale/
https://bevigil.com/blog/unraveling-assets-from-android-apps-at-scale/
BeVigil Blog
Unraveling Assets from Android Apps at Scale - BeVigil Blog
Over the years, large-scale scanning of the internet has enabled the security community to identify widespread vulnerabilities and mitigate them before they can be exploited.
👍10
Facestealer Trojan found in Google Play app with 100,000+ installs injects JavaScript to facebook\.com to steal Facebook Accounts credentials
https://threatpost.com/facestealer-trojan-google-play-facebook/179015/
https://threatpost.com/facestealer-trojan-google-play-facebook/179015/
Threat Post
Facestealer Trojan Hidden in Google Play Plunders Facebook Accounts
The trojanized Craftsart Cartoon Photo Tools app is available in the official Android app store, but it's actually spyware capable of stealing any and all information from victims' social-media accounts.
👍10
When Equal is Not, Another WebView Takeover Story
https://valsamaras.medium.com/when-equal-is-not-another-webview-takeover-story-730be8d6e202
https://valsamaras.medium.com/when-equal-is-not-another-webview-takeover-story-730be8d6e202
Medium
When Equal is Not, Another WebView Takeover Story
I have been assessing Android applications for some time and I must admit that despite the countless write-ups about unprotected WebViews…
👍6
Trojanized Android & iOS cryptocurrency wallet apps
Malicious code was inserted in specific place of legit apps manually, which required attacker to perform in-depth analysis of wallet first
https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/
Malicious code was inserted in specific place of legit apps manually, which required attacker to perform in-depth analysis of wallet first
https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/
WeLiveSecurity
Crypto malware in patched wallets targeting Android and iOS devices
ESET Research uncovers a sophisticated scheme that distributes trojanized Android and iOS apps posing as popular cryptocurrency wallets.
👍5🤩1
Dirty Pipe temporary root exploit for Android (Pixel 6)
https://github.com/polygraphene/DirtyPipe-Android
https://github.com/polygraphene/DirtyPipe-Android
GitHub
GitHub - polygraphene/DirtyPipe-Android: Dirty Pipe root exploit for Android (Pixel 6)
Dirty Pipe root exploit for Android (Pixel 6). Contribute to polygraphene/DirtyPipe-Android development by creating an account on GitHub.
👍12👏4
RTLO Injection URI Spoofing in mobile apps (CVE-2020-20093; CVE-2020-20094; CVE-2020-20095; CVE-2020-20096)
Affects all recent distributions of iOS iMessage, WhatsApp, Instagram, and Facebook Messenger as of 2019.8.15.
The user interface does not properly represent critical information to the user, allowing the information to be spoofed. This is often a component in online scams, phishing and disinformation propagation.
https://github.com/zadewg/RIUS
Affects all recent distributions of iOS iMessage, WhatsApp, Instagram, and Facebook Messenger as of 2019.8.15.
The user interface does not properly represent critical information to the user, allowing the information to be spoofed. This is often a component in online scams, phishing and disinformation propagation.
https://github.com/zadewg/RIUS
GitHub
GitHub - zadewg/RIUS: CVE-2020-20093; 20094; 20095; 20096, 2022-28345 RTLO Injection URI Spoofing
CVE-2020-20093; 20094; 20095; 20096, 2022-28345 RTLO Injection URI Spoofing - GitHub - zadewg/RIUS: CVE-2020-20093; 20094; 20095; 20096, 2022-28345 RTLO Injection URI Spoofing
👍13🥰1
Remotely steal bearer token via maliciously crafted deep link from Basecamp Android app
https://hackerone.com/reports/1372667
https://hackerone.com/reports/1372667
HackerOne
Basecamp disclosed on HackerOne: Able to steal bearer token from...
# Pre-requisities
Prior to exploitation you would be required to know the "account id" of the user that you are attacking. Whilst this makes it difficult to attack an application in a generic way...
Prior to exploitation you would be required to know the "account id" of the user that you are attacking. Whilst this makes it difficult to attack an application in a generic way...
👍7
A deep dive inside anti-reverse & universal bypass with Frida
https://raw.githubusercontent.com/FrenchYeti/unrasp/main/Slides/Forging_golden_hammer_against_android_app_protections_INSO22_FINAL.pdf
https://raw.githubusercontent.com/FrenchYeti/unrasp/main/Slides/Forging_golden_hammer_against_android_app_protections_INSO22_FINAL.pdf
👍10
Remote Code Execution in Evernote for Android by misusing path traversal vulnerability
https://hackerone.com/reports/1377748
https://hackerone.com/reports/1377748
HackerOne
Evernote disclosed on HackerOne: 2 click Remote Code execution in...
This vulnerability is similar to my previous reported vulnerability #1362313 , in here also weakness is path transversal vulnerability which helps me to acheive code execution but the root cause...
👍9
A short history of telephone hacking: from phreaking to mobile malware
https://bit-sentinel.com/a-short-history-of-telephone-hacking-from-phreaking-to-mobile-malware
https://bit-sentinel.com/a-short-history-of-telephone-hacking-from-phreaking-to-mobile-malware
Bit Sentinel
Telephone hacking: from phreaking to mobile malware
How did telephone hacking become so dangerous? Get ready for a short history: from phreaking to mobile malware!
👍12❤1
New APT group APT-Q-43 (#VajraEleph) discovered targeting Pakistani military personnel via targeted SMS or WhatsApp messages using Android RAT #VajraSpy impersonates chat apps
https://mp.weixin.qq.com/s/B0ElRhbqLzs-wGQh79fTww
https://mp.weixin.qq.com/s/B0ElRhbqLzs-wGQh79fTww
Weixin Official Accounts Platform
来自南亚的金刚象组织VajraEleph ——针对巴基斯坦军方人员的网络间谍活动披露
自2021年6月起至今,一个来自南亚某国背景的APT组织主要针对巴基斯坦军方展开了有组织、有计划、针对性的军事间谍情报活动。经过短短9个月的攻击,该组织已影响数十名巴基斯坦军方人员。这是奇安信独立发现并率先披露的第15个APT组织-金刚象。
👍8🔥5