Measurement SDK library (coelib.c.couluslibrary) implemented in various Android apps is responsible for collecting sensitive data such as Clipboard, GPS, Email, Phone Numbers, IMEI, SSID...
https://blog.appcensus.io/2022/04/06/the-curious-case-of-coulus-coelib/
https://blog.appcensus.io/2022/04/06/the-curious-case-of-coulus-coelib/
🔥6👍1
Android SharkBot Banking Trojan Discovered On Google Play Store Hidden Behind 7 New Apps
https://research.checkpoint.com/2022/google-is-on-guard-sharks-shall-not-pass/
https://research.checkpoint.com/2022/google-is-on-guard-sharks-shall-not-pass/
Check Point Research
Google is on guard: sharks shall not pass! - Check Point Research
Research by: Alex Shamshur, Raman Ladutska Introduction When you search for Anti-Virus (AV) solutions to protect your mobile devices, you don’t expect these solutions to do the opposite i.e. make devices vulnerable to malware. This what the Check Point Research…
👍2
Start Arbitrary Activity App Components as the System User Vulnerability Affecting Samsung Android Devices (CVE-2022-22292)
https://www.kryptowire.com/blog/start-arbitrary-activity-app-components-as-the-system-user-vulnerability-affecting-samsung-android-devices/
https://www.kryptowire.com/blog/start-arbitrary-activity-app-components-as-the-system-user-vulnerability-affecting-samsung-android-devices/
Quokka
Home
Strengthen your mobile security with Quokka’s mobile app risk intelligence, delivered via mobile app vetting and mobile app security testing. Identify and mitigate mobile threats and integrate seamlessly into your existing security stack and dev lifecycle.
👍9😢2
iOS ASN.1 Vulnerability analysis (CVE-2021-30737) https://googleprojectzero.blogspot.com/2022/04/cve-2021-30737-xerubs-2021-ios-asn1.html
Blogspot
CVE-2021-30737, @xerub's 2021 iOS ASN.1 Vulnerability
Posted by Ian Beer, Google Project Zero This blog post is my analysis of a vulnerability found by @xerub . Phrack published @xerub's...
👍8
New Android banking trojan - Octo - is capable of on-device fraud via VNC was available on Google Play Store
https://threatfabric.com/blogs/octo-new-odf-banking-trojan.html
https://threatfabric.com/blogs/octo-new-odf-banking-trojan.html
Threatfabric
Look out for Octo's tentacles! A new on-device fraud Android Banking Trojan with a rich legacy
ThreatFabric recently discovered Octo: a new Android banking malware trojan with a rich legacy.
🔥7👍1
APT-C-23 Campaign Targeting Israeli Officials via malicious Android chat apps
https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials
https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials
Cybereason
Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials
This APT-C-23 campaign involves of two previously undocumented malware strains dubbed Barb(ie) Downloader and BarbWire Backdoor, which use an enhanced stealth mechanism to remain undetected - in addition, Cybereason observed an upgraded version of an Android…
👍10
Forwarded from The Bug Bounty Hunter
Android Pentesting Setup On Macbook M1
https://magarajay538.medium.com/android-pentesting-setup-on-macbook-m1-d2f1f0a8db4b
https://magarajay538.medium.com/android-pentesting-setup-on-macbook-m1-d2f1f0a8db4b
Medium
Android Pentesting Setup On Macbook M1
Hello hackers,
👍15
[Beetlebug Android CTF] an open source insecure Android app with CTF challenges for Android Penetesters and Bug Bounty hunters
https://github.com/hafiz-ng/Beetlebug
https://github.com/hafiz-ng/Beetlebug
GitHub
GitHub - hafiz-ng/Beetlebug: Beetlebug is an open source insecure Android application with CTF challenges built for Android Penetration…
Beetlebug is an open source insecure Android application with CTF challenges built for Android Penetration Testers and Bug Bounty hunters. - hafiz-ng/Beetlebug
👍11👏4
Android Fakecall Banker: A Trojan that masquerades as a banking app and imitates phone conversations with bank employees
https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/
https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/
Kaspersky
The Fakecalls banking Trojan makes fake calls
A Trojan that masquerades as a banking app and imitates phone conversations with bank employees.
😱10👍1
Lol, I am running Kali NetHunter on smartwatches TicWatch Pro
No wifi support so far, but HID and nmap works fine 😁
https://www.instagram.com/p/CcP1r1mF_RJ/
No wifi support so far, but HID and nmap works fine 😁
https://www.instagram.com/p/CcP1r1mF_RJ/
🔥23💩4👍3😢3🤮3😁1
Step-by-step guide to reverse an APK protected with DexGuard using Jadx
https://blog.lexfo.fr/dexguard.html
https://blog.lexfo.fr/dexguard.html
👍8❤1
Forwarded from The Bug Bounty Hunter
CVE-2021-1782, an iOS in-the-wild vulnerability in vouchers
https://googleprojectzero.blogspot.com/2022/04/cve-2021-1782-ios-in-wild-vulnerability.html
https://googleprojectzero.blogspot.com/2022/04/cve-2021-1782-ios-in-wild-vulnerability.html
Blogspot
CVE-2021-1782, an iOS in-the-wild vulnerability in vouchers
Posted by Ian Beer, Google Project Zero This blog post is my analysis of a vulnerability exploited in the wild and patched in early 20...
👍8👏5❤3
Spyware Operation infected 63 targets with Pegasus (iOS), and four others with Candiru (Windows) spyware
-To compromise victims devices was used a previously-undisclosed iOS zero-click vulnerability called HOMAGE used by NSO Group
-Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations. Family members were also infected in some cases
https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/
-To compromise victims devices was used a previously-undisclosed iOS zero-click vulnerability called HOMAGE used by NSO Group
-Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations. Family members were also infected in some cases
https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/
The Citizen Lab
CatalanGate
The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware, including members of the European Parliament, Catalan Presidents, legislators, jurists, and members of…
👍9❤1
Windows 11 ToolBox noscript used to add the Google Play Store to the Android Subsystem has secretly infected users with malicious noscripts
https://www.bleepingcomputer.com/news/security/windows-11-tool-to-add-google-play-secretly-installed-malware/
https://www.bleepingcomputer.com/news/security/windows-11-tool-to-add-google-play-secretly-installed-malware/
BleepingComputer
Windows 11 tool to add Google Play secretly installed malware
A popular Windows 11 ToolBox noscript used to add the Google Play Store to the Android Subsystem has secretly infected users with malicious noscripts, Chrome extensions, and potentially other malware.
👍8🥰1
Forwarded from The Bug Bounty Hunter
Mobile MitM: Intercepting your Android App Traffic On the Go
https://www.eff.org/deeplinks/2022/04/mobile-mitm-intercepting-your-android-app-traffic-go
https://www.eff.org/deeplinks/2022/04/mobile-mitm-intercepting-your-android-app-traffic-go
Electronic Frontier Foundation
Mobile MitM: Intercepting Your Android App Traffic On the Go
In order to audit the privacy and security practices of the apps we use on a daily basis, we need to be able to inspect the network traffic they are sending. An app asking for permission to your
🔥4❤1
A Year in Review of 0-days Used In-the-Wild in 2021 by Google
In 2021 there were 7 #Android in-the-wild 0-days detected and disclosed:
- Qualcomm Adreno GPU driver (CVE-2020-11261, CVE-2021-1905, CVE-2021-1906)
- ARM Mali GPU driver (CVE-2021-28663, CVE-2021-28664)
- Upstream Linux kernel (CVE-2021-1048, CVE-2021-0920)
For the 5 total #iOS and macOS in-the-wild 0-days, they targeted 3 different attack surfaces:
- IOMobileFrameBuffer (CVE-2021-30807, CVE-2021-30883)
- XNU Kernel (CVE-2021-1782 & CVE-2021-30869)
- CoreGraphics (CVE-2021-30860)
- CommCenter (FORCEDENTRY sandbox escape - CVE requested, not yet assigned)
https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html
In 2021 there were 7 #Android in-the-wild 0-days detected and disclosed:
- Qualcomm Adreno GPU driver (CVE-2020-11261, CVE-2021-1905, CVE-2021-1906)
- ARM Mali GPU driver (CVE-2021-28663, CVE-2021-28664)
- Upstream Linux kernel (CVE-2021-1048, CVE-2021-0920)
For the 5 total #iOS and macOS in-the-wild 0-days, they targeted 3 different attack surfaces:
- IOMobileFrameBuffer (CVE-2021-30807, CVE-2021-30883)
- XNU Kernel (CVE-2021-1782 & CVE-2021-30869)
- CoreGraphics (CVE-2021-30860)
- CommCenter (FORCEDENTRY sandbox escape - CVE requested, not yet assigned)
https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html
Blogspot
The More You Know, The More You Know You Don’t Know
A Year in Review of 0-days Used In-the-Wild in 2021 Posted by Maddie Stone, Google Project Zero This is our third annual year in rev...
🔥7👍3❤1🥰1👏1
RCE vulnerability found in Qualcomm/MediaTek chips would allow attacker to gain control over a user's multimedia data, including streaming from a compromised machine's camera (CVE-2021-0674, CVE-2021-0675, CVE-2021-30351)
Exploitation: A threat actor could have sent a song (media file) and when played by a potential victim, it could have injected code in the privileged media service. The threat actor could have seen what the mobile phone user sees on their phone.
https://blog.checkpoint.com/2022/04/21/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/
Exploitation: A threat actor could have sent a song (media file) and when played by a potential victim, it could have injected code in the privileged media service. The threat actor could have seen what the mobile phone user sees on their phone.
https://blog.checkpoint.com/2022/04/21/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/
Check Point Blog
Vulnerabilities In The ALAC Format - Check Point Blog
Check Point Research discovered vulnerabilities in the ALAC format that could have led an attacker to remotely get access to its media and audio conversations
👍16👏2
Android Bianlian Botnet (AKA Hydra) Trying to Bypass Photo TAN Used for Mobile Banking
https://www.fortinet.com/blog/threat-research/android-bianlian-botnet-mobile-banking
https://www.fortinet.com/blog/threat-research/android-bianlian-botnet-mobile-banking
Fortinet Blog
Android/Bianlian Botnet Trying to Bypass Photo TAN Used for Mobile Banking
FortiGuard Labs has been closely investigating the Android BianLian botnet (also known as Hydra). Although it emerged in 2018, it is still alive in 2022. Our blog provides a brief analysis as well …
👍6
Google Play developers must declare what data their software collects from users of their app.
(Developers can begin declaring how collected data is used starting today, with the deadline to complete their submissions being July 20th, 2022) https://www.bleepingcomputer.com/news/security/google-play-store-now-forces-apps-to-disclose-what-data-is-collected/
(Developers can begin declaring how collected data is used starting today, with the deadline to complete their submissions being July 20th, 2022) https://www.bleepingcomputer.com/news/security/google-play-store-now-forces-apps-to-disclose-what-data-is-collected/
BleepingComputer
Google Play Store now forces apps to disclose what data is collected
Google is rolling out a new Data Safety section on the Play Store, Android's official app repository, where developers must declare what data their software collects from users of their apps.
👍27👎2❤1🤔1