Forwarded from The Bug Bounty Hunter
Mobile MitM: Intercepting your Android App Traffic On the Go
https://www.eff.org/deeplinks/2022/04/mobile-mitm-intercepting-your-android-app-traffic-go
https://www.eff.org/deeplinks/2022/04/mobile-mitm-intercepting-your-android-app-traffic-go
Electronic Frontier Foundation
Mobile MitM: Intercepting Your Android App Traffic On the Go
In order to audit the privacy and security practices of the apps we use on a daily basis, we need to be able to inspect the network traffic they are sending. An app asking for permission to your
🔥4❤1
A Year in Review of 0-days Used In-the-Wild in 2021 by Google
In 2021 there were 7 #Android in-the-wild 0-days detected and disclosed:
- Qualcomm Adreno GPU driver (CVE-2020-11261, CVE-2021-1905, CVE-2021-1906)
- ARM Mali GPU driver (CVE-2021-28663, CVE-2021-28664)
- Upstream Linux kernel (CVE-2021-1048, CVE-2021-0920)
For the 5 total #iOS and macOS in-the-wild 0-days, they targeted 3 different attack surfaces:
- IOMobileFrameBuffer (CVE-2021-30807, CVE-2021-30883)
- XNU Kernel (CVE-2021-1782 & CVE-2021-30869)
- CoreGraphics (CVE-2021-30860)
- CommCenter (FORCEDENTRY sandbox escape - CVE requested, not yet assigned)
https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html
In 2021 there were 7 #Android in-the-wild 0-days detected and disclosed:
- Qualcomm Adreno GPU driver (CVE-2020-11261, CVE-2021-1905, CVE-2021-1906)
- ARM Mali GPU driver (CVE-2021-28663, CVE-2021-28664)
- Upstream Linux kernel (CVE-2021-1048, CVE-2021-0920)
For the 5 total #iOS and macOS in-the-wild 0-days, they targeted 3 different attack surfaces:
- IOMobileFrameBuffer (CVE-2021-30807, CVE-2021-30883)
- XNU Kernel (CVE-2021-1782 & CVE-2021-30869)
- CoreGraphics (CVE-2021-30860)
- CommCenter (FORCEDENTRY sandbox escape - CVE requested, not yet assigned)
https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html
Blogspot
The More You Know, The More You Know You Don’t Know
A Year in Review of 0-days Used In-the-Wild in 2021 Posted by Maddie Stone, Google Project Zero This is our third annual year in rev...
🔥7👍3❤1🥰1👏1
RCE vulnerability found in Qualcomm/MediaTek chips would allow attacker to gain control over a user's multimedia data, including streaming from a compromised machine's camera (CVE-2021-0674, CVE-2021-0675, CVE-2021-30351)
Exploitation: A threat actor could have sent a song (media file) and when played by a potential victim, it could have injected code in the privileged media service. The threat actor could have seen what the mobile phone user sees on their phone.
https://blog.checkpoint.com/2022/04/21/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/
Exploitation: A threat actor could have sent a song (media file) and when played by a potential victim, it could have injected code in the privileged media service. The threat actor could have seen what the mobile phone user sees on their phone.
https://blog.checkpoint.com/2022/04/21/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/
Check Point Blog
Vulnerabilities In The ALAC Format - Check Point Blog
Check Point Research discovered vulnerabilities in the ALAC format that could have led an attacker to remotely get access to its media and audio conversations
👍16👏2
Android Bianlian Botnet (AKA Hydra) Trying to Bypass Photo TAN Used for Mobile Banking
https://www.fortinet.com/blog/threat-research/android-bianlian-botnet-mobile-banking
https://www.fortinet.com/blog/threat-research/android-bianlian-botnet-mobile-banking
Fortinet Blog
Android/Bianlian Botnet Trying to Bypass Photo TAN Used for Mobile Banking
FortiGuard Labs has been closely investigating the Android BianLian botnet (also known as Hydra). Although it emerged in 2018, it is still alive in 2022. Our blog provides a brief analysis as well …
👍6
Google Play developers must declare what data their software collects from users of their app.
(Developers can begin declaring how collected data is used starting today, with the deadline to complete their submissions being July 20th, 2022) https://www.bleepingcomputer.com/news/security/google-play-store-now-forces-apps-to-disclose-what-data-is-collected/
(Developers can begin declaring how collected data is used starting today, with the deadline to complete their submissions being July 20th, 2022) https://www.bleepingcomputer.com/news/security/google-play-store-now-forces-apps-to-disclose-what-data-is-collected/
BleepingComputer
Google Play Store now forces apps to disclose what data is collected
Google is rolling out a new Data Safety section on the Play Store, Android's official app repository, where developers must declare what data their software collects from users of their apps.
👍27👎2❤1🤔1
PoC kernel r/w exploit for iOS 15.0 - 15.1.1 that was patched in iOS 15.2 (CVE-2021-30937) https://github.com/potmdehex/multicast_bytecopy
GitHub
GitHub - potmdehex/multicast_bytecopy: kernel r/w exploit for iOS 15.0 - 15.1.1
kernel r/w exploit for iOS 15.0 - 15.1.1. Contribute to potmdehex/multicast_bytecopy development by creating an account on GitHub.
👍5😁4
In 2021 Google blocked 1.2 million policy violating apps from being published on Google Play
- banned 190k malicious and spammy developer accounts in 2021
- closed around 500k developer accounts that are inactive or abandoned
https://security.googleblog.com/2022/04/how-we-fought-bad-apps-and-developers.html
- banned 190k malicious and spammy developer accounts in 2021
- closed around 500k developer accounts that are inactive or abandoned
https://security.googleblog.com/2022/04/how-we-fought-bad-apps-and-developers.html
Google Online Security Blog
How we fought bad apps and developers in 2021
Posted by Steve Kafka and Khawaja Shams, Android Security and Privacy Team Providing a safe experience to billions of users continues to ...
👍16
Reverse engineering and analysis of a Android fiscal printer
https://www.shielder.com/blog/2022/04/printing-fake-fiscal-receipts-an-italian-job-p.1/
https://www.shielder.com/blog/2022/04/printing-fake-fiscal-receipts-an-italian-job-p.1/
Shielder
Shielder - Printing Fake Fiscal Receipts - An Italian Job p.1
Reverse engineering and analysis of a fiscal printer device for fun and (real) profit.
👏13👍3❤1🥰1
Android 13 adds a security feature that BLOCKS users from enabling accessibility services for apps they sideloaded outside of an app store. This is designed to combat banking trojans and spyware that misuse Accessibility APIs
https://blog.esper.io/android-13-sideloading-restriction-harder-malware-abuse-accessibility-apis/
https://blog.esper.io/android-13-sideloading-restriction-harder-malware-abuse-accessibility-apis/
👍23
NetHunter Wi-Fi packet capturing on Android and Rubber Ducky running on smartwatches mobile combo
https://youtube.com/shorts/mepZZu78hSI
https://youtube.com/shorts/mepZZu78hSI
👍16👏1
Instagram Credentials Stealer: Disguised as Mod App
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/instagram-credentials-stealer-disguised-as-mod-app/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/instagram-credentials-stealer-disguised-as-mod-app/
McAfee Blog
Instagram credentials Stealer: Disguised as Mod App | McAfee Blog
Authored by Dexter Shin McAfee’s Mobile Research Team introduced a new Android malware targeting Instagram users who want to increase their followers or
Instagram Credentials Stealers: Free Followers or Free Likes
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/instagram-credentials-stealers-free-followers-or-free-likes/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/instagram-credentials-stealers-free-followers-or-free-likes/
McAfee Blog
Instagram credentials Stealers: Free Followers or Free Likes | McAfee Blog
Authored by Dexter Shin Instagram has become a platform with over a billion monthly active users. Many of Instagram's users are looking to increase their
🔥6😱1
NahamCon CTF 2022 Write-up: Click Me! Android challenge
https://infosecwriteups.com/nahamcon-ctf-2022-write-up-click-me-android-challenge-63ccba7cb663
https://infosecwriteups.com/nahamcon-ctf-2022-write-up-click-me-android-challenge-63ccba7cb663
Medium
NahamCon CTF 2022 Write-up: Click Me! Android challenge
NahamSec, John Hammond & few other folks hosted a CTF this weekend. I solved Android challenges, the challenges were really fun. I decided…
👍9
Mobile-Related Threats by Avast for Q1/2022 (Adware, Bankers, PremiumSMS, Ransomware)
https://decoded.avast.io/threatresearch/avast-q1-2022-threat-report/
https://decoded.avast.io/threatresearch/avast-q1-2022-threat-report/
Avast Threat Labs
Avast Q1/2022 Threat Report - Avast Threat Labs
Cyberwarfare between Ukraine and Russia Foreword The first quarter of 2022 is over, so we are here again to share insights into the threat landscape and what we’ve seen in the wild. Under normal circumstances, I would probably highlight mobile spyware related…
👍7😁2😱1
Samsung Flow - Any App Can Read The External Storage CVE-2022-28775
A rogue application could use this issue to read contents on the device's external storage without requiring the proper Android permissions
https://labs.f-secure.com/advisories/samsung-flow-any-app-can-read-the-external-storage/
A rogue application could use this issue to read contents on the device's external storage without requiring the proper Android permissions
https://labs.f-secure.com/advisories/samsung-flow-any-app-can-read-the-external-storage/
👍6
Samsung Galaxy - Any App Can Install Any App In The Galaxy App Store CVE-2022-28776
This new intent received by the Galaxy App Store could be manipulated in such a way that the Galaxy App Store would be forced to automatically install other applications onto the victim's device without consent
https://labs.f-secure.com/advisories/samsung-galaxy-any-app-can-install-any-app/
This new intent received by the Galaxy App Store could be manipulated in such a way that the Galaxy App Store would be forced to automatically install other applications onto the victim's device without consent
https://labs.f-secure.com/advisories/samsung-galaxy-any-app-can-install-any-app/
👍6
Warning: GRIM and Magnus Android Botnets are Underground
https://www.fortinet.com/blog/threat-research/grim-magnus-android-botnets
https://www.fortinet.com/blog/threat-research/grim-magnus-android-botnets
Fortinet Blog
Warning: GRIM and Magnus Android Botnets are Underground | FortiGuard Labs
Since the beginning of 2022, there are more Android botnet newcomers. FortiGuard Labs has seen two new banking botnets: GRIM and Magnus. Read our blog to find out more.…
👍2
Mobile subnoscription Trojans and their little tricks
https://securelist.com/mobile-subnoscription-trojans-and-their-tricks/106412/
https://securelist.com/mobile-subnoscription-trojans-and-their-tricks/106412/
Securelist
The Trojan subscribers Joker, MobOk, Vesub and GriftHorse
Kaspersky analysis of mobile subnoscription Trojans Joker (Jocker), MobOk, Vesub and GriftHorse and their activity: technical denoscription and statistics.
👍11👏3
The noscript to install important Android Pentesting tools & configure genymotion emulator automatically with tools
https://xenion0.github.io/xenion/posts/Android-install/
https://xenion0.github.io/xenion/posts/Android-install/
Xenion
Android Pentest Setup Environment
Android pentesting Setup Environment
👍16❤6
Reversing an Android sample which uses Flutter
https://cryptax.medium.com/reversing-an-android-sample-which-uses-flutter-23c3ff04b847
https://cryptax.medium.com/reversing-an-android-sample-which-uses-flutter-23c3ff04b847
Medium
Reversing an Android sample which uses Flutter
Flutter is a framework able to build multi-platform apps (e.g. iOS and Android) from a single code base. The same source code is able to…
👍31
Google Play Store App with 10,000+ Served Android Teabot/Anatsa Banking Trojan
https://labs.k7computing.com/index.php/play-store-app-serves-teabot-via-github/
https://labs.k7computing.com/index.php/play-store-app-serves-teabot-via-github/
K7 Labs
Play Store App Serves Teabot Via GitHub
We at K7 Labs recently came across this twitter post aboutTeabot (aka ‘Anatsa’) a banking Trojan. The main infection vector […]
👍2