Android analysis of Nicro malware
https://github.com/maddiestone/ConPresentations/blob/master/REcon2019.PathToThePayload.pdf
https://github.com/maddiestone/ConPresentations/blob/master/REcon2019.PathToThePayload.pdf
You have to pay $1.99 for deleting your profile in dating app.
New scam technique?
"Because of the huge workload, we will charge $1.99 as service fee."
https://www.reddit.com/r/assholedesign/comments/c7nqw5/i_got_a_dating_app_but_wanted_to_delete_my/
New scam technique?
"Because of the huge workload, we will charge $1.99 as service fee."
https://www.reddit.com/r/assholedesign/comments/c7nqw5/i_got_a_dating_app_but_wanted_to_delete_my/
I went to Cirque du Soleil show - TORUK, where they offer app to be part of the show App would sync all the devices in audience with effects.
The first thing that came to my mind was if I can hack them...next day I found bug where I could control the show.
TORUK app left open port 6161 and accepted any request to perform commands at the show:
-change volume settings
-discover nearby Bluetooth devices
-display animations
-read or write to shared preferences
-set the position of the “Like” Facebook
https://androidappwatch.eset.com/latest-posts/a-great-show-is-now-history-as-is-its-insecure-mobile-app/
The first thing that came to my mind was if I can hack them...next day I found bug where I could control the show.
TORUK app left open port 6161 and accepted any request to perform commands at the show:
-change volume settings
-discover nearby Bluetooth devices
-display animations
-read or write to shared preferences
-set the position of the “Like” Facebook
https://androidappwatch.eset.com/latest-posts/a-great-show-is-now-history-as-is-its-insecure-mobile-app/
ESET
A great show is now history, as is its insecure mobile app
News about ESET's awards and recognitions, directly from the maker of legendary NOD32 technology.
Adware campaign discovered on Google Play
111 apps were found on Play Store with 9M+ installs.
https://blog.trendmicro.com/trendlabs-security-intelligence/adware-campaign-identified-from-182-game-and-camera-apps-on-google-play-and-third-party-stores-like-9apps/
111 apps were found on Play Store with 9M+ installs.
https://blog.trendmicro.com/trendlabs-security-intelligence/adware-campaign-identified-from-182-game-and-camera-apps-on-google-play-and-third-party-stores-like-9apps/
Trend Micro
Research, News, and Perspectives
Malicious campaign that for years was using Facebook pages to spread malware across mobile and desktop environments targeting Libya 🇱🇾.
Threat actor used known open source Android RAT tools such as SpyNote.
https://research.checkpoint.com/operation-tripoli/
Threat actor used known open source Android RAT tools such as SpyNote.
https://research.checkpoint.com/operation-tripoli/
Check Point Research
Operation Tripoli - Check Point Research
Check Point Research recently came across a large-scale campaign that for years was using Facebook pages to spread malware across mobile and desktop environments, with one target country in mind: Libya. It seems that the tense political situation in Libya…
Top Android malware threats of June, 2019
Full list - http://skptr.me/malware_timeline_2019.html
Download samples - https://github.com/sk3ptre/AndroidMalware_2019/blob/master/README.md
Full list - http://skptr.me/malware_timeline_2019.html
Download samples - https://github.com/sk3ptre/AndroidMalware_2019/blob/master/README.md
GitHub
AndroidMalware_2019/README.md at master · sk3ptre/AndroidMalware_2019
Popular Android threats in 2019. Contribute to sk3ptre/AndroidMalware_2019 development by creating an account on GitHub.
Android Security Bulletin—July 2019
The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
Stay updated, stay secure.
https://source.android.com/security/bulletin/2019-07-01.html#2019-07-01-details
The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
Stay updated, stay secure.
https://source.android.com/security/bulletin/2019-07-01.html#2019-07-01-details
FridaLoader - One click tool to download and launch the latest version of the Frida x86 Server on a Genymotion emulator. #tool
https://github.com/dineshshetty/FridaLoader
https://github.com/dineshshetty/FridaLoader
GitHub
GitHub - dineshshetty/FridaLoader: A quick and dirty app to download and launch Frida on Genymotion and rooted Physical Android…
A quick and dirty app to download and launch Frida on Genymotion and rooted Physical Android Devices - dineshshetty/FridaLoader
New version of WannaLocker, the WannaCry copycat for mobile, which bundles spyware, remote-access-Trojan (RAT) malware, and banking Trojan malware in one nasty package.
https://blog.avast.com/wannalocker-targets-banks-in-brazil
https://blog.avast.com/wannalocker-targets-banks-in-brazil
Avast
WannaLocker targets banks in Brazil – Avast
Find out how Avast threat researcher Nikolaos Chrysaidos tracked a new version of malware that combines spyware, remote-access-Trojan malware, and banking Trojan malware
Did you know that app developer on Google Play can based on user localization change app icon?
https://twitter.com/LukasStefanko/status/1145952428887543810
https://twitter.com/LukasStefanko/status/1145952428887543810
Twitter
Lukas Stefanko
Did you know that app developer on Google Play can based on user localization change app icon? These two same apps use different icon. One of them mimics original Minecraft. Screenshots: Spain vs. USA Founds by @hugofqbo
China Is Forcing Tourists to Install Text-Stealing Malware at its Border
The malware downloads a tourist’s text messages, calendar entries, and phone logs, as well as scans the device for over 70,000 different files.
https://www.vice.com/amp/en_us/article/7xgame/at-chinese-border-tourists-forced-to-install-a-text-stealing-piece-of-malware
APK: https://github.com/motherboardgithub/bxaq
The malware downloads a tourist’s text messages, calendar entries, and phone logs, as well as scans the device for over 70,000 different files.
https://www.vice.com/amp/en_us/article/7xgame/at-chinese-border-tourists-forced-to-install-a-text-stealing-piece-of-malware
APK: https://github.com/motherboardgithub/bxaq
Vice
China Is Forcing Tourists to Install Text-Stealing Malware at its Border
The malware downloads a tourist’s text messages, calendar entries, and phone logs, as well as scans the device for over 70,000 different files.
Vulnerabilities in smart home hub allows hacker to open front door locks. #IoT
https://blackmarble.sh/zipato-smart-hub/
https://blackmarble.sh/zipato-smart-hub/
BlackMarble
Breaking & Entering with Zipato SmartHubs
Breaking & Entering with Zipato SmartHubs using Pass-The-Hash vulnerability to unlock doors remotely.
“Watering Hole” is a cyber attack strategy in which the victim is a particular group (organization, industry, or region).
In this attack, the attacker typically observes which websites or apps the group uses and infects one or more of them with malware.
https://blog.zimperium.com/the-mobile-watering-hole-how-a-sip-leads-to-a-trojan-compromise/
In this attack, the attacker typically observes which websites or apps the group uses and infects one or more of them with malware.
https://blog.zimperium.com/the-mobile-watering-hole-how-a-sip-leads-to-a-trojan-compromise/
Zimperium Mobile Security Blog
How a Sip Leads to a Trojan Compromise | Mobile Watering Hole
The Watering Holes attack vector can be very effective. Once the application is on the device, we have shown how the espionage actions are easy to perform.
HiddenApp adware found again on Google Play with 100k+ installs
https://twitter.com/s_metanka/status/1146113662169563137?s=19
https://twitter.com/s_metanka/status/1146113662169563137?s=19
Twitter
smtnk
Icon-hiding #Android adware, 100,000+ installs https://t.co/GAsrSYEyhV @GooglePlay
Security of messaging apps
https://drive.google.com/file/d/1TkBq8Y8pBmNM-uBV3p5TyMF_ZAWVTyVY/view
https://drive.google.com/file/d/1TkBq8Y8pBmNM-uBV3p5TyMF_ZAWVTyVY/view
Google Docs
recon_slides_2019.pdf
Analysis of a new wave of Android malware family - BianLian
https://www.fortinet.com/blog/threat-research/new-wave-bianlian-malware.html
https://www.fortinet.com/blog/threat-research/new-wave-bianlian-malware.html
Fortinet Blog
BianLian: A New Wave Emerges
The FortiGuard Labs team has encountered a new version of the BianLian malware family with new functionalities and unseen techniques to hide its true functionality. Read more about this breaking th…