SMSFactory Android Trojan producing high costs for victims
https://blog.avast.com/smsfactory-android-trojan
https://blog.avast.com/smsfactory-android-trojan
Avast
SMSFactory Android Trojan producing high costs for victims
Avast protected more than 165,000 people across the globe from TrojanSMS malware SMSFactory within a year.
🔥7
Malicious App spread through Phishing and Google Play and Huawei's AppGallery App Store
https://www.d3lab.net/malicious-app-spread-through-italian-phishing-and-official-app-store/
https://www.d3lab.net/malicious-app-spread-through-italian-phishing-and-official-app-store/
D3Lab
🇬🇧 Malicious App spread through Italian Phishing and official App Store
Since the end of 2019 there has been a change in bank phishing campaigns against Italian users who have introduced the combined use in a massive manner of methods until then used exclusively for targeted attacks, such as:
Vishing (telephone phishing);Smishing…
Vishing (telephone phishing);Smishing…
🔥6
Mobile Banking Heists: The Emerging Threats and How to Respond
https://storage.pardot.com/66612/1654181473nzPs3Zrz/Zimperium_Mobile_Bank_Heists_Report_0622.pdf
https://storage.pardot.com/66612/1654181473nzPs3Zrz/Zimperium_Mobile_Bank_Heists_Report_0622.pdf
🔥4❤1👍1
Vulnerability within the UNISOC baseband opens mobile phones communications to remote hacker attacks (CVE-2022-20210)
https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/
https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/
Check Point Research
Vulnerability within the UNISOC baseband opens mobile phones communications to remote hacker attacks - Check Point Research
Introduction Do you remember push-button telephones? Many of them were based on chips from Spreadtrum Communications Inc., a Chinese chip manufacturer founded in 2001. In 2011, over half of all phones in China were powered by Spreadtrum chips. In 2018, Spreadtrum…
👍7
Mobile forensic & network analysis
PiRogue tool suite (PTS) is an open-source tool suite that provides a comprehensive mobile forensic and network traffic analysis platform targeting Android, iOS and IoT devices
https://piroguetoolsuite.github.io/
PiRogue tool suite (PTS) is an open-source tool suite that provides a comprehensive mobile forensic and network traffic analysis platform targeting Android, iOS and IoT devices
https://piroguetoolsuite.github.io/
PiRogue Tool Suite
Mobile forensic & digital investigation
PiRogue tool suite (PTS) provides a platform combining analysis tools, knowledge management, incident response management and artifact management, which allows NGOs with limited resources to equip themselves at a low cost. The project consists of an open…
🔥5👍2
New “Developer Mode” in iOS 16!
In order to install self-signed apps into your iOS device, you can now enable developer mode
https://developer.apple.com/documentation/xcode/enabling-developer-mode-on-a-device
In order to install self-signed apps into your iOS device, you can now enable developer mode
https://developer.apple.com/documentation/xcode/enabling-developer-mode-on-a-device
🔥3
Apple blocked 1.6 million risky and untrustworthy apps and app updates in 2021
- over 835,000 problematic new apps, and an additional 805,000 app updates
- more than 34,500 apps were rejected for containing hidden or undocumented features
- 157,000 apps were rejected because they were found to be spam, copycats, or misleading to users, such as manipulating them into making a purchase
- over 343,000 apps for requesting more user data than necessary or mishandling data they already collected
https://www.apple.com/newsroom/2022/06/app-store-stopped-nearly-one-point-five-billion-in-fraudulent-transactions-in-2021/
- over 835,000 problematic new apps, and an additional 805,000 app updates
- more than 34,500 apps were rejected for containing hidden or undocumented features
- 157,000 apps were rejected because they were found to be spam, copycats, or misleading to users, such as manipulating them into making a purchase
- over 343,000 apps for requesting more user data than necessary or mishandling data they already collected
https://www.apple.com/newsroom/2022/06/app-store-stopped-nearly-one-point-five-billion-in-fraudulent-transactions-in-2021/
Apple Newsroom
App Store stopped nearly $1.5 billion in fraudulent transactions in 2021
App Store prevented over 1.6 million risky and untrustworthy apps and app updates from defrauding users throughout the year.
👍14🥰2
How to Reverse Engineer and Patch an iOS Application for Beginners: Part I
https://www.inversecos.com/2022/06/how-to-reverse-engineer-and-patch-ios.html
https://www.inversecos.com/2022/06/how-to-reverse-engineer-and-patch-ios.html
Inversecos
How to Reverse Engineer and Patch an iOS Application for Beginners: Part I
👍17❤1🥰1
Instagram credentials Stealers: Free Followers or Free Likes https://www.mcafee.com/blogs/other-blogs/mcafee-labs/instagram-credentials-stealers-free-followers-or-free-likes/
McAfee Blog
Instagram credentials Stealers: Free Followers or Free Likes | McAfee Blog
Authored by Dexter Shin Instagram has become a platform with over a billion monthly active users. Many of Instagram's users are looking to increase their
👍6🔥1
Android Malware Analysis 4: Spyware
https://www.purpl3f0xsecur1ty.tech/2022/06/02/OceanLotus_backdoor.html
https://www.purpl3f0xsecur1ty.tech/2022/06/02/OceanLotus_backdoor.html
Purpl3 F0x Secur1ty
Real-world Android Malware Analysis 4: thisisme.thisapp.inspxctor
Intro In previous blog posts, I’ve covered a couple of phishing apps that were pretty simple to reverse engineer because they weren’t very complex or heavily obfuscated. Today, we’re going to look at a backdoor with spyware capabilities that is also fairly…
👍5
Bluetooth BLE signals can be used to identify and track smartphones
https://jacobsschool.ucsd.edu/news/release/3461
https://jacobsschool.ucsd.edu/news/release/3461
jacobsschool.ucsd.edu
Bluetooth signals can be used to identify and track smartphones
A team of engineers at the University of California San Diego has demonstrated for the first time that the Bluetooth signals emitted constantly by our mobile phones have a unique fingerprint that can be used to track individuals’ movements.
🔥7👍2
Analysis of Malware Android Software Spread by Sidewinder (APT-Q-39) Using Google Play [translated]
https://mp-weixin-qq-com.translate.goog/s/LaWE4R24D7og-d7sWvsGyg?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=en
https://mp-weixin-qq-com.translate.goog/s/LaWE4R24D7og-d7sWvsGyg?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=en
🔥5
Hydra Android Malware Distributed Via Play Store
https://blog.cyble.com/2022/06/13/hydra-android-malware-distributed-via-play-store/
https://blog.cyble.com/2022/06/13/hydra-android-malware-distributed-via-play-store/
Cyble
Cyble - Fake Document Manager App Downloading Hydra Banking Trojan
Cyble analyzes a resurfaced version of Hydra malware distributed via a fake Document Manager app on the Play Store.
🔥11👍3
Analysis of Android banking Trojan MaliBot that is based on S.O.V.A banker
https://www.f5.com/labs/articles/threat-intelligence/f5-labs-investigates-malibot
https://www.f5.com/labs/articles/threat-intelligence/f5-labs-investigates-malibot
F5 Labs
F5 Labs Investigates MaliBot | F5 Labs
We found a novel malware strain that is targeting financial sites in Italy and Spain... so far.
🔥3
Doctor Web’s May 2022 review of virus activity on mobile devices
https://news.drweb.com/show/review/?lng=en&i=14500
https://news.drweb.com/show/review/?lng=en&i=14500
Dr.Web
Dr.Web — Doctor Web’s May 2022 review of virus activity on mobile devices
In May, the activity of the <vir>Android.Spy.4498</vir> trojan, which steals information from other apps’ notifications, decreased by 13.48%. However, this malware is still the most widespread Android threat. <vir>Android.HiddenAds</vir> adware trojans are…
👏6
Forwarded from The Bug Bounty Hunter
XSS Blind Stored at Asset Domain Android Apps TikTok
https://aidilarf.medium.com/xss-blind-stored-at-asset-domain-android-apps-tiktok-ae2f4c2dbc07
https://aidilarf.medium.com/xss-blind-stored-at-asset-domain-android-apps-tiktok-ae2f4c2dbc07
Medium
XSS Blind Stored at Asset Domain Android Apps TikTok
Hi everyone
🤔6👍3👏3
Lookout Uncovers Android Spyware Deployed in Kazakhstan #Hermit
https://www.lookout.com/blog/hermit-spyware-discovery
https://www.lookout.com/blog/hermit-spyware-discovery
Lookout
Lookout Uncovers Hermit Spyware Deployed in Kazakhstan | Threat Intel
Lookout researchers have uncovered enterprise-grade Android surveillanceware used by the government of Kazakhstan within its borders.
🔥13👍3
BRATA is evolving into an Advanced Persistent Threat
https://www.cleafy.com/cleafy-labs/brata-is-evolving-into-an-advanced-persistent-threat
https://www.cleafy.com/cleafy-labs/brata-is-evolving-into-an-advanced-persistent-threat
Cleafy
BRATA is evolving into an APT | Cleafy Labs
The mobile banking malware BRATA keeps evolving into an APT. Read here the new Technical Report, which explains in detail how it monitors banks' account and how to prevent it.
👍14
Android 101 (Android operating system and its internals)
https://secrary.com/android-reversing/android101/
https://secrary.com/android-reversing/android101/
👍13😁1
Tracking Android/Joker payloads with Medusa, static analysis (and patience)
https://cryptax.medium.com/tracking-android-joker-payloads-with-medusa-static-analysis-and-patience-672348b81ac2
https://cryptax.medium.com/tracking-android-joker-payloads-with-medusa-static-analysis-and-patience-672348b81ac2
Medium
Tracking Android/Joker payloads with Medusa, static analysis (and patience)
I am looking into a new sample of Android/Joker, reported on June 19, 2022 by @ReBensk:
👍20
Lab Setup for Android Pentesting on Android Emulator (M1 Macbook)
https://guptashubham.com/blog/lab-setup-for-android-pentesting-on-android-emulator-m1-macbook
https://guptashubham.com/blog/lab-setup-for-android-pentesting-on-android-emulator-m1-macbook
👍1