Apple blocked 1.6 million risky and untrustworthy apps and app updates in 2021
- over 835,000 problematic new apps, and an additional 805,000 app updates
- more than 34,500 apps were rejected for containing hidden or undocumented features
- 157,000 apps were rejected because they were found to be spam, copycats, or misleading to users, such as manipulating them into making a purchase
- over 343,000 apps for requesting more user data than necessary or mishandling data they already collected
https://www.apple.com/newsroom/2022/06/app-store-stopped-nearly-one-point-five-billion-in-fraudulent-transactions-in-2021/
- over 835,000 problematic new apps, and an additional 805,000 app updates
- more than 34,500 apps were rejected for containing hidden or undocumented features
- 157,000 apps were rejected because they were found to be spam, copycats, or misleading to users, such as manipulating them into making a purchase
- over 343,000 apps for requesting more user data than necessary or mishandling data they already collected
https://www.apple.com/newsroom/2022/06/app-store-stopped-nearly-one-point-five-billion-in-fraudulent-transactions-in-2021/
Apple Newsroom
App Store stopped nearly $1.5 billion in fraudulent transactions in 2021
App Store prevented over 1.6 million risky and untrustworthy apps and app updates from defrauding users throughout the year.
👍14🥰2
How to Reverse Engineer and Patch an iOS Application for Beginners: Part I
https://www.inversecos.com/2022/06/how-to-reverse-engineer-and-patch-ios.html
https://www.inversecos.com/2022/06/how-to-reverse-engineer-and-patch-ios.html
Inversecos
How to Reverse Engineer and Patch an iOS Application for Beginners: Part I
👍17❤1🥰1
Instagram credentials Stealers: Free Followers or Free Likes https://www.mcafee.com/blogs/other-blogs/mcafee-labs/instagram-credentials-stealers-free-followers-or-free-likes/
McAfee Blog
Instagram credentials Stealers: Free Followers or Free Likes | McAfee Blog
Authored by Dexter Shin Instagram has become a platform with over a billion monthly active users. Many of Instagram's users are looking to increase their
👍6🔥1
Android Malware Analysis 4: Spyware
https://www.purpl3f0xsecur1ty.tech/2022/06/02/OceanLotus_backdoor.html
https://www.purpl3f0xsecur1ty.tech/2022/06/02/OceanLotus_backdoor.html
Purpl3 F0x Secur1ty
Real-world Android Malware Analysis 4: thisisme.thisapp.inspxctor
Intro In previous blog posts, I’ve covered a couple of phishing apps that were pretty simple to reverse engineer because they weren’t very complex or heavily obfuscated. Today, we’re going to look at a backdoor with spyware capabilities that is also fairly…
👍5
Bluetooth BLE signals can be used to identify and track smartphones
https://jacobsschool.ucsd.edu/news/release/3461
https://jacobsschool.ucsd.edu/news/release/3461
jacobsschool.ucsd.edu
Bluetooth signals can be used to identify and track smartphones
A team of engineers at the University of California San Diego has demonstrated for the first time that the Bluetooth signals emitted constantly by our mobile phones have a unique fingerprint that can be used to track individuals’ movements.
🔥7👍2
Analysis of Malware Android Software Spread by Sidewinder (APT-Q-39) Using Google Play [translated]
https://mp-weixin-qq-com.translate.goog/s/LaWE4R24D7og-d7sWvsGyg?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=en
https://mp-weixin-qq-com.translate.goog/s/LaWE4R24D7og-d7sWvsGyg?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=en
🔥5
Hydra Android Malware Distributed Via Play Store
https://blog.cyble.com/2022/06/13/hydra-android-malware-distributed-via-play-store/
https://blog.cyble.com/2022/06/13/hydra-android-malware-distributed-via-play-store/
Cyble
Cyble - Fake Document Manager App Downloading Hydra Banking Trojan
Cyble analyzes a resurfaced version of Hydra malware distributed via a fake Document Manager app on the Play Store.
🔥11👍3
Analysis of Android banking Trojan MaliBot that is based on S.O.V.A banker
https://www.f5.com/labs/articles/threat-intelligence/f5-labs-investigates-malibot
https://www.f5.com/labs/articles/threat-intelligence/f5-labs-investigates-malibot
F5 Labs
F5 Labs Investigates MaliBot | F5 Labs
We found a novel malware strain that is targeting financial sites in Italy and Spain... so far.
🔥3
Doctor Web’s May 2022 review of virus activity on mobile devices
https://news.drweb.com/show/review/?lng=en&i=14500
https://news.drweb.com/show/review/?lng=en&i=14500
Dr.Web
Dr.Web — Doctor Web’s May 2022 review of virus activity on mobile devices
In May, the activity of the <vir>Android.Spy.4498</vir> trojan, which steals information from other apps’ notifications, decreased by 13.48%. However, this malware is still the most widespread Android threat. <vir>Android.HiddenAds</vir> adware trojans are…
👏6
Forwarded from The Bug Bounty Hunter
XSS Blind Stored at Asset Domain Android Apps TikTok
https://aidilarf.medium.com/xss-blind-stored-at-asset-domain-android-apps-tiktok-ae2f4c2dbc07
https://aidilarf.medium.com/xss-blind-stored-at-asset-domain-android-apps-tiktok-ae2f4c2dbc07
Medium
XSS Blind Stored at Asset Domain Android Apps TikTok
Hi everyone
🤔6👍3👏3
Lookout Uncovers Android Spyware Deployed in Kazakhstan #Hermit
https://www.lookout.com/blog/hermit-spyware-discovery
https://www.lookout.com/blog/hermit-spyware-discovery
Lookout
Lookout Uncovers Hermit Spyware Deployed in Kazakhstan | Threat Intel
Lookout researchers have uncovered enterprise-grade Android surveillanceware used by the government of Kazakhstan within its borders.
🔥13👍3
BRATA is evolving into an Advanced Persistent Threat
https://www.cleafy.com/cleafy-labs/brata-is-evolving-into-an-advanced-persistent-threat
https://www.cleafy.com/cleafy-labs/brata-is-evolving-into-an-advanced-persistent-threat
Cleafy
BRATA is evolving into an APT | Cleafy Labs
The mobile banking malware BRATA keeps evolving into an APT. Read here the new Technical Report, which explains in detail how it monitors banks' account and how to prevent it.
👍14
Android 101 (Android operating system and its internals)
https://secrary.com/android-reversing/android101/
https://secrary.com/android-reversing/android101/
👍13😁1
Tracking Android/Joker payloads with Medusa, static analysis (and patience)
https://cryptax.medium.com/tracking-android-joker-payloads-with-medusa-static-analysis-and-patience-672348b81ac2
https://cryptax.medium.com/tracking-android-joker-payloads-with-medusa-static-analysis-and-patience-672348b81ac2
Medium
Tracking Android/Joker payloads with Medusa, static analysis (and patience)
I am looking into a new sample of Android/Joker, reported on June 19, 2022 by @ReBensk:
👍20
Lab Setup for Android Pentesting on Android Emulator (M1 Macbook)
https://guptashubham.com/blog/lab-setup-for-android-pentesting-on-android-emulator-m1-macbook
https://guptashubham.com/blog/lab-setup-for-android-pentesting-on-android-emulator-m1-macbook
👍1
ARM 64 Assembly Series— Basic definitions and registers
https://valsamaras.medium.com/arm-64-assembly-series-basic-definitions-and-registers-ec8cc1334e40
https://valsamaras.medium.com/arm-64-assembly-series-basic-definitions-and-registers-ec8cc1334e40
Medium
ARM 64 Assembly Series— Basic definitions and registers
Main Definitions
👍18
Exploiting vulnerabilities in iOS Application
https://lonewolf-raj.medium.com/exploiting-vulnerabilities-in-ios-application-cf5718910c47
https://lonewolf-raj.medium.com/exploiting-vulnerabilities-in-ios-application-cf5718910c47
Medium
Exploiting vulnerabilities in iOS Application
Hello Everyone, Here I’m going to share one of my findings which I got while enumerating iOS application, below are my findings and the…
🤔10❤5💩5👍2
Spyware vendor targets users in Italy and Kazakhstan #Android #iOS #Hermit
https://blog.google/threat-analysis-group/italian-spyware-vendor-targets-users-in-italy-and-kazakhstan/
https://blog.google/threat-analysis-group/italian-spyware-vendor-targets-users-in-italy-and-kazakhstan/
Google
Spyware vendor targets users in Italy and Kazakhstan
Today, alongside Google’s Project Zero, we are detailing capabilities provided by RCS Labs, an Italian vendor that uses a combination of tactics, including atypical drive-by downloads as initial infection vectors to target mobile users on both iOS and Android.
👍14
Androscope is a collaborative Android malware encyclopedia
You can search for malware based on what they do, and if you are a reverse engineer you can contribute and add new entries to the encyclopedia. https://androscope.fortinet-cse.com/
You can search for malware based on what they do, and if you are a reverse engineer you can contribute and add new entries to the encyclopedia. https://androscope.fortinet-cse.com/
👍19
Revive: from spyware to Android banking trojan
https://www.cleafy.com/cleafy-labs/revive-from-spyware-to-android-banking-trojan
https://www.cleafy.com/cleafy-labs/revive-from-spyware-to-android-banking-trojan
Cleafy
Revive: from spyware to android banking trojan | Cleafy Labs
A new banking trojan targeting Europe has been discovered by Cleafy's Threat Intelligence Team. We dubbed it Revive and it is an evolution of simple spyware into a banking trojan, with the key capability of conducting Account Takeover attacks: here's the…
👍15
Flubot: the evolution of a notorious Android Banking Malware
https://blog.fox-it.com/2022/06/29/flubot-the-evolution-of-a-notorious-android-banking-malware/
https://blog.fox-it.com/2022/06/29/flubot-the-evolution-of-a-notorious-android-banking-malware/
Fox-IT International blog
Flubot: the evolution of a notorious Android Banking Malware
Authored by Alberto Segura (main author) and Rolf Govers (co-author) Summary Flubot is an Android based malware that has been distributed in the past 1.5 years inEurope, Asia and Oceania affecting …
👍19