Top Android malware threats of June, 2019
Full list - http://skptr.me/malware_timeline_2019.html
Download samples - https://github.com/sk3ptre/AndroidMalware_2019/blob/master/README.md
Full list - http://skptr.me/malware_timeline_2019.html
Download samples - https://github.com/sk3ptre/AndroidMalware_2019/blob/master/README.md
GitHub
AndroidMalware_2019/README.md at master · sk3ptre/AndroidMalware_2019
Popular Android threats in 2019. Contribute to sk3ptre/AndroidMalware_2019 development by creating an account on GitHub.
Android Security Bulletin—July 2019
The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
Stay updated, stay secure.
https://source.android.com/security/bulletin/2019-07-01.html#2019-07-01-details
The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
Stay updated, stay secure.
https://source.android.com/security/bulletin/2019-07-01.html#2019-07-01-details
FridaLoader - One click tool to download and launch the latest version of the Frida x86 Server on a Genymotion emulator. #tool
https://github.com/dineshshetty/FridaLoader
https://github.com/dineshshetty/FridaLoader
GitHub
GitHub - dineshshetty/FridaLoader: A quick and dirty app to download and launch Frida on Genymotion and rooted Physical Android…
A quick and dirty app to download and launch Frida on Genymotion and rooted Physical Android Devices - dineshshetty/FridaLoader
New version of WannaLocker, the WannaCry copycat for mobile, which bundles spyware, remote-access-Trojan (RAT) malware, and banking Trojan malware in one nasty package.
https://blog.avast.com/wannalocker-targets-banks-in-brazil
https://blog.avast.com/wannalocker-targets-banks-in-brazil
Avast
WannaLocker targets banks in Brazil – Avast
Find out how Avast threat researcher Nikolaos Chrysaidos tracked a new version of malware that combines spyware, remote-access-Trojan malware, and banking Trojan malware
Did you know that app developer on Google Play can based on user localization change app icon?
https://twitter.com/LukasStefanko/status/1145952428887543810
https://twitter.com/LukasStefanko/status/1145952428887543810
Twitter
Lukas Stefanko
Did you know that app developer on Google Play can based on user localization change app icon? These two same apps use different icon. One of them mimics original Minecraft. Screenshots: Spain vs. USA Founds by @hugofqbo
China Is Forcing Tourists to Install Text-Stealing Malware at its Border
The malware downloads a tourist’s text messages, calendar entries, and phone logs, as well as scans the device for over 70,000 different files.
https://www.vice.com/amp/en_us/article/7xgame/at-chinese-border-tourists-forced-to-install-a-text-stealing-piece-of-malware
APK: https://github.com/motherboardgithub/bxaq
The malware downloads a tourist’s text messages, calendar entries, and phone logs, as well as scans the device for over 70,000 different files.
https://www.vice.com/amp/en_us/article/7xgame/at-chinese-border-tourists-forced-to-install-a-text-stealing-piece-of-malware
APK: https://github.com/motherboardgithub/bxaq
Vice
China Is Forcing Tourists to Install Text-Stealing Malware at its Border
The malware downloads a tourist’s text messages, calendar entries, and phone logs, as well as scans the device for over 70,000 different files.
Vulnerabilities in smart home hub allows hacker to open front door locks. #IoT
https://blackmarble.sh/zipato-smart-hub/
https://blackmarble.sh/zipato-smart-hub/
BlackMarble
Breaking & Entering with Zipato SmartHubs
Breaking & Entering with Zipato SmartHubs using Pass-The-Hash vulnerability to unlock doors remotely.
“Watering Hole” is a cyber attack strategy in which the victim is a particular group (organization, industry, or region).
In this attack, the attacker typically observes which websites or apps the group uses and infects one or more of them with malware.
https://blog.zimperium.com/the-mobile-watering-hole-how-a-sip-leads-to-a-trojan-compromise/
In this attack, the attacker typically observes which websites or apps the group uses and infects one or more of them with malware.
https://blog.zimperium.com/the-mobile-watering-hole-how-a-sip-leads-to-a-trojan-compromise/
Zimperium Mobile Security Blog
How a Sip Leads to a Trojan Compromise | Mobile Watering Hole
The Watering Holes attack vector can be very effective. Once the application is on the device, we have shown how the espionage actions are easy to perform.
HiddenApp adware found again on Google Play with 100k+ installs
https://twitter.com/s_metanka/status/1146113662169563137?s=19
https://twitter.com/s_metanka/status/1146113662169563137?s=19
Twitter
smtnk
Icon-hiding #Android adware, 100,000+ installs https://t.co/GAsrSYEyhV @GooglePlay
Security of messaging apps
https://drive.google.com/file/d/1TkBq8Y8pBmNM-uBV3p5TyMF_ZAWVTyVY/view
https://drive.google.com/file/d/1TkBq8Y8pBmNM-uBV3p5TyMF_ZAWVTyVY/view
Google Docs
recon_slides_2019.pdf
Analysis of a new wave of Android malware family - BianLian
https://www.fortinet.com/blog/threat-research/new-wave-bianlian-malware.html
https://www.fortinet.com/blog/threat-research/new-wave-bianlian-malware.html
Fortinet Blog
BianLian: A New Wave Emerges
The FortiGuard Labs team has encountered a new version of the BianLian malware family with new functionalities and unseen techniques to hide its true functionality. Read more about this breaking th…
iMessage: malformed message bricks iPhone.
Vulnerability was fixed in the 12.3 update.
https://bugs.chromium.org/p/project-zero/issues/detail?id=1826
Vulnerability was fixed in the 12.3 update.
https://bugs.chromium.org/p/project-zero/issues/detail?id=1826
Seven HiddenApp Trojans with 550k+ installs found on Google Play
https://twitter.com/virqdroid/status/1146718450393473024
https://twitter.com/virqdroid/status/1146718450393473024
Twitter
Nikolaos Chrysaidos
Seven more adware applications in @GooglePlay - that are hiding the icon with 550k+ Installations. Similar to @s_metanka findings. @apklabio
Unpatched vulnerability in Firefox for Android
Opening an HTML or SVG attachment received via WhatsApp could allow remote attackers to steal files saved in your WhatsApp folder (other received files).
https://twitter.com/evaristegal0is/status/1146455296673538048
Opening an HTML or SVG attachment received via WhatsApp could allow remote attackers to steal files saved in your WhatsApp folder (other received files).
https://twitter.com/evaristegal0is/status/1146455296673538048
Twitter
If you use WhatsApp and Firefox (or Tor) on Android, do not open with Firefox the received HTML or SVG files via WhatsApp. An attacker can easily steal your documents sent via WhatsApp, saved in the directory "WhatsApp Documents/Sent". I hope the Mozilla…
4shared Android app triggers suspicious background activity generating fake clicks and subnoscriptions
https://www.upstreamsystems.com/secure-d-uncovers-4shared-android-app-triggers-suspicious-background-activity-generating-fake-clicks-subnoscriptions/
https://www.upstreamsystems.com/secure-d-uncovers-4shared-android-app-triggers-suspicious-background-activity-generating-fake-clicks-subnoscriptions/
Upstream
Secure-D uncovers 4shared Android app triggers suspicious background activity generating fake clicks and subnoscriptions - Upstream
Upstream’s security lab, Secure-D, has unveiled that 4shared, a popular file sharing and storage Android app hides suspicious background activity.