Android FOSS Apps List
List of open source Android applications for “de-google, de-samsung, de-microsoft, de-nsa etc.” your mobile phone
https://brainfucksec.github.io/android-foss-apps-list
List of open source Android applications for “de-google, de-samsung, de-microsoft, de-nsa etc.” your mobile phone
https://brainfucksec.github.io/android-foss-apps-list
brainfucksec
Android FOSS Apps List
Update: 10 March 2024 List of open source Android applications for “de-google, de-samsung, de-microsoft, de-nsa, de-china-malware etc. etc.” your mobile phone, as always, the list is written in a KISS simple way. The apps in the list are divided by category…
👍19🥰8❤1
New HiddenAds malware affects 1M+ users and hides on the Google Play Store
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-hiddenads-malware-that-runs-automatically-and-hides-on-google-play-1m-users-affected/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-hiddenads-malware-that-runs-automatically-and-hides-on-google-play-1m-users-affected/
McAfee Blog
New HiddenAds malware affects 1M+ users and hides on the Google Play Store | McAfee Blog
Authored by Dexter Shin McAfee's Mobile Research Team has identified new malware on the Google Play Store. Most of them are disguising themselves as
🤩6👍4👎2
DawDropper - Analysis Of New Android Banking Dropper that was available on Google Play
https://www.trendmicro.com/en_us/research/22/g/examining-new-dawdropper-banking-dropper-and-daas-on-the-dark-we.html
https://www.trendmicro.com/en_us/research/22/g/examining-new-dawdropper-banking-dropper-and-daas-on-the-dark-we.html
Trend Micro
Examining New DawDropper Banking Dropper and DaaS on the Dark Web
👍16🔥3
ARM 64 Assembly Series — Data Processing (Part 1)
https://valsamaras.medium.com/arm-64-assembly-series-data-processing-part-1-b6f6f877c56b
https://valsamaras.medium.com/arm-64-assembly-series-data-processing-part-1-b6f6f877c56b
Medium
ARM 64 Assembly Series — Data Processing (Part 1)
Previous posts: Basic definitions and registers, lab setup, offset and addressing modes, Load And Store, Branch
👏10👍4🔥3
Finding bugs in the Linux Kernel Bluetooth Subsystem: Exploiting HCI socket cookie generation
Part 1: https://itayie.me/linux/2022/07/29/finding-bugs-in-the-linux-kernel-bt-subsystem-part-2.html
Part 2: https://itayie.me/linux/2022/07/29/finding-bugs-in-the-linux-kernel-bt-subsystem-part-1.html
Part 1: https://itayie.me/linux/2022/07/29/finding-bugs-in-the-linux-kernel-bt-subsystem-part-2.html
Part 2: https://itayie.me/linux/2022/07/29/finding-bugs-in-the-linux-kernel-bt-subsystem-part-1.html
Itay Iellin
Finding bugs in the Linux Kernel Bluetooth Subsystem: Exploiting HCI socket cookie generation
Introduction
👍10
JusTalk app left a huge database of unencrypted private messages publicly exposed to the internet without a password for months
https://techcrunch.com/2022/07/26/justalk-spilled-millions-of-user-messages-and-locations-for-months/
https://techcrunch.com/2022/07/26/justalk-spilled-millions-of-user-messages-and-locations-for-months/
TechCrunch
JusTalk spilled millions of user messages and locations for months
The messaging app left a huge database of unencrypted private messages online but without a password for months.
👍12😱7
ARM 64 Assembly Series — Data Processing (Part 2)
https://valsamaras.medium.com/arm-64-assembly-series-data-processing-part-2-3d0526dc07b6
https://valsamaras.medium.com/arm-64-assembly-series-data-processing-part-2-3d0526dc07b6
Medium
ARM 64 Assembly Series — Data Processing (Part 2)
Previous posts: Basic definitions and registers, lab setup, offset and addressing modes, Load And Store, Branch, Data Processing Part 1
👍15
SpyNote – An Analysis of Android Spyware that targeted Indian Army personnel via WhatsApp
https://labs.k7computing.com/index.php/spynote-an-android-snooper/
https://labs.k7computing.com/index.php/spynote-an-android-snooper/
K7 Labs
SpyNote – An Android Snooper
Threat actors are constantly using new tricks and tactics to target users across the globe. This blog is about SpyNote, […]
👍21🤯3😱2🥱2
Detailed analysis of an Android in-the-wild 0-day exploit developed by surveillance vendor Wintego (CVE-2021-0920)
https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html
https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html
Blogspot
The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)
A deep dive into an in-the-wild Android exploit Guest Post by Xingyu Jin, Android Security Research This is part one of a two-part guest...
👍17👏2
iOS Privacy: Instagram and Facebook can track anything you do on any website in their in-app browser
https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser
https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser
👍14🔥4😁4
SOVA v4 and v5 - Android Banking Trojan is back and is evolving rapidly
https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
Cleafy
SOVA malware is back and is evolving rapidly | Cleafy Labs
SOVA, a new Android Banking Trojan, is spreading across Europe. Already appeared in different versions, this malware is now evolving, and it is targeting more than 200 mobile applications, ranging from banking apps to crypto exchanges/wallets. Here's the…
👍15
Attacking Pixel's Titan M with Only One Byte (CVE-2022-20233) and getting 75,000 USD bounty
https://blog.quarkslab.com/attacking-titan-m-with-only-one-byte.html
https://blog.quarkslab.com/attacking-titan-m-with-only-one-byte.html
Quarkslab
Attacking Titan M with Only One Byte - Quarkslab's blog
Following our presentation at Black Hat USA, in this blog post we provide some details on CVE-2022-20233, the latest vulnerability we found on Titan M, and how we exploited it to obtain code execution on the chip.
🔥39👍6
Google Reimagined a Phone. It’s Our Job to Red Team & Secure it
https://i.blackhat.com/USA-22/Wednesday/US-22-Karimi-Google-Reimagined-A-Phone.pdf
https://i.blackhat.com/USA-22/Wednesday/US-22-Karimi-Google-Reimagined-A-Phone.pdf
👍16😁2
Mobile threat evolution in Q2 2022
https://securelist.com/it-threat-evolution-in-q2-2022-mobile-statistics/107123/
https://securelist.com/it-threat-evolution-in-q2-2022-mobile-statistics/107123/
Securelist
IT threat evolution in Q2 2022. Mobile statistics
In Q2 2022, we detected 405,684 mobile malware installation packages, of which 55,614 packages were related to mobile banking trojans, and 3,821 packages were mobile ransomware trojans.
👍13
Practical ARM64 (selections and loops)
https://valsamaras.medium.com/practical-arm64-selections-and-loops-89f9a0e7e395
https://valsamaras.medium.com/practical-arm64-selections-and-loops-89f9a0e7e395
Medium
Practical ARM64 (selections and loops)
So far we went trough the most important instructions of the AArch64 instruction set and it is time to move to something more practical. In…
👍9
Business model with fake Android smartphones on Aliexpress https://blog.zecops.com/research/fake-droids-your-new-android-device-is-actually-an-old-android-6/
ZecOps Blog
Fake Droids: Your New Android Device is Actually an Old Android 6 - ZecOps Blog
During a Digital Forensics investigation, ZecOps made an interesting finding: a cheap burner device that purported to be an Android 10 was actually an old Android 6. In the first part of the series, we presented how attackers can ‘fake’ the shutdown screen…
👍15🤬5😁2⚡1
Bugdrop: the first malware trying to circumvent Google's security Controls
https://www.threatfabric.com/blogs/bugdrop-new-dropper-bypassing-google-security-measures.html
https://www.threatfabric.com/blogs/bugdrop-new-dropper-bypassing-google-security-measures.html
Threatfabric
BugDrop: the first malware trying to circumvent Google's security Controls
Analysis of the group behind Xenomorph and Gymdrop
👍14🔥2😁2❤1
InAppBrowsers - see what JavaScript commands get injected through an in-app browser
TikTok, when opening any website in their app, injects tracking code that can monitor all keystrokes, including passwords, and all taps
https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javanoscript-commands-get-executed-in-an-in-app-browser
TikTok, when opening any website in their app, injects tracking code that can monitor all keystrokes, including passwords, and all taps
https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javanoscript-commands-get-executed-in-an-in-app-browser
🤮15👍8😁2
Exported component Vulnerability found in Ring Android App That Could Expose Users’ Camera Recordings
https://checkmarx.com/blog/amazon-quickly-fixed-a-vulnerability-in-ring-android-app-that-could-expose-users-camera-recordings/
https://checkmarx.com/blog/amazon-quickly-fixed-a-vulnerability-in-ring-android-app-that-could-expose-users-camera-recordings/
Checkmarx.com
Amazon Quickly Fixed a Vulnerability in Ring Android App That Could Expose Users’ Camera Recordings
Researchers at Checkmarx found that the Ring Android app could have allowed a malicious application installed on the user’s phone to expose their personal data, geolocation, and camera recordings.
👍13👏1
Malicious apps on Google Play: 35 applications found snuck into the Play Store, totaling over two million downloads
https://www.bitdefender.com/blog/labs/real-time-behavior-based-detection-on-android-reveal-dozens-of-malicious-apps-on-google-play-store/
https://www.bitdefender.com/blog/labs/real-time-behavior-based-detection-on-android-reveal-dozens-of-malicious-apps-on-google-play-store/
Bitdefender Labs
Real-Time Behavior-Based Detection on Android Reveals Dozens of Malicious Apps on Google Play Store
Note: all applications mentioned in this research have been taken down and are
no longer accessible.
no longer accessible.
👍17🔥5😁1