iOS Privacy: Instagram and Facebook can track anything you do on any website in their in-app browser
https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser
https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser
👍14🔥4😁4
SOVA v4 and v5 - Android Banking Trojan is back and is evolving rapidly
https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly
Cleafy
SOVA malware is back and is evolving rapidly | Cleafy Labs
SOVA, a new Android Banking Trojan, is spreading across Europe. Already appeared in different versions, this malware is now evolving, and it is targeting more than 200 mobile applications, ranging from banking apps to crypto exchanges/wallets. Here's the…
👍15
Attacking Pixel's Titan M with Only One Byte (CVE-2022-20233) and getting 75,000 USD bounty
https://blog.quarkslab.com/attacking-titan-m-with-only-one-byte.html
https://blog.quarkslab.com/attacking-titan-m-with-only-one-byte.html
Quarkslab
Attacking Titan M with Only One Byte - Quarkslab's blog
Following our presentation at Black Hat USA, in this blog post we provide some details on CVE-2022-20233, the latest vulnerability we found on Titan M, and how we exploited it to obtain code execution on the chip.
🔥39👍6
Google Reimagined a Phone. It’s Our Job to Red Team & Secure it
https://i.blackhat.com/USA-22/Wednesday/US-22-Karimi-Google-Reimagined-A-Phone.pdf
https://i.blackhat.com/USA-22/Wednesday/US-22-Karimi-Google-Reimagined-A-Phone.pdf
👍16😁2
Mobile threat evolution in Q2 2022
https://securelist.com/it-threat-evolution-in-q2-2022-mobile-statistics/107123/
https://securelist.com/it-threat-evolution-in-q2-2022-mobile-statistics/107123/
Securelist
IT threat evolution in Q2 2022. Mobile statistics
In Q2 2022, we detected 405,684 mobile malware installation packages, of which 55,614 packages were related to mobile banking trojans, and 3,821 packages were mobile ransomware trojans.
👍13
Practical ARM64 (selections and loops)
https://valsamaras.medium.com/practical-arm64-selections-and-loops-89f9a0e7e395
https://valsamaras.medium.com/practical-arm64-selections-and-loops-89f9a0e7e395
Medium
Practical ARM64 (selections and loops)
So far we went trough the most important instructions of the AArch64 instruction set and it is time to move to something more practical. In…
👍9
Business model with fake Android smartphones on Aliexpress https://blog.zecops.com/research/fake-droids-your-new-android-device-is-actually-an-old-android-6/
ZecOps Blog
Fake Droids: Your New Android Device is Actually an Old Android 6 - ZecOps Blog
During a Digital Forensics investigation, ZecOps made an interesting finding: a cheap burner device that purported to be an Android 10 was actually an old Android 6. In the first part of the series, we presented how attackers can ‘fake’ the shutdown screen…
👍15🤬5😁2⚡1
Bugdrop: the first malware trying to circumvent Google's security Controls
https://www.threatfabric.com/blogs/bugdrop-new-dropper-bypassing-google-security-measures.html
https://www.threatfabric.com/blogs/bugdrop-new-dropper-bypassing-google-security-measures.html
Threatfabric
BugDrop: the first malware trying to circumvent Google's security Controls
Analysis of the group behind Xenomorph and Gymdrop
👍14🔥2😁2❤1
InAppBrowsers - see what JavaScript commands get injected through an in-app browser
TikTok, when opening any website in their app, injects tracking code that can monitor all keystrokes, including passwords, and all taps
https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javanoscript-commands-get-executed-in-an-in-app-browser
TikTok, when opening any website in their app, injects tracking code that can monitor all keystrokes, including passwords, and all taps
https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javanoscript-commands-get-executed-in-an-in-app-browser
🤮15👍8😁2
Exported component Vulnerability found in Ring Android App That Could Expose Users’ Camera Recordings
https://checkmarx.com/blog/amazon-quickly-fixed-a-vulnerability-in-ring-android-app-that-could-expose-users-camera-recordings/
https://checkmarx.com/blog/amazon-quickly-fixed-a-vulnerability-in-ring-android-app-that-could-expose-users-camera-recordings/
Checkmarx.com
Amazon Quickly Fixed a Vulnerability in Ring Android App That Could Expose Users’ Camera Recordings
Researchers at Checkmarx found that the Ring Android app could have allowed a malicious application installed on the user’s phone to expose their personal data, geolocation, and camera recordings.
👍13👏1
Malicious apps on Google Play: 35 applications found snuck into the Play Store, totaling over two million downloads
https://www.bitdefender.com/blog/labs/real-time-behavior-based-detection-on-android-reveal-dozens-of-malicious-apps-on-google-play-store/
https://www.bitdefender.com/blog/labs/real-time-behavior-based-detection-on-android-reveal-dozens-of-malicious-apps-on-google-play-store/
Bitdefender Labs
Real-Time Behavior-Based Detection on Android Reveals Dozens of Malicious Apps on Google Play Store
Note: all applications mentioned in this research have been taken down and are
no longer accessible.
no longer accessible.
👍17🔥5😁1
Forwarded from The Bug Bounty Hunter
Intercept Flutter traffic on iOS and Android (HTTP/HTTPS/Dio Pinning)
https://blog.nviso.eu/2022/08/18/intercept-flutter-traffic-on-ios-and-android-http-https-dio-pinning/
https://blog.nviso.eu/2022/08/18/intercept-flutter-traffic-on-ios-and-android-http-https-dio-pinning/
NVISO Labs
Intercept Flutter traffic on iOS and Android (HTTP/HTTPS/Dio Pinning)
This post explains how to bypass TLS verification on Flutter apps, including bypassing Dio Pinning.
👍20🔥2👎1🥰1
Technical analysis of the MoqHao (a.k.a RoamingMantis) Android malware and its phishing campaign
https://www.xanhacks.xyz/p/moqhao-malware-analysis/
https://www.xanhacks.xyz/p/moqhao-malware-analysis/
xanhacks' infosec blog
MoqHao Android malware analysis and phishing campaign
Technical analysis of the MoqHao (a.k.a RoamingMantis) Android malware and phishing campaign
👍13
If you want to give Android malware RE a start, here is a list of diverse (not boring) Android malware samples
https://maldroid.github.io/android-malware-samples/
https://maldroid.github.io/android-malware-samples/
android-malware-samples
Not so boring Android malware
A collection of interesting and diverse Android malware samples
👍23🥰2
Android backdoors discovered in the system partition of budget Android device models that are counterfeit versions of famous brand-name models (P48pro, radmi note 8, Note30u, Mate40)
https://news.drweb.com/show/?i=14542&lng=en
https://news.drweb.com/show/?i=14542&lng=en
Dr.Web
Doctor Web identifies attack on WhatsApp and WhatsApp Business messengers installed on counterfeit Android devices
Doctor Web reports that it has discovered backdoors in the system partition of budget Android device models that are counterfeit versions of famous brand-name models. These trojans target arbitrary code execution in the WhatsApp and WhatsApp Business messaging…
👍13😁2
apk-yara-checker - a CLI tool to check Yara rules against a folder of APK files
https://github.com/segura2010/apk-yara-checker
https://github.com/segura2010/apk-yara-checker
GitHub
GitHub - segura2010/apk-yara-checker: 'apk-yara-checker' is a little CLI tool written in Rust to check Yara rules against a folder…
'apk-yara-checker' is a little CLI tool written in Rust to check Yara rules against a folder of APK files. - segura2010/apk-yara-checker
👍11❤2🔥1
DirtyCred - New Privilege Escalation Vulnerability in Linux and Android
https://github.com/Markakd/DirtyCred
Slides: https://i.blackhat.com/USA-22/Thursday/US-22-Lin-Cautious-A-New-Exploitation-Method.pdf
https://github.com/Markakd/DirtyCred
Slides: https://i.blackhat.com/USA-22/Thursday/US-22-Lin-Cautious-A-New-Exploitation-Method.pdf
GitHub
GitHub - Markakd/DirtyCred: Kernel exploitation technique
Kernel exploitation technique. Contribute to Markakd/DirtyCred development by creating an account on GitHub.
👍18🔥1
Chaining bugs in Telegram for Android app to steal session-related files
https://dphoeniixx.medium.com/chaining-telegram-bugs-to-steal-session-related-files-c90eac4749bd
https://dphoeniixx.medium.com/chaining-telegram-bugs-to-steal-session-related-files-c90eac4749bd
Medium
Chaining Telegram bugs to steal session-related files.
We will discuss the chaining of two bugs on the telegram android application, which can make malicious applications steal internal telegram…
👍13🤔5🔥3
Hacking Iranian banking apps-Part 1 https://medium.com/@ralireza/hacking-iranian-banking-apps-part-1-96168ff09d42
Medium
Hacking Iranian banking apps-Part 1
In the first part, we are going to examine the top 10 basic security factors in 18 Iranian banking apps to see how strong their walls are
👍23👎10👏2
Adware found on Google Play — PDF Reader servicing up full screen ads
https://www.malwarebytes.com/blog/news/2022/08/adware-found-on-google-play-pdf-reader-servicing-up-full-screen-ads
https://www.malwarebytes.com/blog/news/2022/08/adware-found-on-google-play-pdf-reader-servicing-up-full-screen-ads
Malwarebytes
Adware found on Google Play — PDF Reader serving up full screen ads
A PDF reader found on Google Play with over one million downloads is aggressively displaying full screen ads, even when the...
👍6🔥1
How to unpack Android malware with Medusa tool
https://youtu.be/D2-jREzCE9k
https://youtu.be/D2-jREzCE9k
YouTube
Unpacking Android malware with Medusa
In this video, we unpack a malicious sample of Android/Joker with an open source tool named Medusa. This tool is dynamic, based on Frida. We select hooks to display unobfuscated strings, dump dynamic DEX and URLs.
A similar demo was presented in French at…
A similar demo was presented in French at…
👍22👏2