Android backdoors discovered in the system partition of budget Android device models that are counterfeit versions of famous brand-name models (P48pro, radmi note 8, Note30u, Mate40)
https://news.drweb.com/show/?i=14542&lng=en
https://news.drweb.com/show/?i=14542&lng=en
Dr.Web
Doctor Web identifies attack on WhatsApp and WhatsApp Business messengers installed on counterfeit Android devices
Doctor Web reports that it has discovered backdoors in the system partition of budget Android device models that are counterfeit versions of famous brand-name models. These trojans target arbitrary code execution in the WhatsApp and WhatsApp Business messaging…
👍13😁2
apk-yara-checker - a CLI tool to check Yara rules against a folder of APK files
https://github.com/segura2010/apk-yara-checker
https://github.com/segura2010/apk-yara-checker
GitHub
GitHub - segura2010/apk-yara-checker: 'apk-yara-checker' is a little CLI tool written in Rust to check Yara rules against a folder…
'apk-yara-checker' is a little CLI tool written in Rust to check Yara rules against a folder of APK files. - segura2010/apk-yara-checker
👍11❤2🔥1
DirtyCred - New Privilege Escalation Vulnerability in Linux and Android
https://github.com/Markakd/DirtyCred
Slides: https://i.blackhat.com/USA-22/Thursday/US-22-Lin-Cautious-A-New-Exploitation-Method.pdf
https://github.com/Markakd/DirtyCred
Slides: https://i.blackhat.com/USA-22/Thursday/US-22-Lin-Cautious-A-New-Exploitation-Method.pdf
GitHub
GitHub - Markakd/DirtyCred: Kernel exploitation technique
Kernel exploitation technique. Contribute to Markakd/DirtyCred development by creating an account on GitHub.
👍18🔥1
Chaining bugs in Telegram for Android app to steal session-related files
https://dphoeniixx.medium.com/chaining-telegram-bugs-to-steal-session-related-files-c90eac4749bd
https://dphoeniixx.medium.com/chaining-telegram-bugs-to-steal-session-related-files-c90eac4749bd
Medium
Chaining Telegram bugs to steal session-related files.
We will discuss the chaining of two bugs on the telegram android application, which can make malicious applications steal internal telegram…
👍13🤔5🔥3
Hacking Iranian banking apps-Part 1 https://medium.com/@ralireza/hacking-iranian-banking-apps-part-1-96168ff09d42
Medium
Hacking Iranian banking apps-Part 1
In the first part, we are going to examine the top 10 basic security factors in 18 Iranian banking apps to see how strong their walls are
👍23👎10👏2
Adware found on Google Play — PDF Reader servicing up full screen ads
https://www.malwarebytes.com/blog/news/2022/08/adware-found-on-google-play-pdf-reader-servicing-up-full-screen-ads
https://www.malwarebytes.com/blog/news/2022/08/adware-found-on-google-play-pdf-reader-servicing-up-full-screen-ads
Malwarebytes
Adware found on Google Play — PDF Reader serving up full screen ads
A PDF reader found on Google Play with over one million downloads is aggressively displaying full screen ads, even when the...
👍6🔥1
How to unpack Android malware with Medusa tool
https://youtu.be/D2-jREzCE9k
https://youtu.be/D2-jREzCE9k
YouTube
Unpacking Android malware with Medusa
In this video, we unpack a malicious sample of Android/Joker with an open source tool named Medusa. This tool is dynamic, based on Frida. We select hooks to display unobfuscated strings, dump dynamic DEX and URLs.
A similar demo was presented in French at…
A similar demo was presented in French at…
👍22👏2
A technical analysis of Pegasus for Android – Part 1
https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-1/
https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-1/
👍14🥱4
Analysis of iOS SingPass app and its RASP protector - part 1
https://www.romainthomas.fr/post/22-08-singpass-rasp-analysis/
https://www.romainthomas.fr/post/22-08-singpass-rasp-analysis/
Romain Thomas
Part 1 – SingPass RASP Analysis | Romain Thomas
This first blog post introduces the RASP checks used in SingPass
👍18
Zanubis LATAM Banking Trojan https://www.entdark.net/2022/09/zanubis-latam-banking-trojan.html
👍13
Vulnerability in TikTok Android app could lead to one-click account hijacking http://www.microsoft.com/security/blog/2022/08/31/vulnerability-in-tiktok-android-app-could-lead-to-one-click-account-hijacking/
Microsoft News
Vulnerability in TikTok Android app could lead to one-click account hijacking
Microsoft discovered a high-severity vulnerability in the TikTok Android application, now identified as CVE-2022-28799 and fixed by TikTok, which could have allowed attackers to compromise users' accounts with a single click.
👍20
Detailed technical analysis of SOVA Android malware
https://muha2xmad.github.io/malware-analysis/sova/
https://muha2xmad.github.io/malware-analysis/sova/
muha2xmad
Technical analysis of SOVA android malware
بسم الله الرحمن الرحيم
👍11❤3
Mobile App Supply Chain Vulnerabilities Could Endanger Sensitive Business Information
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mobile-supply-chain-aws
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mobile-supply-chain-aws
Security
Mobile App Supply Chain Vulnerabilities Could Endanger Sensitive Business Information
Over three-quarters of the apps Symantec analyzed contained valid AWS access tokens that allowed access to private AWS cloud services.
👍8🔥1
Sharkbot Trojan is back in Google Play
https://blog.fox-it.com/2022/09/02/sharkbot-is-back-in-google-play/
https://blog.fox-it.com/2022/09/02/sharkbot-is-back-in-google-play/
Fox-IT International blog
Sharkbot is back in Google Play
Authored by Alberto Segura (main author) and Mike Stokkel (co-author) Introduction After we discovered in February 2022 the SharkBotDropper in Google Play posing as a fake Android antivirus and cle…
👍16😁2❤1
Technical analysis of SharkBot android malware
https://muha2xmad.github.io/malware-analysis/sharkbot/
https://muha2xmad.github.io/malware-analysis/sharkbot/
muha2xmad
Technical analysis of SharkBot android malware
بسم الله الرحمن الرحيم
👍13❤2
Android Malware Disguised as “The China Freedom Trap” & Stealing Neighboring Cell Information
https://blog.cyble.com/2022/09/05/spyware-campaign-targeting-the-uyghur-community/
https://blog.cyble.com/2022/09/05/spyware-campaign-targeting-the-uyghur-community/
👍10😱5👎2
The Rise in Incidence of Fake e-shop Scams that provide malicious banking Android apps
https://blog.cyble.com/2022/09/08/the-rise-in-incidence-of-fake-e-shop-scams/
https://blog.cyble.com/2022/09/08/the-rise-in-incidence-of-fake-e-shop-scams/
👍11
Access to arbitrary file of the Nextcloud Android app from within the Nextcloud Android app
https://hackerone.com/reports/1408692
https://hackerone.com/reports/1408692
HackerOne
Nextcloud disclosed on HackerOne: Access to arbitrary file of the...
Security advisory at https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vw2w-gpcv-v39f
👍11❤1
Analysis of a recent campaign conducted by APT42 group (APT35, Charming Kitten, ITG18, Yellow Garuda, Phosphorus, TA453) targets Iranian citizens
https://www.mandiant.com/media/17826
https://www.mandiant.com/media/17826
Mandiant
Mandiant APT 42 Report | Mandiant
👍11
Attacking the Android kernel using the Qualcomm TrustZone
https://tamirzb.com/attacking-android-kernel-using-qualcomm-trustzone
https://tamirzb.com/attacking-android-kernel-using-qualcomm-trustzone
Tamir Zahavi-Brunner’s Blog
Attacking the Android kernel using the Qualcomm TrustZone
In this post I describe a somewhat unique Android kernel exploit, which utilizes the TrustZone in order to compromise the kernel.
👍19🔥1
Harly - a new Trojan discovered on Google Play secretly subscribe users to paid services. It is similar to Joker and dates back to 2020.
https://twitter.com/sh1shk0va/status/1570021797697032197
https://twitter.com/sh1shk0va/status/1570021797697032197
X (formerly Twitter)
Tatyana Shishkova (@sh1shk0va) on X
New Trojans on Google Play that secretly subscribe users to paid services - we called this family Harly. Similar to Joker and dates back to 2020, the current campaign is targeting users in Thailand.
https://t.co/fSKyY62FKD
https://t.co/mHfFJ6aavy
https://t.co/fSKyY62FKD
https://t.co/mHfFJ6aavy
👍11🤔6👏1💯1