A TECHNICAL ANALYSIS OF PEGASUS FOR ANDROID – PART 3
https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-3/
https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-3/
👍8
A vulnerability in the Galaxy Store allows attackers through an XSS to cause the store to install and launch an application
https://ssd-disclosure.com/ssd-advisory-galaxy-store-applications-installation-launching-without-user-interaction/
https://ssd-disclosure.com/ssd-advisory-galaxy-store-applications-installation-launching-without-user-interaction/
SSD Secure Disclosure
SSD Advisory – Galaxy Store Applications Installation/Launching without User Interaction - SSD Secure Disclosure
A vulnerability in the Galaxy Store allows attackers through an XSS to cause the store to install and/or launch an application, allowing remote attackers to trigger a remote command execution in the phone.
👍18
Drinik Android Malware Returns With Advanced Capabilities Targeting Indian Taxpayers
https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/
https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/
👍9🔥3
New SandStrike spyware infects Android devices via malicious VPN app
https://www.bleepingcomputer.com/news/security/new-sandstrike-spyware-infects-android-devices-via-malicious-vpn-app/
https://www.bleepingcomputer.com/news/security/new-sandstrike-spyware-infects-android-devices-via-malicious-vpn-app/
BleepingComputer
New SandStrike spyware infects Android devices via malicious VPN app
Threat actors are using a newly discovered spyware known as SandStrike and delivered via a malicious VPN application to target Persian-speaking Android users.
👍11😢3
Malware on the Google Play store leads to harmful phishing sites
https://www.malwarebytes.com/blog/news/2022/11/malware-on-the-google-play-store-leads-to-harmful-phishing-sites
https://www.malwarebytes.com/blog/news/2022/11/malware-on-the-google-play-store-leads-to-harmful-phishing-sites
Malwarebytes
Malware on the Google Play store leads to harmful phishing sites
A family of malicious apps from developer Mobile apps Group are on Google Play infected with HiddenAds.
👍17
Pixel 6 bootloader: Emulation, ROP (part 2)
https://eshard.com/posts/pixel6bootloader-2
https://eshard.com/posts/pixel6bootloader-2
👍10😁1
Analysis of SOVA Android Banking Trojan
https://kratikal.com/blog/sova-a-new-android-banking-trojan/
https://kratikal.com/blog/sova-a-new-android-banking-trojan/
👍11👎1
A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain
https://googleprojectzero.blogspot.com/2022/11/a-very-powerful-clipboard-samsung-in-the-wild-exploit-chain.html
https://googleprojectzero.blogspot.com/2022/11/a-very-powerful-clipboard-samsung-in-the-wild-exploit-chain.html
Blogspot
A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain
Posted by Maddie Stone, Project Zero Note : The three vulnerabilities discussed in this blog were all fixed in Samsung’s March 2021 re...
❤18👍4
Massive Phishing Campaigns Target India Banks’ Clients
https://www.trendmicro.com/en_us/research/22/k/massive-phishing-campaigns-target-india-banks-clients.html
https://www.trendmicro.com/en_us/research/22/k/massive-phishing-campaigns-target-india-banks-clients.html
Trend Micro
Massive Phishing Campaigns Target India Banks’ Clients
👍11
Vulnerability affecting seemingly all Google Pixel phones allows to bypass lock screen protection (Bounty: $70K, CVE-2022-20465)
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/
bugs.xdavidhu.me
Accidental $70k Google Pixel Lock Screen Bypass
David Schütz's bug bounty writeups
👍21🤯7😐7
Lookout Discovers Long-running Surveillance Campaigns Targeting Uyghurs
https://www.lookout.com/blog/uyghur-surveillance-campaign-badbazaar-moonshine
https://www.lookout.com/blog/uyghur-surveillance-campaign-badbazaar-moonshine
Lookout
Lookout Discovers Surveillance Campaigns Targeting Uyghurs | Threat Intel
Researchers from Lookout have uncovered two new surveillance campaigns, BadBazaar and MOONSHINE, targeting Uyghurs in the People’s Republic of China and abroad.
😐8👍4😢4🌭1
Discovering vendor-specific vulnerabilities in Android
https://blog.oversecured.com/Discovering-vendor-specific-vulnerabilities-in-Android/
https://blog.oversecured.com/Discovering-vendor-specific-vulnerabilities-in-Android/
News, Techniques & Guides
Discovering vendor-specific vulnerabilities in Android
For several years, Oversecured has been the best way to discover vulnerabilities in Android and iOS mobile apps.
👍13
Appshark - static analysis platform to scan vulnerabilities in an Android app
https://github.com/bytedance/appshark
https://github.com/bytedance/appshark
GitHub
GitHub - bytedance/appshark: Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app. - bytedance/appshark
👍16
Can you exploit the app? New Android uncrackable challenge
https://github.com/Ch0pin/uncrackable
https://github.com/Ch0pin/uncrackable
GitHub
GitHub - Ch0pin/uncrackable: A list of bizarre crackmes
A list of bizarre crackmes. Contribute to Ch0pin/uncrackable development by creating an account on GitHub.
👍12
Xenomorph Android banking malware found on Google Play with over 1,000 installs
https://www.zscaler.com/blogs/security-research/rise-banking-trojan-dropper-google-play-0
https://www.zscaler.com/blogs/security-research/rise-banking-trojan-dropper-google-play-0
Zscaler
Rise of Banking Trojan Dropper in Google Play | Zscaler
The Zscaler ThreatLabz team has recently discovered the Xenomorph banking trojan embedded in a Lifestyle app in the Google Play store. Read more.
👍8🤯1
Phishing Campaign Targeting Indonesian BRI Bank Using SMS Stealer
https://blog.cyble.com/2022/11/15/phishing-campaign-targeting-indonesian-bri-bank-using-sms-stealer
https://blog.cyble.com/2022/11/15/phishing-campaign-targeting-indonesian-bri-bank-using-sms-stealer
Cyble
SMS Stealer Phishing Campaign Hits Indonesia's BRI Bank
Cyble Research & Intelligence Labs analyzes an active phishing campaign targeting Indonesian BRI bank using Android SMS Stealer.
👍13😱1
Pixel 6 Bootloader: Exploitation (part 3)
https://eshard.com/posts/pixel6_bootloader_3
https://eshard.com/posts/pixel6_bootloader_3
👍9
Forwarded from The Bug Bounty Hunter
CVE-2022-32929 - Bypass iOS backup's TCC protection
https://theevilbit.github.io/posts/cve-2022-32929/
https://theevilbit.github.io/posts/cve-2022-32929/
theevilbit blog
CVE-2022-32929 - Bypass iOS backup's TCC protection
Intro Link to heading Normally, when a users backup their iOS device, the backup is saved into ~/Library/Application Support/MobileSync/Backup directory. The MobileSync directory is properly protected by TCC, as the backup can contain photos, contact information…
👍21
IT threat evolution in Q3 2022. Mobile statistics
https://securelist.com/it-threat-evolution-in-q3-2022-mobile-statistics/107978/
https://securelist.com/it-threat-evolution-in-q3-2022-mobile-statistics/107978/
Securelist
IT threat evolution in Q3 2022. Mobile statistics
In Q3 2022, a total of 5,623,670 mobile malware, adware, and riskware attacks were blocked, and 438,035 malicious installation packages were detected.
👍10🔥2
Android Malware Analysis Workshop
SLIDES:
https://drive.google.com/file/d/1Y6SFYPuYdydabxE33MaZlKTxN-_Wron4/view
SLIDES:
https://drive.google.com/file/d/1Y6SFYPuYdydabxE33MaZlKTxN-_Wron4/view
👍22🔥7
Android users risk falling victim to fraudsters during online job searches
https://news.drweb.com/show/?i=14608&lng=en
https://news.drweb.com/show/?i=14608&lng=en
Dr.Web
Android users risk falling victim to fraudsters during online job searches
Doctor Web is alerting users to the emergence of malicious Android apps that attackers have disguised as job-search software. Through these applications, fraudsters can collect their victims’ personal information and steal money from them using deceptive…
👍10👎1🐳1🍌1