Damn Vulnerable iOS App v2.
Learn about 15+ different security issues by hacking the app to learn
https://github.com/prateek147/DVIA-v2
Learn about 15+ different security issues by hacking the app to learn
https://github.com/prateek147/DVIA-v2
GitHub
GitHub - prateek147/DVIA-v2: Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to…
Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penet...
👍13
Android Botnet Hook: a new Ermac fork with RAT capabilities
https://www.threatfabric.com/blogs/hook-a-new-ermac-fork-with-rat-capabilities.html
https://www.threatfabric.com/blogs/hook-a-new-ermac-fork-with-rat-capabilities.html
ThreatFabric
Hook: a new Ermac fork with RAT capabilities
Hook, the latest project of the criminals behind the Ermac banking malware, adds Remote Access Tool features, allowing this variant to perform On Device Fraud.
👍9🤔5❤1
Roaming Mantis implements new DNS changer in its malicious mobile app in 2022
Android malicious app gets IP of router gateway, identifies the router manufacturer, tries default credentials and changes DNS settings. Malware uses this technique to every free/public Wi-Fi networks such as cafes, bars, hotels, airports etc. so anyone connecting in these places might become a victim.
https://securelist.com/roaming-mantis-dns-changer-in-malicious-mobile-app/108464/
Android malicious app gets IP of router gateway, identifies the router manufacturer, tries default credentials and changes DNS settings. Malware uses this technique to every free/public Wi-Fi networks such as cafes, bars, hotels, airports etc. so anyone connecting in these places might become a victim.
https://securelist.com/roaming-mantis-dns-changer-in-malicious-mobile-app/108464/
Securelist
Roaming Mantis implements new DNS changer in its malicious mobile app in 2022
Roaming Mantis (a.k.a Shaoye) is a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal data. In 2022, we observed a DNS changer function implemented in its Android malware Wroba.o.
👍13
Android Exploit to get a System based shell (UID 1000) on ANY Samsung Mobile Device based on CVE-2019-16253
1) Downgrade to vulnerable SamsungTTS app
2) Install exploit APK
3) Exploit vulnerability to achieve System rights
https://forum.xda-developers.com/t/system-shell-exploit-all-samsung-mobile-devices-no-bl-unlock-required.4543071/
1) Downgrade to vulnerable SamsungTTS app
2) Install exploit APK
3) Exploit vulnerability to achieve System rights
https://forum.xda-developers.com/t/system-shell-exploit-all-samsung-mobile-devices-no-bl-unlock-required.4543071/
XDA Forums
***LOCKED UNTIL FURTHER NOTICE*** System Shell Exploit - ALL...
***MODERATOR ANNOUNCEMENT: THREAD CLOSED***
@K0mraid3 you are hereby required to provide proper credit in your OP as follows:
Link the assigned CVE for this exploit as it mentions the author's...
@K0mraid3 you are hereby required to provide proper credit in your OP as follows:
Link the assigned CVE for this exploit as it mentions the author's...
👍19
VASTFLUX - sophisticated ad fraud operation takendown.
More than 1,700 apps and 120 publishers were spoofed, and the scheme ran inside apps on nearly 11 million devices.
https://www.humansecurity.com/learn/blog/traffic-signals-the-vastflux-takedown
More than 1,700 apps and 120 publishers were spoofed, and the scheme ran inside apps on nearly 11 million devices.
https://www.humansecurity.com/learn/blog/traffic-signals-the-vastflux-takedown
HUMAN Security
Traffic signals: The VASTFLUX Takedown - HUMAN Security
HUMAN's Satori Threat Intelligence and Research Team uncovered and led a private takedown of a massive ad fraud operation called VASTFLUX.
👍8
Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
CVE-2023-21433 is an improper access control that allows attackers to install any applications available on the Galaxy App Store.
CVE-2023-21434 is an improper input validation that lets attackers execute JavaScript on the target device.
https://research.nccgroup.com/2023/01/20/technical-advisory-multiple-vulnerabilities-in-the-galaxy-app-store-cve-2023-21433-cve-2023-21434/
CVE-2023-21433 is an improper access control that allows attackers to install any applications available on the Galaxy App Store.
CVE-2023-21434 is an improper input validation that lets attackers execute JavaScript on the target device.
https://research.nccgroup.com/2023/01/20/technical-advisory-multiple-vulnerabilities-in-the-galaxy-app-store-cve-2023-21433-cve-2023-21434/
NCC Group Research Blog
Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
The Galaxy App Store is an alternative application store that comes pre-installed on Samsung Android devices. Several Android applications are available on both the Galaxy App Store and Google App …
👍12🔥3🤯3
Three Android Coper Banking Trojans Discovered On Google Play
https://twitter.com/Threatlabz/status/1617579712062324737
https://twitter.com/Threatlabz/status/1617579712062324737
👍5
CVE-2022-42864: Diabolical Cookies
Proof-of-concept exploit for CVE-2022-42864, a time-of-check-time-of-use vulnerability in IOHIDFamily that was fixed in iOS 16.2 / macOS Ventura 13.1.
https://github.com/Muirey03/CVE-2022-42864
Proof-of-concept exploit for CVE-2022-42864, a time-of-check-time-of-use vulnerability in IOHIDFamily that was fixed in iOS 16.2 / macOS Ventura 13.1.
https://github.com/Muirey03/CVE-2022-42864
GitHub
GitHub - Muirey03/CVE-2022-42864: Proof-of-concept for the CVE-2022-42864 IOHIDFamily race condition
Proof-of-concept for the CVE-2022-42864 IOHIDFamily race condition - Muirey03/CVE-2022-42864
👍7
Pwning the all Google phone with a non-Google bug (CVE-2022-38181)
https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/
https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/
The GitHub Blog
Pwning the all Google phone with a non-Google bug
It turns out that the first “all Google” phone includes a non-Google bug. Learn about the details of CVE-2022-38181, a vulnerability in the Arm Mali GPU. Join me on my journey through reporting the vulnerability to the Android security team, and the exploit…
👍14🆒8🔥3
kavanoz - a tool that statically unpacks common Android banker malware
https://github.com/eybisi/kavanoz
https://github.com/eybisi/kavanoz
GitHub
GitHub - eybisi/kavanoz: Statically unpacking common android banker malware.
Statically unpacking common android banker malware. - eybisi/kavanoz
🔥16👍6🤔3
Gigabud RAT: New Android RAT Masquerading as Government Agencies
https://blog.cyble.com/2023/01/19/gigabud-rat-new-android-rat-masquerading-as-government-agencies/
https://blog.cyble.com/2023/01/19/gigabud-rat-new-android-rat-masquerading-as-government-agencies/
Cyble
Cyble - Gigabud RAT: New Android RAT Masquerading As Government Agencies
CRIL analyzes Gigabud RAT, the latest Android malware posing as a government agency to steal sensitive information.
😱10👍7🔥3
FluBot - Android Malware Analysis
https://malwareanalysis.co/wp-content/uploads/2023/01/FluBot-Android-Malware-Analysis.pdf
C2 Communication: https://youtu.be/ttZ48hu6xjQ
https://malwareanalysis.co/wp-content/uploads/2023/01/FluBot-Android-Malware-Analysis.pdf
C2 Communication: https://youtu.be/ttZ48hu6xjQ
👍21🐳5🗿2❤1🥱1
Fraudulent “CryptoRom” trading apps sneak into Apple and Google app stores
https://news.sophos.com/en-us/2023/02/01/fraudulent-cryptorom-trading-apps-sneak-into-apple-and-google-app-stores/
https://news.sophos.com/en-us/2023/02/01/fraudulent-cryptorom-trading-apps-sneak-into-apple-and-google-app-stores/
Sophos News
Fraudulent “CryptoRom” trading apps sneak into Apple and Google app stores
Using changing remote content, apps slide by official review process to deliver fraud through the Apple App Store and Google Play Store.
👍7😱5
‘InTheBox’ Web Injects Targeting Android Banking Applications Worldwide
https://blog.cyble.com/2023/01/31/inthebox-web-injects-targeting-android-banking-applications-worldwide/
https://blog.cyble.com/2023/01/31/inthebox-web-injects-targeting-android-banking-applications-worldwide/
Cyble
‘InTheBox’ Web Injects Targeting Android Banking Applications Worldwide
Cyble analyzes 'InTheBox' as part of its thorough research on Web Injects and their role in targeting Android Banking applications worldwide.
👍8
Analysis of HOOKBOT – a new mobile malware
https://cebrf.knf.gov.pl/komunikaty/artykuly-csirt-knf/362-ostrzezenia/858-hookbot-a-new-mobile-malware
https://cebrf.knf.gov.pl/komunikaty/artykuly-csirt-knf/362-ostrzezenia/858-hookbot-a-new-mobile-malware
👍7
PixPirate: a new Brazilian Banking Trojan
https://www.cleafy.com/cleafy-labs/pixpirate-a-new-brazilian-banking-trojan
https://www.cleafy.com/cleafy-labs/pixpirate-a-new-brazilian-banking-trojan
Cleafy
PixPirate: a new Brazilian Banking Trojan | Cleafy LABS
Learn about PixPirate, the new Android banking trojan discovered by Cleafy TIR. This malware uses ATS to automate malicious money transfers via the Pix payment platform used by multiple Brazilian banks. Discover its features, including interception of banking…
👍13
TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users
https://www.trendmicro.com/en_us/research/23/b/tgtoxic-malware-targets-southeast-asia-android-users.html
https://www.trendmicro.com/en_us/research/23/b/tgtoxic-malware-targets-southeast-asia-android-users.html
Trend Micro
TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users
We look into an ongoing malware campaign we named TgToxic, targeting Android mobile users in Taiwan, Thailand, and Indonesia since July 2022. The malware steals users’ credentials and assets such as cryptocurrency from digital wallets, as well as money from…
👍12
A three day video course on Android Malware Analysis:
Day 1: http://youtube.com/watch?v=CwCOGf4Uunk
Day 2: http://youtube.com/watch?v=yZe8tGzm8nA
Day 3: http://youtube.com/watch?v=JdBu9yEu8g4
Day 1: http://youtube.com/watch?v=CwCOGf4Uunk
Day 2: http://youtube.com/watch?v=yZe8tGzm8nA
Day 3: http://youtube.com/watch?v=JdBu9yEu8g4
YouTube
A Course on Android Malware Analysis: Day 1 of 3
A Course on Android Malware Analysis
The ISTS and Google are pleased to offer a 3-day Zoom course on Android Malware Analysis on Sep 9, 10, 11 2020. For more information please visit ists.dartmouth.edu.
Wednesday, September 9, 2020
12:00pm – 6:00pm
Zoom…
The ISTS and Google are pleased to offer a 3-day Zoom course on Android Malware Analysis on Sep 9, 10, 11 2020. For more information please visit ists.dartmouth.edu.
Wednesday, September 9, 2020
12:00pm – 6:00pm
Zoom…
👍29❤1
Testing MEDUSA Android dynamic instrumentation Tool for Android pentesting & malware analysis
https://youtu.be/4hpjRuNJNDw
https://youtu.be/4hpjRuNJNDw
YouTube
MEDUSA Android dynamic instrumentation Tool | Android Penetration tool | Android malware analysis
MEDUSA is an Extensible and Modularised framework that automates processes and techniques practiced during the dynamic analysis of Android Applications.
github : https://github.com/Ch0pin/medusa
Some of the MEDUSA's features include:
Tracing and instrumentation…
github : https://github.com/Ch0pin/medusa
Some of the MEDUSA's features include:
Tracing and instrumentation…
👍18👎4🔥3
Android OS Privacy Under the Loupe
We use a combination of static and dynamic code analysis techniques to study the data transmitted by the preinstalled system apps on Android smartphones from three of the most popular vendors in China.
https://arxiv.org/abs/2302.01890
We use a combination of static and dynamic code analysis techniques to study the data transmitted by the preinstalled system apps on Android smartphones from three of the most popular vendors in China.
https://arxiv.org/abs/2302.01890
👍8🤔4