For the first time Windows Ursnif banking trojan campaigns started to target Android users via DroidJack RAT received from email
https://cert--agid-gov-it.translate.goog/news/ursnif-approda-nel-mondo-delle-app-mobile-lapk-droidjack-viene-veicolato-come-comunicazione-agenzia-delle-entrate/?s=03&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en
https://cert--agid-gov-it.translate.goog/news/ursnif-approda-nel-mondo-delle-app-mobile-lapk-droidjack-viene-veicolato-come-comunicazione-agenzia-delle-entrate/?s=03&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en
CERT-AGID
Ursnif approda nel mondo delle app mobile: l’APK DroidJack viene veicolato come comunicazione Agenzia delle Entrate
👍6
Chinese Pinduoduo app exploited system vulnerabilities to escalate privileges to download and execute backdoors and gain unauthorized access to user data, notifications and files. The app was also removed from Google Play Store.
Original research: https://mp.weixin.qq.com/s/P_EYQxOEupqdU0BJMRqWsw
Context article: https://krebsonsecurity.com/2023/03/google-suspends-chinese-e-commerce-app-pinduoduo-over-malware/
New analysis report: https://github.com/davincifans101/pinduoduo_backdoor_detailed_report/blob/main/report_en.pdf
Original research: https://mp.weixin.qq.com/s/P_EYQxOEupqdU0BJMRqWsw
Context article: https://krebsonsecurity.com/2023/03/google-suspends-chinese-e-commerce-app-pinduoduo-over-malware/
New analysis report: https://github.com/davincifans101/pinduoduo_backdoor_detailed_report/blob/main/report_en.pdf
👍5❤1
ARM TrustZone: pivoting to the secure world
https://thalium.github.io/blog/posts/pivoting_to_the_secure_world/
https://thalium.github.io/blog/posts/pivoting_to_the_secure_world/
👍8
Spyware vendors use 0-days and n-days against Android and iOS
https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/
https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/
Google
Spyware vendors use 0-days and n-days against popular platforms
Google’s Threat Analysis Group (TAG) tracks actors involved in information operations (IO), government backed attacks and financially motivated abuse. For years, TAG has…
👍8🤔2👏1
Android GoatRAT Banker Attacks Automated Payment Systems
https://labs.k7computing.com/index.php/goatrat-attacks-automated-payment-systems/
https://labs.k7computing.com/index.php/goatrat-attacks-automated-payment-systems/
K7 Labs
GoatRAT Attacks Automated Payment Systems
Recently, we came across a detection in our telemetry report named “com.goatmw” which gained our attention. We decided to investigate […]
👍9❤2😁2
MacStealer: Wi-Fi Client Isolation Bypass
MacStealer can test Wi-Fi networks for client isolation bypasses (CVE-2022-47522) to intercept (steal) traffic toward other clients at the MAC layer
https://github.com/vanhoefm/macstealer
MacStealer can test Wi-Fi networks for client isolation bypasses (CVE-2022-47522) to intercept (steal) traffic toward other clients at the MAC layer
https://github.com/vanhoefm/macstealer
GitHub
GitHub - vanhoefm/macstealer
Contribute to vanhoefm/macstealer development by creating an account on GitHub.
👍12❤3🔥2
Mobile Pentesting 101 – How to set up your Android Environment
https://securitycafe.ro/2023/04/03/mobile-pentesting-101-how-to-set-up-your-android-environment/
https://securitycafe.ro/2023/04/03/mobile-pentesting-101-how-to-set-up-your-android-environment/
Security Café
Mobile Pentesting 101 – How to set up your Android Environment
This article gives an idea about how your Android pentesting environment should look like. What tools should I use? Do I really need a physical device? Do I need a rooted device to pentest an appli…
👍16❤1👎1
Android Parcels: Introducing Android's Safer Parcel
https://youtu.be/qIzMKfOmIAA
https://youtu.be/qIzMKfOmIAA
YouTube
Android Parcels: The Bad, the Good and the Better - Introducing Android's Safer Parcel
Parcel is the serialization mechanism in Android and is behind almost every OS cross-process interaction. Parcelable implementations have been the source of vulnerabilities in Android for ~8 years, often rated high severity and weaponized by malware authors…
👍13❤1
Moqhao (Shaoye aka XLoader) malware operated by Yanbian group can bypass text-based CAPTCHAs #RoamingMantis
This feature is used in combination with brute-force attacks on wireless router’s web interfaces to compromise routers and perform DNS hijacking attacks.
https://www.telekom.com/en/blog/group/article/moqhao-masters-new-tricks-1031484
This feature is used in combination with brute-force attacks on wireless router’s web interfaces to compromise routers and perform DNS hijacking attacks.
https://www.telekom.com/en/blog/group/article/moqhao-masters-new-tricks-1031484
Telekom
Moqhao masters new tricks
News from the Moqhao malware family. It attacks Android smartphones and has now even learned to overcome CAPTCHA.
👍12😨2🤔1
How to intercept network trafic on Android
https://github.com/LabCIF-Tutorials/Tutorial-AndroidNetworkInterception
https://github.com/LabCIF-Tutorials/Tutorial-AndroidNetworkInterception
GitHub
GitHub - LabCIF-Tutorials/Tutorial-AndroidNetworkInterception: How to intercept network trafic on Android
How to intercept network trafic on Android. Contribute to LabCIF-Tutorials/Tutorial-AndroidNetworkInterception development by creating an account on GitHub.
👍19
Configuring an Android Phone for Pentesting
https://www.blackhillsinfosec.com/start-to-finish-configuring-an-android-phone-for-pentesting/
https://www.blackhillsinfosec.com/start-to-finish-configuring-an-android-phone-for-pentesting/
Black Hills Information Security, Inc.
Start to Finish: Configuring an Android Phone for Pentesting - Black Hills Information Security, Inc.
Jeff Barbi // *Guest Post Background Unless you’re pentesting mobile apps consistently, it’s easy for your methodologies to fall out of date. Each new version of Android brings with it […]
👍16
Pwning Pixel 6 with a leftover patch
https://github.blog/2023-04-06-pwning-pixel-6-with-a-leftover-patch/
https://github.blog/2023-04-06-pwning-pixel-6-with-a-leftover-patch/
The GitHub Blog
Pwning Pixel 6 with a leftover patch
In this post, I’ll look at a security-related change in version r40p0 of the Arm Mali driver that was AWOL in the January update of the Pixel bulletin, where other patches from r40p0 was applied, and how these two lines of changes can be exploited to gain…
👍7😁3❤1
iOS Penetration Testing Cheat Sheet
https://github.com/ivan-sincek/ios-penetration-testing-cheat-sheet
https://github.com/ivan-sincek/ios-penetration-testing-cheat-sheet
GitHub
GitHub - ivan-sincek/ios-penetration-testing-cheat-sheet: Work in progress...
Work in progress... Contribute to ivan-sincek/ios-penetration-testing-cheat-sheet development by creating an account on GitHub.
👍13❤4
Android Penetration Testing Cheat Sheet
https://github.com/ivan-sincek/android-penetration-testing-cheat-sheet
https://github.com/ivan-sincek/android-penetration-testing-cheat-sheet
GitHub
GitHub - ivan-sincek/android-penetration-testing-cheat-sheet: Work in progress...
Work in progress... Contribute to ivan-sincek/android-penetration-testing-cheat-sheet development by creating an account on GitHub.
👍14🥰2
How does an Android app phishes Facebook credentials of an user?
https://medium.com/@themalwarebug/how-does-an-android-app-phish-facebook-credentials-of-an-user-2533f9ef2738
https://medium.com/@themalwarebug/how-does-an-android-app-phish-facebook-credentials-of-an-user-2533f9ef2738
Medium
How does an android app phish Facebook credentials of an user?
Hey guys,I am back with another malware this time which was named Facestealer malware which targets Facebook users exfiltrating their…
👍12❤1👎1🤔1
Extensive look at the hardware, software and security implemented by the new Xiaomi scooter
https://robocoffee.de/?p=436
https://robocoffee.de/?p=436
👍8
PoC for CVE-2023-28206 where an iOS app may be able to execute arbitrary code with kernel privileges
https://support.apple.com/en-il/HT213720
https://support.apple.com/en-il/HT213720
Apple Support
About the security content of iOS 16.4.1 and iPadOS 16.4.1
This document describes the security content of iOS 16.4.1 and iPadOS 16.4.1.
👍10
Overview of Google Play threats sold on the dark web
https://securelist.com/google-play-threats-on-the-dark-web/109452/
https://securelist.com/google-play-threats-on-the-dark-web/109452/
Securelist
Google Play threat market: overview of the dark web offers
Kaspersky research into dark web offers related to Android malware and its distribution via Google Play: hacked app developer accounts, malicious loaders, etc.
👍14🤔3❤2
Goldoson: Privacy-invasive and Clicker Android Adware found in popular apps in South Korea
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/goldoson-privacy-invasive-and-clicker-android-adware-found-in-popular-apps-in-south-korea/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/goldoson-privacy-invasive-and-clicker-android-adware-found-in-popular-apps-in-south-korea/
McAfee Blog
Goldoson: Privacy-invasive and Clicker Android Adware found in popular apps in South Korea | McAfee Blog
Authored by SangRyol Ryu McAfee’s Mobile Research Team discovered a software library we’ve named Goldoson, which collects lists of applications installed,
👍8👎1
Chameleon: A New Android Malware Spotted In The Wild
https://blog.cyble.com/2023/04/13/chameleon-a-new-android-malware-spotted-in-the-wild/
https://blog.cyble.com/2023/04/13/chameleon-a-new-android-malware-spotted-in-the-wild/
👍12🤔1