DoNot APT Targets Individuals in South Asia using Android Malware
https://www.cyfirma.com/outofband/donot-apt-targets-individuals-in-south-asia-using-android-malware/
https://www.cyfirma.com/outofband/donot-apt-targets-individuals-in-south-asia-using-android-malware/
CYFIRMA
DoNot APT Targets Individuals in South Asia using Android Malware - CYFIRMA
EXECUTIVE SUMMARY Recently CYFIRMA observed a cyber-attack on an individual residing in Kashmir, India. CYFIRMA research team collected two pieces...
👍16
DAAM Android Botnet being distributed through Trojanized Applications
https://blog.cyble.com/2023/04/20/daam-android-botnet-being-distributed-through-trojanized-applications/
https://blog.cyble.com/2023/04/20/daam-android-botnet-being-distributed-through-trojanized-applications/
Cyble
DAAM Botnet Spread Via Trojanized Android Apps
Discover how Cyble Research & Intelligence Labs analyzes Trojanized Android apps distributing the DAAM botnet, including a malicious Psiphon variant.
👍9❤2
The Fuzzing Guide to the Galaxy: An Attempt with Android System Services
https://blog.thalium.re/posts/fuzzing-samsung-system-services/
https://blog.thalium.re/posts/fuzzing-samsung-system-services/
THALIUM
The Fuzzing Guide to the Galaxy: An Attempt with Android System Services
Although the Android base is open source, many different constructors customize it with their own UIs and APIs. All these additions represent an extra attack surface that can change from one phone model to another. We tried to automatically fuzz the closed…
👍9
Fakecalls Android Malware Abuses Legitimate Signing Key
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fakecalls-android-malware-abusing-legitimate-signing-key/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fakecalls-android-malware-abusing-legitimate-signing-key/
McAfee Blog
Fakecalls Android Malware Abuses Legitimate Signing Key | McAfee Blog
Authored by Dexter Shin McAfee Mobile Research Team found an Android banking trojan signed with a key used by legitimate apps in South Korea last year.
👍19❤2
HiddenAds Spread via Android Gaming Apps on Google Play
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/hiddenads-spread-via-android-gaming-apps-on-google-play/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/hiddenads-spread-via-android-gaming-apps-on-google-play/
McAfee Blog
HiddenAds Spread via Android Gaming Apps on Google Play | McAfee Blog
Authored by Dexter Shin Minecraft is a popular video game that can be played on a desktop or mobile. This is a sandbox game developed by Mojang Studios.
👍13🥱1
Mobile Hacking Cheatsheets
Android and iOS pentesting, forensics, debugging and fuzzing cheatsheets
https://github.com/randorisec/MobileHackingCheatSheet/tree/master/pdf
Android and iOS pentesting, forensics, debugging and fuzzing cheatsheets
https://github.com/randorisec/MobileHackingCheatSheet/tree/master/pdf
👍41🔥3❤2🤔1
Google Play Store bad apps and developers review in 2022
-blocked 1.43 million apps to be available on the Store
-banned 173K bad accounts
-prevented 500K submitted apps from unnecessarily accessing sensitive permissions over the past 3 years
-expanded the App Defense Alliance (McAfee, Trend Micro, ESET, Lookout, Zimperium)
https://security.googleblog.com/2023/04/how-we-fought-bad-apps-and-bad-actors.html
-blocked 1.43 million apps to be available on the Store
-banned 173K bad accounts
-prevented 500K submitted apps from unnecessarily accessing sensitive permissions over the past 3 years
-expanded the App Defense Alliance (McAfee, Trend Micro, ESET, Lookout, Zimperium)
https://security.googleblog.com/2023/04/how-we-fought-bad-apps-and-bad-actors.html
Google Online Security Blog
How we fought bad apps and bad actors in 2022
Posted by Anu Yamunan and Khawaja Shams (Android Security and Privacy Team), and Mohet Saxena (Compute Trust and Safety) Keeping Google P...
👍10🤔4❤1
Android Deep Link Issues And WebView Exploitation
https://8ksec.io/android-deeplink-and-webview-exploitation-8ksec-blogs/
https://8ksec.io/android-deeplink-and-webview-exploitation-8ksec-blogs/
👍16❤4🔥1
Android Java code translation into native code to thwart AV detection
Video: https://youtu.be/UcdMx-te2NE
Slides and materials: https://github.com/LaurieWired/AndroidNativeObfuscation_defcon615
Video: https://youtu.be/UcdMx-te2NE
Slides and materials: https://github.com/LaurieWired/AndroidNativeObfuscation_defcon615
YouTube
Android Undercover: Native Code Translation for AV Stealth - DC615/DEF CON Nashville
This is a live recording of a talk I gave at DEFCON (DC615) Nashville. The presentation explores how translating Java code into Native code thwarts many AV detections.
First, I go over a live example of translating Android Java code into Native code, and…
First, I go over a live example of translating Android Java code into Native code, and…
👍15👎3
BouldSpy (DAAM) - Android Spyware Tied to Iranian Police Targeting Minorities
https://www.lookout.com/blog/iranian-spyware-bouldspy
https://www.lookout.com/blog/iranian-spyware-bouldspy
Lookout
BouldSpy: Android Spyware Tied to Iranian Police Targets Minorities | Threat Intel
Researchers at the Lookout Threat Lab have discovered a new Android surveillance tied to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA).
👍12
Smartphones With Qualcomm Chip Secretly Share Private Information With US Chip-Maker
"Smart phones with Qualcomm chip secretly send personal data to Qualcomm. This data is sent without user consent, unencrypted, and even when using a Google-free Android distribution."
https://www.nitrokey.com/news/2023/smartphones-popular-qualcomm-chip-secretly-share-private-information-us-chip-maker
"Smart phones with Qualcomm chip secretly send personal data to Qualcomm. This data is sent without user consent, unencrypted, and even when using a Google-free Android distribution."
https://www.nitrokey.com/news/2023/smartphones-popular-qualcomm-chip-secretly-share-private-information-us-chip-maker
Nitrokey
Smartphones With Popular Qualcomm Chip Secretly Share Private Information With US Chip-Maker
👍11👎2🤔2❤1🔥1
Androset: Automated noscript to convert and push Burp Suite certificate in Android, and modify Android's IP table to redirect all traffic to Burp Suite
https://github.com/Anof-cyber/Androset
https://github.com/Anof-cyber/Androset
GitHub
GitHub - Anof-cyber/Androset: Automated noscript to convert and push Burp Suite certificate in Android, and modify Android's IP table…
Automated noscript to convert and push Burp Suite certificate in Android, and modify Android's IP table to redirect all traffic to Burp Suite. - Anof-cyber/Androset
👍11
Android TV Boxes: AllWinner H616/H618 & RockChip 3328 Android Malware Analysis & Cleanup
https://github.com/DesktopECHO/T95-H616-Malware
https://github.com/DesktopECHO/T95-H616-Malware
GitHub
GitHub - DesktopECHO/T95-H616-Malware: "Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes
"Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes - DesktopECHO/T95-H616-Malware
👍9🔥1
Android greybox fuzzing with AFL++ Frida mode
https://blog.quarkslab.com/android-greybox-fuzzing-with-afl-frida-mode.html
https://blog.quarkslab.com/android-greybox-fuzzing-with-afl-frida-mode.html
Quarkslab
Android greybox fuzzing with AFL++ Frida mode - Quarkslab's blog
This article is about greybox fuzzing of userland targets that can be encountered in Android using AFL++ and its Frida mode. We also discuss how to target JNI functions, to test the native features invoked by Java code.
👍13
Vulnerabilities identified in Amazon Fire TV Stick
1) Local network PIN brute forcing (CVE-2023-1385)
2) Arbitrary Javanoscript code to execution (CVE-2023-1384)
3) Register services that are only locally accessible (CVE-2023-1383)
https://www.bitdefender.com/files/News/CaseStudies/study/430/Bitdefender-PR-Whitepaper-AMZFr-creat6696-en-EN.pdf
1) Local network PIN brute forcing (CVE-2023-1385)
2) Arbitrary Javanoscript code to execution (CVE-2023-1384)
3) Register services that are only locally accessible (CVE-2023-1383)
https://www.bitdefender.com/files/News/CaseStudies/study/430/Bitdefender-PR-Whitepaper-AMZFr-creat6696-en-EN.pdf
👍7🔥7❤1🤔1
Flutter Hackers: Understand and reverse engineere Flutter APK Release Mode with Frida
Part 1: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-1-6c316be56b13
Part 2: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-2-598a44942b5e
Part 1: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-1-6c316be56b13
Part 2: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-2-598a44942b5e
Medium
Flutter Hackers: Uncovering the Dev’s Myopia (Part 1)
Life hack for understanding Flutter Application through source code leaks
👍11😁3
Arbitrary code execution discoverd in Android imo-International Calls & Chat with 1B installs up to version 2022.11.1051 (CVE-2022-47757)
A path traversal vulnerability delivered using a deeplink can force the IMO app to write files into its data directory. This allows an attacker to write a library file that the app uses to dynamically load modules
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47757
A path traversal vulnerability delivered using a deeplink can force the IMO app to write files into its data directory. This allows an attacker to write a library file that the app uses to dynamically load modules
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47757
cve.mitre.org
CVE -
CVE-2022-47757
CVE-2022-47757
The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
👍11❤1