Multiple Vulnerabilities in Kiddoware Kids Place Parental Control Android App (CVE-2023-28153, CVE-2023-29078, CVE-2023-29079)
1) Login and registration returns password as MD5 hash
2) Stored XSS via device name in parent Dashboard
3) Possible CSRF attacks in parent Dashboard
4) Arbitrary File Upload to AWS S3 bucket
5) Disable Child App Restriction without Parent's notice
https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-kiddoware-kids-place-parental-control-android-app/

Revisiting Stealthy Sensitive Information Collection from Android Apps [slides] #BlackHatAsia23
https://i.blackhat.com/Asia-23/AS-23-Bai-Stealthy-Sensitive-Information-Collection-from-Android-Apps.pdf

Two Bugs With One PoC: Rooting Pixel 6 From Android 12 to Android 13 [slides] #BlackHatAsia23
http://i.blackhat.com/Asia-23/AS-23-WANG-Two-bugs-with-one-PoC-Rooting-Pixel-6-from-Android-12-to-Android-13.pdf

Dirty Stream Attack, Turning Android Share Targets Into Attack Vectors [slides] #BlackHatAsia23
http://i.blackhat.com/Asia-23/AS-23-Valsamaras-Dirty-Stream-Attack-Turning-Android.pdf

Weaponizing Mobile Infrastructure: Are Politically Motivated Cyber Attacks a Threat to Democracy? [slides] #BlackHatAsia23
http://i.blackhat.com/Asia-23/AS-23-Saleem-Weaponizing-mobile-Infrastructure.pdf

Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices
https://www.trendmicro.com/en_us/research/23/e/lemon-group-cybercriminal-businesses-built-on-preinfected-devices.html

Hacking Chess.com: Unlocking Premium Bots on the Android App
https://medium.com/@icebre4ker/hacking-chess-com-my-journey-to-unlock-premium-bots-on-the-android-app-d8cac9d25094

Racing Against the Lock: Exploiting Spinlock UAF in the Android Kernel
This paper presents an exploit for a unique Binder kernel use-after-free (UAF) vulnerability which was disclosed recently (CVE-2022-20421)
Write-up: https://0xkol.github.io/assets/files/Racing_Against_the_Lock__Exploiting_Spinlock_UAF_in_the_Android_Kernel.pdf
Slides: https://0xkol.github.io/assets/files/OffensiveCon23_Racing_Against_the_Lock__Exploiting_Spinlock_UAF_in_the_Android_Kernel.pdf
PoC: https://github.com/0xkol/badspin

BrutePrint: Android phones are vulnerable to fingerprint brute-force attacks
https://arxiv.org/pdf/2305.10791.pdf

Emulating Android native library to decrypt strings using Qiling Framework
https://youtu.be/R1zWh3fbY24

AhRat: Android RAT discovered on Google Play Store based on AhMyth RAT that exfiltrates files and records audio
https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/

Google introduced Mobile VRP: Mobile Vulnerability Rewards Program (Mobile VRP) focuses on first-party Android applications developed or maintained by Google
https://bughunters.google.com/about/rules/6618732618186752/google-mobile-vulnerability-reward-program-rules

A technical analysis of Intellexa's PREDATOR mobile spyware
https://blog.talosintelligence.com/mercenary-intellexa-predator/

“FleeceGPT” mobile apps target AI-curious to rake in cash
https://news-sophos-com.cdn.ampproject.org/c/s/news.sophos.com/en-us/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash/

Daam (BouldSpy) Android Botnet recommendations from India CERT
https://www.csk.gov.in/alerts/Daam_android_botnet.html

Flipper zero can root Xiaomi vaccum robot using usb uart app
https://www.reddit.com/r/flipperzero/comments/13sabij/flipper_zero_can_be_used_for_xiaomi_vaccum_robot/
Tutorial: https://builder.dontvacuum.me/dreame/

Permhash: The permhash framework can be used to identify previously unknown APK, CRX, AXML samples through pivoting and clustering
Tool: https://github.com/google/permhash
Research: https://www.mandiant.com/resources/blog/permhash-no-curls-necessary

Android apps containing spyware SpinOk module was discovered in 101 apps on Google Play Store with alltogether 421,000,000+ install
It can exfiltrate:
- list of files in specified directories,
- verify the presence of a specified file or a directory on the device,
- file from the device, and
- copy or substitute the clipboard contents
https://news.drweb.com/show/?lng=en&i=14705

Android DogeRAT: Technical analysis of open-source Android Remote Access Trojan (RAT)
https://cloudsek.com/blog/dogerat-the-android-malware-campaign-targeting-users-across-multiple-industries

Crash WhatsApp using one message
Video demo how it is possible to crash group chat using one message. If you open the chat, WhatsApp will always crash.
✅️To temporarily fix the issue, you have to remove the crash message using WhatsApp web
https://www.instagram.com/reel/Cs3iGe3ORuw/?igshid=MzRlODBiNWFlZA==

Beautifying Native Android Code in Ghidra!
We partially native APK, extract the native binaries, and analyze the native ELF binary
https://youtu.be/sK_jsQ5bJUk