Android Malware Impersonates ChatGPT-Themed Applications
https://unit42.paloaltonetworks.com/android-malware-poses-as-chatgpt/
https://unit42.paloaltonetworks.com/android-malware-poses-as-chatgpt/
Unit 42
Android Malware Impersonates ChatGPT-Themed Applications
Android malware posing as ChatGPT-themed apps targets mobile users. We report on instances of this attack vector, identifying two distinct types.
👍12
DoNot APT Elevates its Tactics by Deploying Malicious Android Apps on Google Play Store impersonating VPN apps (iKHfaa VPN and nSure Chat)
https://www.cyfirma.com/outofband/donot-apt-elevates-its-tactics-by-deploying-malicious-android-apps-on-google-play-store/
https://www.cyfirma.com/outofband/donot-apt-elevates-its-tactics-by-deploying-malicious-android-apps-on-google-play-store/
CYFIRMA
DoNot APT Elevates its Tactics by Deploying Malicious Android Apps on Google Play Store - CYFIRMA
EXECUTIVE SUMMARY The team at CYFIRMA recently obtained suspicious Android apps hosted on the Google Play Store under the account...
👍11❤2🤔1
Leveraging Android Permissions: A Solver Approach (CVE-2023-20947)
https://blog.thalium.re/posts/leveraging-android-permissions/
https://blog.thalium.re/posts/leveraging-android-permissions/
blog.thalium.re
Leveraging Android Permissions: A Solver Approach
The Android permission management system has already suffered from several vulnerabilities in the past. Such weaknesses can grant dangerous permissions to a malevolent application, an example being CALL_LOG, which gives access to all incoming and outgoing…
👍10❤1
Analysis of Triangulation iOS spyware implant
https://securelist.com/triangledb-triangulation-implant/110050/
https://securelist.com/triangledb-triangulation-implant/110050/
Securelist
Dissecting TriangleDB, a Triangulation spyware implant
In researching Operation Triangulation, we set ourselves the goal to retrieve as many parts of the exploitation chain as possible. As of now, we have finished analyzing the spyware implant and are ready to share the details.
👍7❤2
Reversing Flutter apps: Dart’s Small Integers
https://cryptax.medium.com/reversing-flutter-apps-darts-small-integers-b922d7fae7d9
https://cryptax.medium.com/reversing-flutter-apps-darts-small-integers-b922d7fae7d9
Medium
Reversing Flutter apps: Dart’s Small Integers
This article delves into the reverse engineering of Dart executable or Flutter release applications. We focus on the reverse engineering of…
👍9❤1
The State of Android (Banking) Malware: Insights from 2022 and Predictions for 2023
https://www.threatfabric.com/hubfs/ThreatFabric_Generic_Report-The%20State%20of%20Android%20Banking%20Malware%202022.pdf
https://www.threatfabric.com/hubfs/ThreatFabric_Generic_Report-The%20State%20of%20Android%20Banking%20Malware%202022.pdf
👍10❤4
Military service members have been receiving physical smartwatches in the mail. Smartwatches can auto-connect to Wifi and began connecting to cell phones unprompted, access voice and cameras
https://www.cid.army.mil/Media/Press-Center/Article-Display/Article/3429159/cid-lookout-unsolicited-smartwatches-received-by-mail/
https://www.cid.army.mil/Media/Press-Center/Article-Display/Article/3429159/cid-lookout-unsolicited-smartwatches-received-by-mail/
👍13🤔1
Reversing Flutter-based Android Malware “Fluhorse”
https://www.fortinet.com/blog/threat-research/fortinet-reverses-flutter-based-android-malware-fluhorse
https://www.fortinet.com/blog/threat-research/fortinet-reverses-flutter-based-android-malware-fluhorse
Fortinet Blog
Fortinet Reverses Flutter-based Android Malware “Fluhorse”
Gain insights into the Fluhorse malware campaign as we've managed to fully reverse engineer the malicious Flutter applications. Learn more.…
👍15🎉2❤1
How to manually unpack native Android packer called KangaPack
https://cryptax.medium.com/inside-kangapack-the-kangaroo-packer-with-native-decryption-3e7e054679c4
https://cryptax.medium.com/inside-kangapack-the-kangaroo-packer-with-native-decryption-3e7e054679c4
Medium
Inside KangaPack: the Kangaroo packer with native decryption
In this blog post, we unpack a malicious sample sha256: 2c05efa757744cb01346fe6b39e9ef8ea2582d27481a441eb885c5c4dcd2b65b . The core…
👍11❤3
Four Anatsa (also known as TeaBot) Android banking Trojans were discovered on Google Play Store with over 30,000 installs targeting almost 600 financial app
https://www.threatfabric.com/blogs/anatsa-hits-uk-and-dach-with-new-campaign
https://www.threatfabric.com/blogs/anatsa-hits-uk-and-dach-with-new-campaign
ThreatFabric
Anatsa banking Trojan hits UK, US and DACH with new campaign
Anatsa returns with a new campaign targeting UK, US and DACH supported by droppers on Google Play Store.
👍14🤔3
Interesting hardening technique of Android financial apps
Put custom permission on their components such as activities, services, etc, so banking Trojans can't launch and interact with them
This prevents malware to perform on device fraudulent transactions
https://debugactiveprocess.medium.com/strengthening-android-security-mitigating-banking-trojan-threats-fe94ae9e2f02
Put custom permission on their components such as activities, services, etc, so banking Trojans can't launch and interact with them
This prevents malware to perform on device fraudulent transactions
https://debugactiveprocess.medium.com/strengthening-android-security-mitigating-banking-trojan-threats-fe94ae9e2f02
Medium
Strengthening Android Security: Mitigating Banking Trojan Threats
In today’s digital age, mobile devices have become integral to our daily lives, including financial transactions. However, this increased…
👍20❤2
Android SELinux Internals Part I Understand how Android SELinux works, along with its functionalities and benefits
https://8ksec.io/android-selinux-internals-part-i-8ksec-blogs/
https://8ksec.io/android-selinux-internals-part-i-8ksec-blogs/
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Android SELinux Internals Part I | 8kSec Blogs - 8kSec
In Android SELinux internals Part 1 blog, explore how it provides security on Android devices and ways to bypass it. Read more to learn!
👍19🔥2
A modified version of the Telegram Androis app found to be maliciously patched with Triada malware
https://blog.checkpoint.com/security/dont-be-fooled-by-app-earances-check-point-researchers-spot-hidden-malwares-behind-legitimate-looking-apps/
https://blog.checkpoint.com/security/dont-be-fooled-by-app-earances-check-point-researchers-spot-hidden-malwares-behind-legitimate-looking-apps/
Check Point Blog
Don’t be fooled by app-earances: Check Point Researchers spot hidden malwares behind legitimate looking apps - Check Point Blog
Highlights: A modified version of the popular messaging app Telegram found to be malicious The malicious app can sign up the victim for various paid
👍20🤔4❤1😁1
Kunai - library for analyzing Dalvik Executable Files (DEX)
https://farena.in/android/analysis/kunai-lib/
https://farena.in/android/analysis/kunai-lib/
Eduardo Blázquez's Personal Webpage
Kunai, a library for analyzing Dalvik Executable Files
Kunai is a library for analyzing Dalvik Executable Files, this library is written in C++ for performance reasons
👍18🔥1
Intercepting Android App Traffic using BurpSuite
Video tutorial shows how to setup Android emulator, installing Burp Certificate in the System Store, proxy app traffic through BurpSuite, and bypass certificate pinning using Frida
https://youtu.be/xp8ufidc514
Video tutorial shows how to setup Android emulator, installing Burp Certificate in the System Store, proxy app traffic through BurpSuite, and bypass certificate pinning using Frida
https://youtu.be/xp8ufidc514
YouTube
Intercepting Android App Traffic with BurpSuite
00:00 - Introduction, talking about RouterSpace and why we can't just do what we did in that video
01:25 - Installing Genymotion, Virtual Box, and ADB; while talking about why I don't use Android Studio/AVD. Simply because genymotion just works.
02:05 - Make…
01:25 - Installing Genymotion, Virtual Box, and ADB; while talking about why I don't use Android Studio/AVD. Simply because genymotion just works.
02:05 - Make…
👍15❤2
Bringing NFC contactless payment to CASIO F-91W watch
https://medium.com/@matteo.pisani.91/how-i-hacked-casio-f-91w-digital-watch-892bd519bd15
https://medium.com/@matteo.pisani.91/how-i-hacked-casio-f-91w-digital-watch-892bd519bd15
Medium
How I hacked CASIO F-91W digital watch
Bringing NFC contactless payment capability to a true classic.
👍23🤔5🔥1🖕1
Introduction to Kali NetHunter Hacker series: Which NetHunter fits you best?
https://www.mobile-hacker.com/2023/07/04/introduction-of-kali-nethunter-hacker-series-and-which-nethunter-fits-you-best/
https://www.mobile-hacker.com/2023/07/04/introduction-of-kali-nethunter-hacker-series-and-which-nethunter-fits-you-best/
Mobile Hacker
Introduction to Kali NetHunter hacker series and which NetHunter fits you best Mobile Hacker
Welcome to the exciting world of NetHunter! In this blog post, we will dive into the powerful toolkit designed specifically for mobile penetration testing and ethical hacking. Kali NetHunter brings the full arsenal of Kali Linux tools to your mobile device…
❤16😍3👍2🥰2👏1🤔1
Analysis of account takeover discovered in Android app with 100M+ installs from Google Play ($1000 bounty)
https://medium.com/@amolbhavar/how-i-get-1000-bounty-for-discovering-account-takeover-in-android-application-3c4f54fbde39
https://medium.com/@amolbhavar/how-i-get-1000-bounty-for-discovering-account-takeover-in-android-application-3c4f54fbde39
Medium
How I get 1000$ bounty for Discovering Account Takeover in Android Application
In this blog post, I will share my experience of discovering a critical account takeover vulnerability in an Android application which has…
👍17❤3
Analysis of Android EverSpy 2 Malware which source code price is $4,000
https://www.theobservator.net/everspy-2-malware-reverse-engineering/
https://www.theobservator.net/everspy-2-malware-reverse-engineering/
❤12👍4🤔3🤣3
Using MLIR for Dalvik Bytecode Analysis
Using intermediate representations allows analysts to write optimizations and code analysis passes easier than parsing binary or bytecode directly. Kunai is a library intended for static analysis of dalvik bytecode, in a newer version of the library, the idea is to use the capabilities and possibilities offered by MLIR, writing a new dialect centered on Dalvik instructions.
Presentation: https://youtu.be/hfqOivYdD40
Slides: https://llvm.org/devmtg/2023-05/slides/Lightning-Talks/01-Eduardo-EuroLLVM2023.pdf
Using intermediate representations allows analysts to write optimizations and code analysis passes easier than parsing binary or bytecode directly. Kunai is a library intended for static analysis of dalvik bytecode, in a newer version of the library, the idea is to use the capabilities and possibilities offered by MLIR, writing a new dialect centered on Dalvik instructions.
Presentation: https://youtu.be/hfqOivYdD40
Slides: https://llvm.org/devmtg/2023-05/slides/Lightning-Talks/01-Eduardo-EuroLLVM2023.pdf
YouTube
2023 EuroLLVM - Using MLIR for Dalvik Bytecode Analysis
2023 European LLVM Developers' Meeting
https://llvm.org/devmtg/2023-05/
------
Using MLIR for Dalvik Bytecode Analysis
Speaker: Eduardo Blázquez
------
Slides: https://llvm.org/devmtg/2023-05/slides/Lightning-Talks/01-Eduardo-EuroLLVM2023.pdf
-----
Using…
https://llvm.org/devmtg/2023-05/
------
Using MLIR for Dalvik Bytecode Analysis
Speaker: Eduardo Blázquez
------
Slides: https://llvm.org/devmtg/2023-05/slides/Lightning-Talks/01-Eduardo-EuroLLVM2023.pdf
-----
Using…
👍14❤3