Uncovering an Iranian mobile malware campaign
https://news.sophos.com/en-us/2023/07/27/uncovering-an-iranian-mobile-malware-campaign/
https://news.sophos.com/en-us/2023/07/27/uncovering-an-iranian-mobile-malware-campaign/
Sophos News
Uncovering an Iranian mobile malware campaign
Sophos X-Ops researchers discover a cluster of credential-harvesting apps targeting Iranian bank customers
🔥9👍5🤔1
ZygiskFrida: zygisk module injects Frida gadget in Android apps in a stealthy way
-It is not embedded into the APK itself. APK Integrity/Signature checks will pass
-Avoiding ptrace based detection
-Allows to load multiple libraries into the process
https://github.com/lico-n/ZygiskFrida
-It is not embedded into the APK itself. APK Integrity/Signature checks will pass
-Avoiding ptrace based detection
-Allows to load multiple libraries into the process
https://github.com/lico-n/ZygiskFrida
GitHub
GitHub - lico-n/ZygiskFrida: Injects frida gadget using zygisk to bypass anti-tamper checks.
Injects frida gadget using zygisk to bypass anti-tamper checks. - lico-n/ZygiskFrida
👍19❤3👏2
Popular Chinese keyboard app (Sogou Keyboard) transmits every typed key to their server (Windows, Android, iOS).
On top of that, it contains vulnerabilities in encryption that expose user keypresses to network eavesdropping (MITM)
https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/
On top of that, it contains vulnerabilities in encryption that expose user keypresses to network eavesdropping (MITM)
https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/
The Citizen Lab
“Please do not make it public”
In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts…
👍10🤬5😁1
Exploiting LPE on Google Pixel 7 running Android 13
The Art of Rooting Android devices by GPU MMU features.
Slides: https://i.blackhat.com/BH-US-23/Presentations/US-23-WANG-The-Art-of-Rooting-Android-devices-by-GPU-MMU-features.pdf
Demo: https://youtu.be/D_AMrLbo3v8
The Art of Rooting Android devices by GPU MMU features.
Slides: https://i.blackhat.com/BH-US-23/Presentations/US-23-WANG-The-Art-of-Rooting-Android-devices-by-GPU-MMU-features.pdf
Demo: https://youtu.be/D_AMrLbo3v8
👀19👍2
ARTful: A library for dynamically modifying the Android Runtime
https://github.com/LaurieWired/ARTful
https://github.com/LaurieWired/ARTful
GitHub
GitHub - LaurieWired/ARTful: The ARTful library for dynamically modifying the Android Runtime
The ARTful library for dynamically modifying the Android Runtime - LaurieWired/ARTful
🔥11👍5❤4
Katalina - new tool that executes Android byte code, enabling to deobfuscate strings in Android malware
It’s written in Python and emulates each individual bytecode instruction that was used back in the day for Android
https://github.com/huuck/Katalina
https://www.humansecurity.com/tech-engineering-blog/katalina-an-open-source-android-string-deobfuscator
It’s written in Python and emulates each individual bytecode instruction that was used back in the day for Android
https://github.com/huuck/Katalina
https://www.humansecurity.com/tech-engineering-blog/katalina-an-open-source-android-string-deobfuscator
GitHub
GitHub - huuck/Katalina: Katalina is like Unicorn but for Dalvik bytecode. It provides an environment that can execute Android…
Katalina is like Unicorn but for Dalvik bytecode. It provides an environment that can execute Android bytecode one instruction at a time. - huuck/Katalina
🔥16👍10❤3
PoC how to trigger Remote Code Execution in Over-the-Air attack targeting Google Pixel 6
Victim perspective: Connect to attacker's fake base station -> receive call -> PWND!
Demo: https://youtu.be/R-XXpG_mZZI
Slides: https://i.blackhat.com/BH-US-23/Presentations/US-23-Karimi-Over-the-Air-Under-the-Radar.pdf
Victim perspective: Connect to attacker's fake base station -> receive call -> PWND!
Demo: https://youtu.be/R-XXpG_mZZI
Slides: https://i.blackhat.com/BH-US-23/Presentations/US-23-Karimi-Over-the-Air-Under-the-Radar.pdf
YouTube
Android Red Team: Over the Air, Under the Radar. Attacking and Securing the Pixel Modem
😱14👍4🔥2
Android Data Encryption in depth
https://blog.quarkslab.com/android-data-encryption-in-depth.html
https://blog.quarkslab.com/android-data-encryption-in-depth.html
Quarkslab
Android Data Encryption in depth - Quarkslab's blog
Join us in our journey into modern Android's Data Encryption at rest, in which we study how it works and assess how resistant it is against attackers having access to a range of high end software vulnerabilities.
👍13
NetHunter Hacker VII: Wi-Fi compatibility check and setup on Android
https://www.mobile-hacker.com/2023/08/15/nethunter-hacker-vii-wi-fi-compatibility-check-and-setup-on-android/
https://www.mobile-hacker.com/2023/08/15/nethunter-hacker-vii-wi-fi-compatibility-check-and-setup-on-android/
Mobile Hacker
NetHunter Hacker VII: Wi-Fi compatibility check and setup on Android Mobile Hacker
If you are interested in Wi-Fi hacking using NetHunter, you need to have a supported Wi-Fi adapter by your system that can supports various wireless modes and features. In this blogpost, we will explain what the different types of Wi-Fi adapters are, how…
👍14❤2🤔1
Mobile Malware Analysis Part 1 – Leveraging Accessibility Features To Steal Crypto Wallet
https://8ksec.io/mobile-malware-analysis-part-1-crypto-wallet-stealer/
https://8ksec.io/mobile-malware-analysis-part-1-crypto-wallet-stealer/
👍14
Forwarded from The Bug Bounty Hunter
Making Chrome more secure by bringing Key Pinning to Android
http://security.googleblog.com/2023/08/making-chrome-more-secure-by-bringing.html
http://security.googleblog.com/2023/08/making-chrome-more-secure-by-bringing.html
Google Online Security Blog
Making Chrome more secure by bringing Key Pinning to Android
Posted by David Adrian, Joe DeBlasio and Carlos Joan Rafael Ibarra Lopez, Chrome Security Chrome 106 added support for enforcing key pins...
👍9❤3👏1🤔1
Over 3,000 Android Malware Samples Using Multiple Techniques to Bypass Detection
https://www.zimperium.com/blog/over-3000-android-malware-samples-using-multiple-techniques-to-bypass-detection/
https://www.zimperium.com/blog/over-3000-android-malware-samples-using-multiple-techniques-to-bypass-detection/
Zimperium
Unsupported Compression Methods Enable Android Malware to Bypass Detection
true
👍16🤔3
Unmasking – EVLF DEV - The Creator of Android CypherRAT and CraxsRAT
https://www.cyfirma.com/outofband/unmasking-evlf-dev-the-creator-of-cypherrat-and-craxsrat/
https://www.cyfirma.com/outofband/unmasking-evlf-dev-the-creator-of-cypherrat-and-craxsrat/
CYFIRMA
Unmasking - EVLF DEV-The Creator of CypherRAT and CraxsRAT - CYFIRMA
EXECUTIVE SUMMARY The CYFIRMA research team has discovered a new Malware-as-a-service (MaaS) operator that goes by the moniker EVLF DEV....
👍19👏2
Content Providers and the potential weak spots they can have
https://blog.oversecured.com/Content-Providers-and-the-potential-weak-spots-they-can-have/
https://blog.oversecured.com/Content-Providers-and-the-potential-weak-spots-they-can-have/
News, Techniques & Guides
Content Providers and the potential weak spots they can have
Before we jump into the details, we want to stress how important it is to keep your users' data safe.
👍16
NetHunter Hacker VIII: Wi-Fi hacking using wifite, deauthentication and wardriving
https://www.mobile-hacker.com/2023/08/29/nethunter-hacker-viii-wi-fi-hacking-using-wifite-deauthentication-and-wardriving/
https://www.mobile-hacker.com/2023/08/29/nethunter-hacker-viii-wi-fi-hacking-using-wifite-deauthentication-and-wardriving/
Mobile Hacker
NetHunter Hacker VIII: Wi-Fi hacking using wifite, deauthentication and wardriving Mobile Hacker
This blog will provide you with information on the several techniques and tools used to attack Wi-Fi networks using NetHunter app. We'll talk about the various tools such as the wifite, shed light on the deauthentication attack technique, and explore the…
👍18❤5🤔4
Technical Analysis of Multi-layered Obfuscation Techniques in AndroidManifest.xml Aimed at Evading Static Analysis
https://www.liansecurity.com/#/main/news/H_NoQIoBE2npFSfF-iQ5/detail
https://www.liansecurity.com/#/main/news/H_NoQIoBE2npFSfF-iQ5/detail
🔥8👍3🤡3💩1💅1
Mobile Malware Analysis Part 2 – MasterFred
https://8ksec.io/mobile-malware-analysis-part-2-masterfred/
https://8ksec.io/mobile-malware-analysis-part-2-masterfred/
👍7❤1
Android Goes All-in on Fuzzing
https://security.googleblog.com/2023/08/android-goes-all-in-on-fuzzing.html
https://security.googleblog.com/2023/08/android-goes-all-in-on-fuzzing.html
Google Online Security Blog
Android Goes All-in on Fuzzing
Posted by Hamzeh Zawawy and Jon Bottarini, Android Security Fuzzing is an effective technique for finding software vulnerabilities. Over ...
👍8
Obfuscating Android Apps with Native Code
The presentation explores writing Android applications in purely native code to obfuscate app flow-of-control
Resources: https://github.com/LaurieWired/AndroidPurelyNative_Troopers23
Presentation: https://youtu.be/wayMcQQZV1U?si=UJ6m_6jogtzcnNBF
The presentation explores writing Android applications in purely native code to obfuscate app flow-of-control
Resources: https://github.com/LaurieWired/AndroidPurelyNative_Troopers23
Presentation: https://youtu.be/wayMcQQZV1U?si=UJ6m_6jogtzcnNBF
GitHub
GitHub - LaurieWired/AndroidPurelyNative_Troopers23: This contains notes and code for my Troopers23 Beyond Java talk
This contains notes and code for my Troopers23 Beyond Java talk - GitHub - LaurieWired/AndroidPurelyNative_Troopers23: This contains notes and code for my Troopers23 Beyond Java talk
🔥8❤1👍1
Trojanized Signal and Telegram apps were discovered on Google Play and Galaxy Store
Patched Signal is the first documented case of spying on a victim’s Signal communications by secretly autolinking the compromised device to attacker’s Signal device
https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/
Patched Signal is the first documented case of spying on a victim’s Signal communications by secretly autolinking the compromised device to attacker’s Signal device
https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/
Welivesecurity
BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps
ESET research uncovers active campaigns linked to the China-aligned APT group known as GREF that distributing espionage code previously targeting Uyghurs.
👍11