Over 3,000 Android Malware Samples Using Multiple Techniques to Bypass Detection
https://www.zimperium.com/blog/over-3000-android-malware-samples-using-multiple-techniques-to-bypass-detection/
https://www.zimperium.com/blog/over-3000-android-malware-samples-using-multiple-techniques-to-bypass-detection/
Zimperium
Unsupported Compression Methods Enable Android Malware to Bypass Detection
true
👍16🤔3
Unmasking – EVLF DEV - The Creator of Android CypherRAT and CraxsRAT
https://www.cyfirma.com/outofband/unmasking-evlf-dev-the-creator-of-cypherrat-and-craxsrat/
https://www.cyfirma.com/outofband/unmasking-evlf-dev-the-creator-of-cypherrat-and-craxsrat/
CYFIRMA
Unmasking - EVLF DEV-The Creator of CypherRAT and CraxsRAT - CYFIRMA
EXECUTIVE SUMMARY The CYFIRMA research team has discovered a new Malware-as-a-service (MaaS) operator that goes by the moniker EVLF DEV....
👍19👏2
Content Providers and the potential weak spots they can have
https://blog.oversecured.com/Content-Providers-and-the-potential-weak-spots-they-can-have/
https://blog.oversecured.com/Content-Providers-and-the-potential-weak-spots-they-can-have/
News, Techniques & Guides
Content Providers and the potential weak spots they can have
Before we jump into the details, we want to stress how important it is to keep your users' data safe.
👍16
NetHunter Hacker VIII: Wi-Fi hacking using wifite, deauthentication and wardriving
https://www.mobile-hacker.com/2023/08/29/nethunter-hacker-viii-wi-fi-hacking-using-wifite-deauthentication-and-wardriving/
https://www.mobile-hacker.com/2023/08/29/nethunter-hacker-viii-wi-fi-hacking-using-wifite-deauthentication-and-wardriving/
Mobile Hacker
NetHunter Hacker VIII: Wi-Fi hacking using wifite, deauthentication and wardriving Mobile Hacker
This blog will provide you with information on the several techniques and tools used to attack Wi-Fi networks using NetHunter app. We'll talk about the various tools such as the wifite, shed light on the deauthentication attack technique, and explore the…
👍18❤5🤔4
Technical Analysis of Multi-layered Obfuscation Techniques in AndroidManifest.xml Aimed at Evading Static Analysis
https://www.liansecurity.com/#/main/news/H_NoQIoBE2npFSfF-iQ5/detail
https://www.liansecurity.com/#/main/news/H_NoQIoBE2npFSfF-iQ5/detail
🔥8👍3🤡3💩1💅1
Mobile Malware Analysis Part 2 – MasterFred
https://8ksec.io/mobile-malware-analysis-part-2-masterfred/
https://8ksec.io/mobile-malware-analysis-part-2-masterfred/
👍7❤1
Android Goes All-in on Fuzzing
https://security.googleblog.com/2023/08/android-goes-all-in-on-fuzzing.html
https://security.googleblog.com/2023/08/android-goes-all-in-on-fuzzing.html
Google Online Security Blog
Android Goes All-in on Fuzzing
Posted by Hamzeh Zawawy and Jon Bottarini, Android Security Fuzzing is an effective technique for finding software vulnerabilities. Over ...
👍8
Obfuscating Android Apps with Native Code
The presentation explores writing Android applications in purely native code to obfuscate app flow-of-control
Resources: https://github.com/LaurieWired/AndroidPurelyNative_Troopers23
Presentation: https://youtu.be/wayMcQQZV1U?si=UJ6m_6jogtzcnNBF
The presentation explores writing Android applications in purely native code to obfuscate app flow-of-control
Resources: https://github.com/LaurieWired/AndroidPurelyNative_Troopers23
Presentation: https://youtu.be/wayMcQQZV1U?si=UJ6m_6jogtzcnNBF
GitHub
GitHub - LaurieWired/AndroidPurelyNative_Troopers23: This contains notes and code for my Troopers23 Beyond Java talk
This contains notes and code for my Troopers23 Beyond Java talk - GitHub - LaurieWired/AndroidPurelyNative_Troopers23: This contains notes and code for my Troopers23 Beyond Java talk
🔥8❤1👍1
Trojanized Signal and Telegram apps were discovered on Google Play and Galaxy Store
Patched Signal is the first documented case of spying on a victim’s Signal communications by secretly autolinking the compromised device to attacker’s Signal device
https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/
Patched Signal is the first documented case of spying on a victim’s Signal communications by secretly autolinking the compromised device to attacker’s Signal device
https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/
Welivesecurity
BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps
ESET research uncovers active campaigns linked to the China-aligned APT group known as GREF that distributing espionage code previously targeting Uyghurs.
👍11
Bypassing Hardened Android Application available on the Play Store
-Root Detection Check in Native Java code and in React Native file
-Emulator Check
-Frida Running Check
-SSL Pinning Bypass
https://notsosecure.com/bypassing-hardened-android-applications
-Root Detection Check in Native Java code and in React Native file
-Emulator Check
-Frida Running Check
-SSL Pinning Bypass
https://notsosecure.com/bypassing-hardened-android-applications
NotSoSecure
Bypassing Hardened Android Applications
Recently, we performed a penetration test on an Android application available on the Play Store. The app had good security in place to protect it from being opened and executed on a rooted app. In
👍12
How to port custom build of Kali Nethunter to an unsupported phone (Xiaomi Poco X3 NFC) and compile custom Kernel with support for TP-LINK W722N V2/V3 (RTL8812AU drivers)
https://r0ttenbeef.github.io/Port-Custom-Build-of-Kali-Nethunter-to-an-Unsupported-Phone-Walkthrough/
https://r0ttenbeef.github.io/Port-Custom-Build-of-Kali-Nethunter-to-an-Unsupported-Phone-Walkthrough/
r0ttenbeef.github.io
Port Custom Build of Kali Nethunter to an Unsupported Phone Walkthrough
Cybersecurity Blog
👍8
Infamous Chisel: Detailed analysis of each component associated with Sandworm APT group designed to enable remote access and exfiltrate information from Android phones
https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/infamous-chisel/NCSC-MAR-Infamous-Chisel.pdf
https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/infamous-chisel/NCSC-MAR-Infamous-Chisel.pdf
👍10❤1
Account takeover using PIN brute-force
BillPoint app didn't use brute-force PIN protection, which allowed attacker to gain unauthorized access to any user account simply by knowing their email
https://medium.com/@hackedbyeldee/account-takeover-on-billpoint-co-mobile-app-9cc3aedd92b
BillPoint app didn't use brute-force PIN protection, which allowed attacker to gain unauthorized access to any user account simply by knowing their email
https://medium.com/@hackedbyeldee/account-takeover-on-billpoint-co-mobile-app-9cc3aedd92b
Medium
Account Takeover on Billpoint.co Mobile App
Hello fellow cyber security enthusiasts
🔥19👍6❤1👏1
Video explanation on a bug discovered in PayPal Business Android app how it was possible to steal authentication token to takeover victim account
https://youtu.be/AoSvq9v8kvY?si=shOkn5aq_mXrhlu3
https://youtu.be/AoSvq9v8kvY?si=shOkn5aq_mXrhlu3
👍12🔥1🤔1
Android.Pandora trojans (ancestor of Linux Mirai trojan) compromise Android devices, either during firmware updates or when applications for viewing pirated video content are installed
https://news.drweb.com/show/?i=14743&lng=en
https://news.drweb.com/show/?i=14743&lng=en
Dr.Web
Pandora's box is now open: the well-known Mirai trojan arrives in a new disguise to Android-based TV sets and TV boxes
Doctor Web has identified a family of Android.Pandora trojans that compromise Android devices, either during firmware updates or when applications for viewing pirated video content are installed. This backdoor inherited its advanced DDoS-attack capabilities…
👍12🤔1
How to spoof iOS devices with Bluetooth pairing messages using Android
https://www.mobile-hacker.com/2023/09/07/spoof-ios-devices-with-bluetooth-pairing-messages-using-android/
https://www.mobile-hacker.com/2023/09/07/spoof-ios-devices-with-bluetooth-pairing-messages-using-android/
Mobile Hacker
Spoof iOS devices with Bluetooth pairing messages using Android Mobile Hacker
[update 09.10.2023] In this update, I will share how to extend the signal of Android nRF Connect app that can send pairing messages, demonstrate AppleJuice on the latest iOS 17, show which specific advertisement packet can trigger pop-ups from up to 50 meters…
👍20🤣6❤1
New 0-click exploit chain discovered targeting iOS devices delivers Pegasus Spyware
Exploit chain was capable of compromising iPhones (iOS 16.6) without any user interaction.
The device is compromised just by receiving malicious image in iMessage (CVE-2023-41064, CVE-2023-41061).
➡️ Update your iOS devices
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
Exploit chain was capable of compromising iPhones (iOS 16.6) without any user interaction.
The device is compromised just by receiving malicious image in iMessage (CVE-2023-41064, CVE-2023-41061).
➡️ Update your iOS devices
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
The Citizen Lab
BLASTPASS
Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware while checking the device of an individual employed by a Washington DC-based civil society organization with international offices. We…
🔥20👍8❤5😁2🤯1🏆1🆒1
Evil Telegram doppelganger attacks Chinese users
https://securelist.com/trojanized-telegram-mod-attacking-chinese-users/110482/
https://securelist.com/trojanized-telegram-mod-attacking-chinese-users/110482/
Securelist
Spyware Telegram mod distributed via Google Play
Spyware Telegram mod in Uighur and Chinese spreads through Google Play stealing messages and other user data.
👍13❤4🤔4
Useful tutorial on how to port Kali NetHunter (including custom Kernel) to unsupported "Essential Phone"
https://odysee.com/@z2rec:1/how-i-ported-kali-nethunter-to-unsupported-device:c
https://odysee.com/@z2rec:1/how-i-ported-kali-nethunter-to-unsupported-device:c
Odysee
How I Ported Kali NetHunter to Unsupported Device - Essential Phone
View on Odysee: How I Ported Kali NetHunter to Unsupported Device - Essential Phone
👍15🤯3
From ERMAC to Hook: Investigating the technical differences between two Android malware variants
https://research.nccgroup.com/2023/09/11/from-ermac-to-hook-investigating-the-technical-differences-between-two-android-malware-variants/
https://research.nccgroup.com/2023/09/11/from-ermac-to-hook-investigating-the-technical-differences-between-two-android-malware-variants/
👍7❤2
Android App Pin Security Issue Allows Unauthorized Payments via Google Wallet even with enabled "Require device unlock for NFC" option (CVE-2023-35671)
While in pinned mode, all other apps become temporarily inaccessible, except Google Wallet.
PoC: https://github.com/MrTiz/CVE-2023-35671
While in pinned mode, all other apps become temporarily inaccessible, except Google Wallet.
PoC: https://github.com/MrTiz/CVE-2023-35671
GitHub
GitHub - MrTiz/CVE-2023-35671: Android App Pin Security Issue Allowing Unauthorized Payments via Google Wallet
Android App Pin Security Issue Allowing Unauthorized Payments via Google Wallet - MrTiz/CVE-2023-35671
👍7🔥3🤔3