Infamous Chisel: Detailed analysis of each component associated with Sandworm APT group designed to enable remote access and exfiltrate information from Android phones
https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/infamous-chisel/NCSC-MAR-Infamous-Chisel.pdf
https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/infamous-chisel/NCSC-MAR-Infamous-Chisel.pdf
👍10❤1
Account takeover using PIN brute-force
BillPoint app didn't use brute-force PIN protection, which allowed attacker to gain unauthorized access to any user account simply by knowing their email
https://medium.com/@hackedbyeldee/account-takeover-on-billpoint-co-mobile-app-9cc3aedd92b
BillPoint app didn't use brute-force PIN protection, which allowed attacker to gain unauthorized access to any user account simply by knowing their email
https://medium.com/@hackedbyeldee/account-takeover-on-billpoint-co-mobile-app-9cc3aedd92b
Medium
Account Takeover on Billpoint.co Mobile App
Hello fellow cyber security enthusiasts
🔥19👍6❤1👏1
Video explanation on a bug discovered in PayPal Business Android app how it was possible to steal authentication token to takeover victim account
https://youtu.be/AoSvq9v8kvY?si=shOkn5aq_mXrhlu3
https://youtu.be/AoSvq9v8kvY?si=shOkn5aq_mXrhlu3
👍12🔥1🤔1
Android.Pandora trojans (ancestor of Linux Mirai trojan) compromise Android devices, either during firmware updates or when applications for viewing pirated video content are installed
https://news.drweb.com/show/?i=14743&lng=en
https://news.drweb.com/show/?i=14743&lng=en
Dr.Web
Pandora's box is now open: the well-known Mirai trojan arrives in a new disguise to Android-based TV sets and TV boxes
Doctor Web has identified a family of Android.Pandora trojans that compromise Android devices, either during firmware updates or when applications for viewing pirated video content are installed. This backdoor inherited its advanced DDoS-attack capabilities…
👍12🤔1
How to spoof iOS devices with Bluetooth pairing messages using Android
https://www.mobile-hacker.com/2023/09/07/spoof-ios-devices-with-bluetooth-pairing-messages-using-android/
https://www.mobile-hacker.com/2023/09/07/spoof-ios-devices-with-bluetooth-pairing-messages-using-android/
Mobile Hacker
Spoof iOS devices with Bluetooth pairing messages using Android Mobile Hacker
[update 09.10.2023] In this update, I will share how to extend the signal of Android nRF Connect app that can send pairing messages, demonstrate AppleJuice on the latest iOS 17, show which specific advertisement packet can trigger pop-ups from up to 50 meters…
👍20🤣6❤1
New 0-click exploit chain discovered targeting iOS devices delivers Pegasus Spyware
Exploit chain was capable of compromising iPhones (iOS 16.6) without any user interaction.
The device is compromised just by receiving malicious image in iMessage (CVE-2023-41064, CVE-2023-41061).
➡️ Update your iOS devices
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
Exploit chain was capable of compromising iPhones (iOS 16.6) without any user interaction.
The device is compromised just by receiving malicious image in iMessage (CVE-2023-41064, CVE-2023-41061).
➡️ Update your iOS devices
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
The Citizen Lab
BLASTPASS
Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware while checking the device of an individual employed by a Washington DC-based civil society organization with international offices. We…
🔥20👍8❤5😁2🤯1🏆1🆒1
Evil Telegram doppelganger attacks Chinese users
https://securelist.com/trojanized-telegram-mod-attacking-chinese-users/110482/
https://securelist.com/trojanized-telegram-mod-attacking-chinese-users/110482/
Securelist
Spyware Telegram mod distributed via Google Play
Spyware Telegram mod in Uighur and Chinese spreads through Google Play stealing messages and other user data.
👍13❤4🤔4
Useful tutorial on how to port Kali NetHunter (including custom Kernel) to unsupported "Essential Phone"
https://odysee.com/@z2rec:1/how-i-ported-kali-nethunter-to-unsupported-device:c
https://odysee.com/@z2rec:1/how-i-ported-kali-nethunter-to-unsupported-device:c
Odysee
How I Ported Kali NetHunter to Unsupported Device - Essential Phone
View on Odysee: How I Ported Kali NetHunter to Unsupported Device - Essential Phone
👍15🤯3
From ERMAC to Hook: Investigating the technical differences between two Android malware variants
https://research.nccgroup.com/2023/09/11/from-ermac-to-hook-investigating-the-technical-differences-between-two-android-malware-variants/
https://research.nccgroup.com/2023/09/11/from-ermac-to-hook-investigating-the-technical-differences-between-two-android-malware-variants/
👍7❤2
Android App Pin Security Issue Allows Unauthorized Payments via Google Wallet even with enabled "Require device unlock for NFC" option (CVE-2023-35671)
While in pinned mode, all other apps become temporarily inaccessible, except Google Wallet.
PoC: https://github.com/MrTiz/CVE-2023-35671
While in pinned mode, all other apps become temporarily inaccessible, except Google Wallet.
PoC: https://github.com/MrTiz/CVE-2023-35671
GitHub
GitHub - MrTiz/CVE-2023-35671: Android App Pin Security Issue Allowing Unauthorized Payments via Google Wallet
Android App Pin Security Issue Allowing Unauthorized Payments via Google Wallet - MrTiz/CVE-2023-35671
👍7🔥3🤔3
Android trojan masquerade as an Iranian online trading platform
https://news.drweb.com/show/?i=14748&lng=en
https://news.drweb.com/show/?i=14748&lng=en
Dr.Web
Android.Spy.Lydia trojans masquerade as an Iranian online trading platform
Doctor Web has detected new versions of the Android.Spy.Lydia trojans, which engage in a variety of spyware activities on infected Android devices and provide attackers with remote control capabilities to steal personal information and funds. Moreover, the…
👍15❤3🔥1
Massive Mobile Security Framework (MMSF)
A mobile open-source framework that combines functionalities from frida, objection, drozer, reflutter and more for iOS and Android app analysis
Info: https://securitycafe.ro/2023/09/18/mobile-pentesting-101-introducing-to-mmsf-massive-mobile-security-framework/
Download: https://github.com/St3v3nsS/MMSF
A mobile open-source framework that combines functionalities from frida, objection, drozer, reflutter and more for iOS and Android app analysis
Info: https://securitycafe.ro/2023/09/18/mobile-pentesting-101-introducing-to-mmsf-massive-mobile-security-framework/
Download: https://github.com/St3v3nsS/MMSF
Security Café
Mobile Pentesting 101 – Introducing to MMSF (Massive Mobile Security Framework)
Massive Mobile Security Framework, or MMSF, is a mobile framework that combines functionalities from Frida, objection, drozer, and many more.
👍16
Brute forcing Android app's PIN using Frida to bypass bank's 2FA and get authorization token
https://www.corellium.com/blog/frida-brute-forcing-pins-mobile-pentest
https://www.corellium.com/blog/frida-brute-forcing-pins-mobile-pentest
Corellium
Brute Forcing PINs with Frida: Mobile Penetration Testing
Walk through mobile penetration testing on a 2FA application that resulted in the creation of a Frida noscript to brute force hardcoded values.
👍17
In December 2022, Google discovered in-the-wild exploit chain targeting Samsung Android devices used by commercial mobile spyware vendor Variston.
It appears that n-day exploits that were fixed in Google products in 2022 (Chrome), were not fixed yet in Samsung (Samsung browser) and because of that exploited by espionage software in early exploitation stages.
Final stage, describes how attacker achieved execution as system_server (CVE-2023-0266, CVE-2023-26083)
https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
It appears that n-day exploits that were fixed in Google products in 2022 (Chrome), were not fixed yet in Samsung (Samsung browser) and because of that exploited by espionage software in early exploitation stages.
Final stage, describes how attacker achieved execution as system_server (CVE-2023-0266, CVE-2023-26083)
https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
projectzero.google
Analyzing a Modern In-the-wild Android Exploit - Project Zero
By Seth Jenkins, Project ZeroIntroductionIn December 2022, Google’s Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsu...
❤11👍4
Transparent Tribe’s (APT36) Android CapraRAT Mimics YouTube to Hijack Android Phones
https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/
https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/
SentinelOne
CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones
Pakistan-aligned threat actor weaponizes fake YouTube apps on the Android platform to deliver mobile remote access trojan spyware.
🔥8👍4😁1
How to bypass 5 advanced root detection techniques using Frida
https://8ksec.io/advanced-root-detection-bypass-techniques/
https://8ksec.io/advanced-root-detection-bypass-techniques/
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Advanced Frida Usage Part 5 – Advanced Root Detection & Bypass Techniques
Explore techniques related to root detection on Android devices and methods to bypass it.
👍16❤2🔥1
"The WebP 0day" - a full technical analysis the recently patched vulnerability in the WebP image library that was exploited in the wild (CVE-2023-4863)
https://blog.isosceles.com/the-webp-0day/
https://blog.isosceles.com/the-webp-0day/
Isosceles Blog
The WebP 0day
Early last week, Google released a new stable update for Chrome. The update included a single security fix that was reported by Apple's Security Engineering and Architecture (SEAR) team. The issue, CVE-2023-4863, was a heap buffer overflow in the WebP image…
🔥10❤2👍2
0-days exploited by Predator spyware were delivered via man-in-the-middle (MITM) attack and 0-click vulnerability against iOS and Android
https://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-vendor-in-egypt/
https://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-vendor-in-egypt/
Google
0-days exploited by commercial surveillance vendor in Egypt
Last week Google’s Threat Analysis Group (TAG), in partnership with The Citizen Lab, discovered an in-the-wild 0-day exploit chain for iPhones. Developed by the commercial surveillance vendor, Intellexa, this exploit chain is used to install its Predator…
👍19❤1
Working solution on how to inject system CA certificates in Android 14
https://httptoolkit.com/blog/android-14-install-system-ca-certificate/
https://httptoolkit.com/blog/android-14-install-system-ca-certificate/
Httptoolkit
New ways to inject system CA certificates in Android 14
A couple of weeks ago I published a post about changes in Android 14 that fundamentally break existing approaches to installing system-level CA certificates,...
👍17🔥1🤯1
Android Xenomorph Malware Strikes Again: Over 30+ US Banks Now Targeted
https://www.threatfabric.com/blogs/xenomorph
https://www.threatfabric.com/blogs/xenomorph
ThreatFabric
Xenomorph Malware Strikes Again: Over 30+ US Banks Now Targeted
Xenomorph Malware Resurfaces with Expanded Targets - Insights from ThreatFabric
👍6😱1
EvilBamboo Targets Mobile Devices in Multi-year Campaign
https://www.volexity.com/blog/2023/09/22/evilbamboo-targets-mobile-devices-in-multi-year-campaign/
https://www.volexity.com/blog/2023/09/22/evilbamboo-targets-mobile-devices-in-multi-year-campaign/
Volexity
EvilBamboo Targets Mobile Devices in Multi-year Campaign
Volexity has identified several long-running and currently active campaigns undertaken by the threat actor Volexity tracks as EvilBamboo (formerly named Evil Eye) targeting Tibetan, Uyghur, and Taiwanese individuals and organizations. These targets represent…
👍6