Towards Understanding Android System Vulnerabilities: Techniques and Insights
https://daoyuan14.github.io/slides/AsiaCCS19_slides_Daoyuan.pdf
https://daoyuan14.github.io/slides/AsiaCCS19_slides_Daoyuan.pdf
New FinFisher spy infects iOS (jailbreak) and Android devices.
FinFisher has been sold to governments all over the world. For iOS it doesn't use any exploit but manual installation is required.
Targets popular messaging apps.
https://securelist.com/new-finspy-ios-and-android-implants-revealed-itw/91685/
FinFisher has been sold to governments all over the world. For iOS it doesn't use any exploit but manual installation is required.
Targets popular messaging apps.
https://securelist.com/new-finspy-ios-and-android-implants-revealed-itw/91685/
Securelist
New FinSpy iOS and Android implants revealed ITW
Since 2011 Kaspersky has continuously monitored the development of FinSpy and the emergence of new versions in the wild. According to our telemetry, several dozen unique mobile devices have been infected over the past year, with recent activity recorded in…
New Android malware replaces legitimate apps with ad-infested doppelgangers.
The vast majority of victims are located in India (15.2 million), Bangladesh (2.5 million), and Pakistan (1.7 million).
The Agent Smith malware uses the Janus technique to inject malicious code inside a legitimate app, but without affecting its MD5 file hash.
https://www.zdnet.com/article/new-android-malware-replaces-legitimate-apps-with-ad-infested-doppelgangers/
The vast majority of victims are located in India (15.2 million), Bangladesh (2.5 million), and Pakistan (1.7 million).
The Agent Smith malware uses the Janus technique to inject malicious code inside a legitimate app, but without affecting its MD5 file hash.
https://www.zdnet.com/article/new-android-malware-replaces-legitimate-apps-with-ad-infested-doppelgangers/
ZDNet
New Android malware replaces legitimate apps with ad-infested doppelgangers | ZDNet
New "Agent Smith" malware operation is preparing to invade the Google Play Store.
Analysis of Agent Smith: A New Species of Mobile Malware
https://research.checkpoint.com/agent-smith-a-new-species-of-mobile-malware/
https://research.checkpoint.com/agent-smith-a-new-species-of-mobile-malware/
Check Point Research
Agent Smith: A New Species of Mobile Malware - Check Point Research
Research by: Aviran Hazum, Feixiang He, Inbal Marom, Bogdan Melnykov, Andrey Polkovnichenko Check Point Researchers recently discovered a new variant of mobile malware that quietly infected around 25 million devices, while the user remains completely…
How to set up quick Android malware or bug bounty analysis lab1.0) Install Android 8.1 Oreo in Virtual Machine: https://techsviewer.com/install-android-in-virtual-machine-vmware-and-virtualbox
1.1) Android 8.1 in qemu and Burp Suite SSL interception: https://astr0baby.wordpress.com/2019/07/09/android-8-1-in-qemu-and-burp-suite-ssl-interception/
2) Set up SSL PINNING IN 10 MINUTES WITH FRIDA: https://omespino.com/tutorial-universal-android-ssl-pinning-in-10-minutes-with-frida/
3) Download apps or malware to test: https://koodous.com/apks
Techsviewer - Offering Simple Solutions for Tech Problems
Install Android 8.1 Oreo in Virtual Machine: VMware and VirtualBox
An Android virtual machine can be created using various virtualization software solutions available. There are many of them but only two have the very best features. These are VirtualBox and VMware. Their free versions are feature-laden while their paid versions…
The first Bluetooth hair straighteners can be easily hacked #IoT
As there is no pairing or bonding established over BLE when connecting a phone, anyone in range with the app can take control of the straighteners.
https://www.pentestpartners.com/security-blog/burning-down-the-house-with-iot/
As there is no pairing or bonding established over BLE when connecting a phone, anyone in range with the app can take control of the straighteners.
https://www.pentestpartners.com/security-blog/burning-down-the-house-with-iot/
Pentestpartners
Burning down the house with IoT | Pen Test Partners
For years we’ve been trying to set fire to ‘smart’ things by hacking them. We got some charring on the iKettle, but nothing more. Then we found some smart hair […]
iOS URL Scheme Susceptible to Hijacking
Abuse of the URL Scheme can potentially result in the loss of privacy, bill fraud, exposure to pop-up ads, and more.
https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/
Abuse of the URL Scheme can potentially result in the loss of privacy, bill fraud, exposure to pop-up ads, and more.
https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/
Trend Micro
Research, News, and Perspectives
Fake DeepNude Downloads Gives You Malware Instead of Nudes
A brief search on YouTube indicates that the campaign started a week ago. The latest video linking to a file in the denoscription was uploaded on Wednesday and has almost 1,000 views; it links to an Android app.
https://www.bleepingcomputer.com/news/security/fake-deepnude-downloads-gives-you-malware-instead-of-nudes/
A brief search on YouTube indicates that the campaign started a week ago. The latest video linking to a file in the denoscription was uploaded on Wednesday and has almost 1,000 views; it links to an Android app.
https://www.bleepingcomputer.com/news/security/fake-deepnude-downloads-gives-you-malware-instead-of-nudes/
BleepingComputer
Fake DeepNude Downloads Gives You Malware Instead of Nudes
Cybercriminals are using the notoriety of the DeepNude app to distribute info-stealing malware in campaigns over YouTube that promise a cracked premium version of the program for Windows, Android, and iOS.
58 HiddenAds Trojans with over 8,200,000 installs found on Google Play
https://twitter.com/m0br3v/status/1149621258671099907?s=19
https://twitter.com/m0br3v/status/1149621258671099907?s=19
X (formerly Twitter)
I.Zhilyakov (@m0br3v) on X
The new large list of applications infected with #Android #HiddenAds #Trojan has been found on Google Play. 58 applications with 8215000+ installs. Many of them are in the top of new free applications for Android. The rating of most applications does not…
❤1
Android backdoor found on Google Play in OpenGL Plugin app
https://news.drweb.com/show/?i=13349&lng=en
https://news.drweb.com/show/?i=13349&lng=en
Dr.Web
Doctor Web: A dangerous Android backdoor distributed via Google Play
Doctor Web has identified a new backdoor trojan on Google Play that executes cybercriminal commands, allowing the criminals to remotely control the infected Android devices and spy on users.
How mobile black products benefit from plug-in technology - part II. #Chinese
https://blog.trustlook.com/hei-chan-li-qi-an-zhuo-duo-kai/
https://blog.trustlook.com/hei-chan-li-qi-an-zhuo-duo-kai/
Trustlook blog
深度揭秘移动黑产是如何通过插件化技术谋取利益
Part1 从样本看Virtual App在黑产中的应用
4月初,Trustlook安全研究人员在使用App Insight
[https://www.trustlook.com/services/app-insight.html]
对国内某商店进行常规审核时,截获了一个名为“换机精灵”的样本,该应用作为一款换机工具,实则为恶意刷量木马,截止我们发现样本的当日,该应用在国内各大软件市场拥有高达上亿次下载,以下为样本的存档信息:
该恶意软件具备极高的威胁:
* 具备远程控制的安装任意应用/插件并执行的后门;…
4月初,Trustlook安全研究人员在使用App Insight
[https://www.trustlook.com/services/app-insight.html]
对国内某商店进行常规审核时,截获了一个名为“换机精灵”的样本,该应用作为一款换机工具,实则为恶意刷量木马,截止我们发现样本的当日,该应用在国内各大软件市场拥有高达上亿次下载,以下为样本的存档信息:
该恶意软件具备极高的威胁:
* 具备远程控制的安装任意应用/插件并执行的后门;…
Awesome Cellular HackingList with the most up to date exploits, blogs, research, and papers in the 3G/4G/5G Cellular security space.
https://github.com/W00t3k/Awesome-Cellular-Hacking
GitHub
GitHub - W00t3k/Awesome-Cellular-Hacking: Awesome-Cellular-Hacking
Awesome-Cellular-Hacking. Contribute to W00t3k/Awesome-Cellular-Hacking development by creating an account on GitHub.
Forwarded from The Bug Bounty Hunter
Facebook Bug bounty page admin disclose bug {Facebook Android app}
https://medium.com/@yusuffurkan/facebook-bug-bounty-page-admin-disclose-bug-facebook-android-app-c0fa50459177
https://medium.com/@yusuffurkan/facebook-bug-bounty-page-admin-disclose-bug-facebook-android-app-c0fa50459177
Medium
Facebook Bug bounty page admin disclose bug {Facebook Android app}
Hello community! my name is Yusuf Aydın
Detail analysis of a high quality bug in the JavaScript engine capable of bypassing all current iOS mitigations!
[PDF presentation] https://objectivebythesea.com/v2/talks/OBTS_v2_Todesco.pdf
[PDF presentation] https://objectivebythesea.com/v2/talks/OBTS_v2_Todesco.pdf
The Art of iPhone Acquisition
-Break the passcode
-Logical acquisition
-Physical acquisition
-Cloud acquisition
https://blog.elcomsoft.com/2019/07/the-art-of-iphone-acquisition/
-Break the passcode
-Logical acquisition
-Physical acquisition
-Cloud acquisition
https://blog.elcomsoft.com/2019/07/the-art-of-iphone-acquisition/
ElcomSoft blog
The Art of iPhone Acquisition
We all know how much important data is stored in modern smartphones, making them an excellent source of evidence. However, data preservation and acquisition are not as easy as they sound. There is no silver bullet or “fire and forget” solutions to solve cases…
Fake Antivirus app found on Google Play
https://twitter.com/virqdroid/status/1150757620703203329
https://twitter.com/virqdroid/status/1150757620703203329
Twitter
Nikolaos Chrysaidos
Searching for 17 strings (mix of package names and activities) doesn't make you an AV. There's much more work^3 behind a real AV. Plus no update mechanism. #Trashapps in @GooglePlay | #fakeapp
Android Spy spreads in Israel 🇮🇱 via Facebook page
https://twitter.com/IdoNaor1/status/1150818794597703681?s=19
APK sample: https://beta.virusbay.io/sample/browse/895fffe1afc16b2c9836a00f82028282
https://twitter.com/IdoNaor1/status/1150818794597703681?s=19
APK sample: https://beta.virusbay.io/sample/browse/895fffe1afc16b2c9836a00f82028282
Twitter
Ido Naor
Last year, an unknown actor distributed phishing via @wallamail, that infected Israeli victims with a crafted @ScreenConnect implant. Same actor now returns to a 2nd round via Fb: An APK wrapped with #RevCode WebMonitor (recently covered by @briankrebs -…
Subnoscription scam app found on Google Play
https://blog.avast.com/avast-researcher-finds-apparent-android-app-scam
https://blog.avast.com/avast-researcher-finds-apparent-android-app-scam
Avast
Avast researcher finds apparent Android app scam
Researchers at Avast are warning Android customers about an app called Number Finder, which tests suggest is a subnoscription scam.
Unofficial Telegram App Secretly Loads Infinite Malicious Sites
MobonoGram 2019 app was downloaded more than 100,000 times and performed adfraud clicks.
https://www.symantec.com/blogs/threat-intelligence/unofficial-telegram-app-malicious-sites
MobonoGram 2019 app was downloaded more than 100,000 times and performed adfraud clicks.
https://www.symantec.com/blogs/threat-intelligence/unofficial-telegram-app-malicious-sites
Attackers Can Manipulate Your WhatsApp and Telegram Media Files
"Media File Jacking" flaw affects WhatsApp and Telegram for Android
https://www.symantec.com/blogs/expert-perspectives/symantec-mobile-threat-defense-attackers-can-manipulate-your-whatsapp-and-telegram-media
"Media File Jacking" flaw affects WhatsApp and Telegram for Android
https://www.symantec.com/blogs/expert-perspectives/symantec-mobile-threat-defense-attackers-can-manipulate-your-whatsapp-and-telegram-media
Security
Symantec Mobile Threat: Attackers Can Manipulate Your WhatsApp and Telegram Media Files
New research by Symantec reveals a Media File Jacking flaw affecting WhatsApp and Telegram for Android