Arid Viper (APT-C-23) disguising mobile spyware as updates for non-malicious Android applications
https://blog.talosintelligence.com/arid-viper-mobile-spyware/
https://blog.talosintelligence.com/arid-viper-mobile-spyware/
Cisco Talos Blog
Arid Viper disguising mobile spyware as updates for non-malicious Android applications
Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users.
👍9
Car Hacking using Flipper Zero and HackRF
Both blogs present in depth research and testing of common methods of hacking fixed-code and rolling codes of radio frequency locks using replay attacks, brute-force, signal jamming, RollJAM, Rolling-PWN and Keeloq Decryption
part1: https://chaos-lab.blogspot.com/2023/10/grand-theft-auto-rf-locks-hacking.html
part2: https://chaos-lab.blogspot.com/2023/10/grand-theft-auto-rf-locks-hacking_31.html
Both blogs present in depth research and testing of common methods of hacking fixed-code and rolling codes of radio frequency locks using replay attacks, brute-force, signal jamming, RollJAM, Rolling-PWN and Keeloq Decryption
part1: https://chaos-lab.blogspot.com/2023/10/grand-theft-auto-rf-locks-hacking.html
part2: https://chaos-lab.blogspot.com/2023/10/grand-theft-auto-rf-locks-hacking_31.html
👍15
Mobile Malware Analysis Part 3 – Pegasus
https://8ksec.io/mobile-malware-analysis-part-3-pegasus/
https://8ksec.io/mobile-malware-analysis-part-3-pegasus/
👍16👎1
Media is too big
VIEW IN TELEGRAM
Bluetooth LE spam attack is now ported to dedicated Android app to push notifications for Android and Windows
For Android, is can advertise over 170 devices
https://github.com/simondankelmann/Bluetooth-LE-Spam
For Android, is can advertise over 170 devices
https://github.com/simondankelmann/Bluetooth-LE-Spam
👍24🔥6❤3🤔3🥰1👏1😱1
WhatsApp spy mod spreads through Telegram, attacks Arabic-speaking users
https://securelist.com/spyware-whatsapp-mod/110984/
https://securelist.com/spyware-whatsapp-mod/110984/
Securelist
Analysis of a spy module inside a WhatsApp mod
A WhatsApp mod with a built-in spy module has been spreading through Arabic and Azeri Telegram channels since August 2023.
👍12👏4
Vulnerability (CVE-2023-36620) in Boomerang Parental Control Android app (100,000+ installs) allowed an attacker with physical access to device to take over admin control panel and spy on a kid
https://seclists.org/fulldisclosure/2023/Jul/12
https://seclists.org/fulldisclosure/2023/Jul/12
seclists.org
Full Disclosure: SEC Consult SA-20230628-0 :: Stored XSS & Privilege Escalation in Boomerang Parental Control App
👍13❤2
A curated list of modern Android exploitation conference talks
https://github.com/actuator/Android-Security-Exploits-YouTube-Curriculum
https://github.com/actuator/Android-Security-Exploits-YouTube-Curriculum
GitHub
GitHub - actuator/Android-Security-Exploits-YouTube-Curriculum: 🔓A Curated List Of Modern Android Exploitation Conference Talks.
🔓A Curated List Of Modern Android Exploitation Conference Talks. - actuator/Android-Security-Exploits-YouTube-Curriculum
👍16❤1
Bypassing Android 13 Restrictions with SecuriDropper
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
ThreatFabric
Bypassing Android 13 Restrictions with SecuriDropper
ThreatFabric discovers new droppers that drop Spyware and Banker malware variants Bypassing Android 13 restrictions.
👍9😱3
Usage of ispw, the Swiss Army Knife for iOS/MacOS security research
https://8ksec.io/ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research/
https://8ksec.io/ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research/
👍5👏1
Arid Viper | APT’s Nest of SpyC23 Malware Continues to Target Android Devices
https://www.sentinelone.com/labs/arid-viper-apts-nest-of-spyc23-malware-continues-to-target-android-devices/
https://www.sentinelone.com/labs/arid-viper-apts-nest-of-spyc23-malware-continues-to-target-android-devices/
SentinelOne
Arid Viper | APT’s Nest of SpyC23 Malware Continues to Target Android Devices
Hamas-aligned threat actor delivers spyware through weaponized apps posing as Telegram or Skipped messenger.
👍6🤔1
Pandora's box is now open: the well-known Mirai trojan arrives in a new disguise to Android-based TV sets and TV boxes (Tanix TX6 TV Box, MX10 Pro 6K, H96 MAX X3 and others)
https://news.drweb.com/show/?lng=en&i=14743https://news.drweb.com/show/?lng=en&i=14743
https://news.drweb.com/show/?lng=en&i=14743https://news.drweb.com/show/?lng=en&i=14743
Dr.Web
Dr.Web — innovative anti-virus technologies. Comprehensive protection from Internet threats.
Doctor Web is a Russian IT-security solutions vendor developing Dr.Web anti-virus for businesses and personal use, as well as anti-virus as a service since 1992.
👍4❤1😱1
Video tutorial on how to install rootless Kali NetHunter in 8 minutes on Android 13 and Android 14
https://www.youtube.com/watch?v=GmfM8VCAu-I
https://www.youtube.com/watch?v=GmfM8VCAu-I
YouTube
Kali Linux NetHunter install in 8 minutes (rootless) and includes Android 14
It's easy to install Kali Linux on your Android phone without rooting it. This is a rootless install that allows you to run Kali NetHunter as an app on your phone - I'll show you how to do this in 8 minutes.
IMPORTANT - if you have issues, please read the…
IMPORTANT - if you have issues, please read the…
❤13👍7
How to bypass root detection in Android flutter apps
https://shobi.dev/blog/2023-28-10-bypassing-root-detection-in-flutter-with-frida
https://shobi.dev/blog/2023-28-10-bypassing-root-detection-in-flutter-with-frida
shobi.dev
Bypassing Root detection in android flutter apps
As part of the security research I was doing for an app, I had to run it in the emulator which is by default rooted. The app of course had root detection enabled. Before I proceed further I had to figure out how to bypass the root detection from the app.…
👍13❤3
Run Kitchen Sink from Android app using 219 devices at once targeting iOS, Windows and Android & signal range comparison of BLE spam messages for Flipper Zero, Bluetooth LE Spam and nRF Connect apps
https://www.mobile-hacker.com/2023/11/08/android-kitchen-sink-send-ble-spam-to-ios-android-and-windows-at-once-using-android-app/
https://www.mobile-hacker.com/2023/11/08/android-kitchen-sink-send-ble-spam-to-ios-android-and-windows-at-once-using-android-app/
Mobile Hacker
Android Kitchen Sink: Send BLE spam to iOS, Android and Windows at once using Android app Mobile Hacker
The Kitchen Sink is a name of Bluetooth Low Energy (BLE) attack that sends random advertisement packets that targets iOS, Android, and Windows devices the same time in the vicinity. The attack is called “Kitchen Sink” because it tries to send every possible…
👍15❤3🔥2
Android malware spying on Urdu-speaking residents via a possible watering-hole attack
https://www.welivesecurity.com/en/eset-research/unlucky-kamran-android-malware-spying-urdu-speaking-residents-gilgit-baltistan/
https://www.welivesecurity.com/en/eset-research/unlucky-kamran-android-malware-spying-urdu-speaking-residents-gilgit-baltistan/
Welivesecurity
Unlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-Baltistan
ESET researchers discover Kamran, previously unknown malware, which spies on Urdu-speaking readers of Hunza News in the Gilgit-Baltistan region
👍6❤1
A step-by-step Android penetration testing guide for beginners
https://infosecwriteups.com/a-step-by-step-android-penetration-testing-guide-for-beginners-8435e5e969a3
https://infosecwriteups.com/a-step-by-step-android-penetration-testing-guide-for-beginners-8435e5e969a3
Medium
A step-by-step Android penetration testing guide for beginners
Greetings fellow hackers, my name is Sandy, Security Analyst and Bug bounty hunter.
👍26🕊2
Analysis of trojanized Skype App
https://slowmist.medium.com/fake-skype-app-phishing-analysis-35c1dc8bc515
https://slowmist.medium.com/fake-skype-app-phishing-analysis-35c1dc8bc515
Medium
Fake Skype App Phishing Analysis
Background
👍12
Flutter Reverse Engineering and Security Analysis
https://medium.com/@ostorlab/flutter-reverse-engineering-and-security-analysis-41433f5671f3
https://medium.com/@ostorlab/flutter-reverse-engineering-and-security-analysis-41433f5671f3
Medium
Flutter Reverse Engineering and Security Analysis
Flutter, developed by Google, is a widely-used cross-platform framework for mobile development that supports web and desktop application.
👍17❤1👎1
Z Camera Android app that was downloaded over 100,000,000 times from Google Play store contained several vulnerabilities such as server leak, SQLi, intent redirection
https://medium.com/@ostorlab/this-article-is-a-technical-deep-dive-showing-how-a-100m-installation-image-application-can-6343ce8ea076
https://medium.com/@ostorlab/this-article-is-a-technical-deep-dive-showing-how-a-100m-installation-image-application-can-6343ce8ea076
Medium
This article is a technical deep dive, showing how a 100M+ installation image application can…
In 2021, we reported a set of vulnerabilities to the Google AppStore team, which affected a popular Camera application called zCamera.
👍13👏3❤2
ZIP Exploitation: Critical Vulnerabilities Found in Popular Zip Libraries in Swift and Flutter
https://blog.ostorlab.co/zip-packages-exploitation.html
https://blog.ostorlab.co/zip-packages-exploitation.html
blog.ostorlab.co
Ostorlab: Mobile App Security Testing for Android and iOS
Recent in-depth investigations reveal serious vulnerabilities discovered in widely-used zip packages in Flutter and Swift, posing serious security risks for thousands of developers and applications. Our article delves into the technical aspects of these vulnerabilities…
👍10❤2
BLE spam but for adult toys
Using Flipper Zero or nRF Connect app, it is possible to send Bluetooth LE advertisement packets (without being paired) to adult toys in vicinity and make them all vibrate. It is also possible to start Denial of Pleasure by continuously broadcasting the stop packet
https://www.whid.ninja/blog/denial-of-pleasure-attacking-unusual-ble-targets-with-a-flipper-zero
Using Flipper Zero or nRF Connect app, it is possible to send Bluetooth LE advertisement packets (without being paired) to adult toys in vicinity and make them all vibrate. It is also possible to start Denial of Pleasure by continuously broadcasting the stop packet
https://www.whid.ninja/blog/denial-of-pleasure-attacking-unusual-ble-targets-with-a-flipper-zero
WHID - We Hack In Disguise
Denial of Pleasure: Attacking Unusual BLE Targets with a Flipper Zero
Become familiar with developing applications for Flipper Zero, which will be capable of activating adult toys all at once or completely inhibit their use for those within your range (i.e. Denial of Pleasure Attack).
🤣37😁9👍7🔥1