Pandora's box is now open: the well-known Mirai trojan arrives in a new disguise to Android-based TV sets and TV boxes (Tanix TX6 TV Box, MX10 Pro 6K, H96 MAX X3 and others)
https://news.drweb.com/show/?lng=en&i=14743https://news.drweb.com/show/?lng=en&i=14743
https://news.drweb.com/show/?lng=en&i=14743https://news.drweb.com/show/?lng=en&i=14743
Dr.Web
Dr.Web — innovative anti-virus technologies. Comprehensive protection from Internet threats.
Doctor Web is a Russian IT-security solutions vendor developing Dr.Web anti-virus for businesses and personal use, as well as anti-virus as a service since 1992.
👍4❤1😱1
Video tutorial on how to install rootless Kali NetHunter in 8 minutes on Android 13 and Android 14
https://www.youtube.com/watch?v=GmfM8VCAu-I
https://www.youtube.com/watch?v=GmfM8VCAu-I
YouTube
Kali Linux NetHunter install in 8 minutes (rootless) and includes Android 14
It's easy to install Kali Linux on your Android phone without rooting it. This is a rootless install that allows you to run Kali NetHunter as an app on your phone - I'll show you how to do this in 8 minutes.
IMPORTANT - if you have issues, please read the…
IMPORTANT - if you have issues, please read the…
❤13👍7
How to bypass root detection in Android flutter apps
https://shobi.dev/blog/2023-28-10-bypassing-root-detection-in-flutter-with-frida
https://shobi.dev/blog/2023-28-10-bypassing-root-detection-in-flutter-with-frida
shobi.dev
Bypassing Root detection in android flutter apps
As part of the security research I was doing for an app, I had to run it in the emulator which is by default rooted. The app of course had root detection enabled. Before I proceed further I had to figure out how to bypass the root detection from the app.…
👍13❤3
Run Kitchen Sink from Android app using 219 devices at once targeting iOS, Windows and Android & signal range comparison of BLE spam messages for Flipper Zero, Bluetooth LE Spam and nRF Connect apps
https://www.mobile-hacker.com/2023/11/08/android-kitchen-sink-send-ble-spam-to-ios-android-and-windows-at-once-using-android-app/
https://www.mobile-hacker.com/2023/11/08/android-kitchen-sink-send-ble-spam-to-ios-android-and-windows-at-once-using-android-app/
Mobile Hacker
Android Kitchen Sink: Send BLE spam to iOS, Android and Windows at once using Android app Mobile Hacker
The Kitchen Sink is a name of Bluetooth Low Energy (BLE) attack that sends random advertisement packets that targets iOS, Android, and Windows devices the same time in the vicinity. The attack is called “Kitchen Sink” because it tries to send every possible…
👍15❤3🔥2
Android malware spying on Urdu-speaking residents via a possible watering-hole attack
https://www.welivesecurity.com/en/eset-research/unlucky-kamran-android-malware-spying-urdu-speaking-residents-gilgit-baltistan/
https://www.welivesecurity.com/en/eset-research/unlucky-kamran-android-malware-spying-urdu-speaking-residents-gilgit-baltistan/
Welivesecurity
Unlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-Baltistan
ESET researchers discover Kamran, previously unknown malware, which spies on Urdu-speaking readers of Hunza News in the Gilgit-Baltistan region
👍6❤1
A step-by-step Android penetration testing guide for beginners
https://infosecwriteups.com/a-step-by-step-android-penetration-testing-guide-for-beginners-8435e5e969a3
https://infosecwriteups.com/a-step-by-step-android-penetration-testing-guide-for-beginners-8435e5e969a3
Medium
A step-by-step Android penetration testing guide for beginners
Greetings fellow hackers, my name is Sandy, Security Analyst and Bug bounty hunter.
👍26🕊2
Analysis of trojanized Skype App
https://slowmist.medium.com/fake-skype-app-phishing-analysis-35c1dc8bc515
https://slowmist.medium.com/fake-skype-app-phishing-analysis-35c1dc8bc515
Medium
Fake Skype App Phishing Analysis
Background
👍12
Flutter Reverse Engineering and Security Analysis
https://medium.com/@ostorlab/flutter-reverse-engineering-and-security-analysis-41433f5671f3
https://medium.com/@ostorlab/flutter-reverse-engineering-and-security-analysis-41433f5671f3
Medium
Flutter Reverse Engineering and Security Analysis
Flutter, developed by Google, is a widely-used cross-platform framework for mobile development that supports web and desktop application.
👍17❤1👎1
Z Camera Android app that was downloaded over 100,000,000 times from Google Play store contained several vulnerabilities such as server leak, SQLi, intent redirection
https://medium.com/@ostorlab/this-article-is-a-technical-deep-dive-showing-how-a-100m-installation-image-application-can-6343ce8ea076
https://medium.com/@ostorlab/this-article-is-a-technical-deep-dive-showing-how-a-100m-installation-image-application-can-6343ce8ea076
Medium
This article is a technical deep dive, showing how a 100M+ installation image application can…
In 2021, we reported a set of vulnerabilities to the Google AppStore team, which affected a popular Camera application called zCamera.
👍13👏3❤2
ZIP Exploitation: Critical Vulnerabilities Found in Popular Zip Libraries in Swift and Flutter
https://blog.ostorlab.co/zip-packages-exploitation.html
https://blog.ostorlab.co/zip-packages-exploitation.html
blog.ostorlab.co
Ostorlab: Mobile App Security Testing for Android and iOS
Recent in-depth investigations reveal serious vulnerabilities discovered in widely-used zip packages in Flutter and Swift, posing serious security risks for thousands of developers and applications. Our article delves into the technical aspects of these vulnerabilities…
👍10❤2
BLE spam but for adult toys
Using Flipper Zero or nRF Connect app, it is possible to send Bluetooth LE advertisement packets (without being paired) to adult toys in vicinity and make them all vibrate. It is also possible to start Denial of Pleasure by continuously broadcasting the stop packet
https://www.whid.ninja/blog/denial-of-pleasure-attacking-unusual-ble-targets-with-a-flipper-zero
Using Flipper Zero or nRF Connect app, it is possible to send Bluetooth LE advertisement packets (without being paired) to adult toys in vicinity and make them all vibrate. It is also possible to start Denial of Pleasure by continuously broadcasting the stop packet
https://www.whid.ninja/blog/denial-of-pleasure-attacking-unusual-ble-targets-with-a-flipper-zero
WHID - We Hack In Disguise
Denial of Pleasure: Attacking Unusual BLE Targets with a Flipper Zero
Become familiar with developing applications for Flipper Zero, which will be capable of activating adult toys all at once or completely inhibit their use for those within your range (i.e. Denial of Pleasure Attack).
🤣37😁9👍7🔥1
Part 2: Usage of ispw, the Swiss Army Knife for iOS/MacOS security research
https://8ksec.io/ipsw-walkthrough-part-2-the-swiss-army-knife-for-ios-macos-security-research/
https://8ksec.io/ipsw-walkthrough-part-2-the-swiss-army-knife-for-ios-macos-security-research/
👍13
Fake Android and iOS apps steal SMS and contacts in South Korea
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-and-ios-apps-steal-sms-and-contacts-in-south-korea/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-and-ios-apps-steal-sms-and-contacts-in-south-korea/
McAfee Blog
Fake Android and iOS apps steal SMS and contacts in South Korea | McAfee Blog
Authored by Dexter Shin Most people have smartphones these days which can be used to easily search for various topics of interest on the Internet. These
👍9🤔1
Tablet for kids (Dragon Touch KidzPad Y88X) contains malware
https://www.eff.org/deeplinks/2023/11/low-budget-should-not-mean-high-risk-kids-tablet-came-preloaded-sketchyware
https://www.eff.org/deeplinks/2023/11/low-budget-should-not-mean-high-risk-kids-tablet-came-preloaded-sketchyware
Electronic Frontier Foundation
Low Budget Should Not Mean High Risk: Kids' Tablet Came Preloaded with Sketchyware
It’s easy to get Android devices from online vendors like Amazon at different price points. Unfortunately, it is also easy to end up with an Android device with malware at these lower budgets. There
👍10😱5
Palera1n Jailbreak iOS 15.7.7 for Penetration Testing
https://medium.com/@jcngan97/palera1n-jailbreak-ios-15-7-7-for-penetration-testing-7645abd15724
https://medium.com/@jcngan97/palera1n-jailbreak-ios-15-7-7-for-penetration-testing-7645abd15724
Medium
Palera1n Jailbreak iOS 15.7.7 for Penetration Testing
While performing mobile application penetration testing, the app that you are testing might have a minimum OS version of iOS 15. With…
👍14❤2👎2👏1
Social engineering attacks lure Indian users to install Android banking trojans
https://www.microsoft.com/en-us/security/blog/2023/11/20/social-engineering-attacks-lure-indian-users-to-install-android-banking-trojans/
https://www.microsoft.com/en-us/security/blog/2023/11/20/social-engineering-attacks-lure-indian-users-to-install-android-banking-trojans/
Microsoft Security Blog
Social engineering attacks lure Indian users to install Android banking trojans | Microsoft Security Blog
Mobile banking trojan campaigns targeting users in India impersonate legitimate orgs and steal users’ information for financial fraud scams.
🔥14👍4👏2👎1
Nothing Chats app, the Sunbird-based iMessage app, is a privacy nightmare with unencrypted messages and images
https://9to5google.com/2023/11/18/nothing-chats-sunbird-unencrypted-data-privacy-nightmare/
https://9to5google.com/2023/11/18/nothing-chats-sunbird-unencrypted-data-privacy-nightmare/
9to5Google
Nothing Chats, the Sunbird-based iMessage app, is a privacy nightmare with unencrypted messages and images
The Nothing Chats app, powered by Sunbird, promises encrypted iMessage for Android, but it's literally a privacy nightmare.
🔥9😁8👍1
Intercepting Flutter Based Application Traffic Using iptables
https://krushnalipane.medium.com/intercepting-flutter-based-application-traffic-using-iptables-da0f67064944
https://krushnalipane.medium.com/intercepting-flutter-based-application-traffic-using-iptables-da0f67064944
Medium
Intercepting Flutter Based Application Traffic Using iptables
Flutter, created by Google, has emerged as a popular open-source framework for building natively compiled applications for mobile, web, and desktop from a single codebase. However, with great power…
👍21❤4🔥2
NetHunter Hacker XI: Bluetooth arsenal
https://www.mobile-hacker.com/2023/11/28/nethunter-hacker-xi-bluetooth-arsenal/
https://www.mobile-hacker.com/2023/11/28/nethunter-hacker-xi-bluetooth-arsenal/
Mobile Hacker
NetHunter Hacker XI: Bluetooth arsenal Mobile Hacker
Bluetooth technology has become an integral part of our daily lives, from connecting our smartphones to our cars and headphones to sharing files between devices. However, as with any wireless technology, Bluetooth is vulnerable to hacking attempts. In this…
👍17
Unveiling the Persisting Threat: Iranian Mobile Banking Malware Campaign Extends Its Reach
https://www.zimperium.com/blog/unveiling-the-persisting-threat-iranian-mobile-banking-malware-campaign-extends-its-reach
https://www.zimperium.com/blog/unveiling-the-persisting-threat-iranian-mobile-banking-malware-campaign-extends-its-reach
Zimperium
Iranian Mobile Banking Malware Campaign Threat Continues | Zimperium
true
👍13👏1
BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses allow certain man-in-the-middle attacks and live injection (CVE-2023-24023)
https://francozappa.github.io/post/2023/bluffs-ccs23/
https://francozappa.github.io/post/2023/bluffs-ccs23/
Daniele Antonioli
BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses | Daniele Antonioli
Breaking and fixing the Bluetooth standard. One More Time.
Paper
Slides
Toolkit
CVE-2023-24023
BT SIG note
Paper
Slides
Toolkit
CVE-2023-24023
BT SIG note
👍15