Mobile Banking Heists Report 2023: 29 Malware Families Targeting 1,800 Mobile Banking Apps

Mobile malware analysis for the BBC of TeaBot (Anatsa) banking trojan impersonating PDF AI: Add-On app
https://www.pentestpartners.com/security-blog/mobile-malware-analysis-for-the-bbc/

PoC to takeover Android using another Android by exploiting critical Bluetooth vulnerability to install Metasploit without proper Bluetooth pairing (CVE-2023-45866). It still affects Android 10 and bellow.
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/

Hunting for Android Privilege Escalation with a 32 Line Fuzzer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hunting-for-android-privilege-escalation-with-a-32-line-fuzzer/

Pakistan-based Threat Actor Targets Indians with Fake Loan Android Application
https://www.cyfirma.com/outofband/pakistan-based-threat-actor-targets-indians-with-fake-loan-android-application/

Android-based PAX Technology Point of Sale (POS) vulnerabilities
CVE-2023-42133 - Reserved
CVE-2023-42134 - Signed partition overwrite and subsequently local code execution as root via hidden bootloader command
CVE-2023-42135 - Local code execution as root via kernel parameter injection in fastboot
CVE-2023-42136 - Privilege escalation from any user/application to system user via shell injection binder-exposed service
CVE-2023-42137 - Privilege escalation from system/shell user to root via insecure operations in systool_server daemon
CVE-2023-4818 - Bootloader downgrade via improper tokenization
https://blog.stmcyber.com/pax-pos-cves-2023/

Android Deep Links & WebViews Exploitations Part I
https://medium.com/@justmobilesec/deep-links-webviews-exploitations-part-i-452e8aad124f

APK Obfucation Detection - detect code obfuscation through text classification in the detection process
https://github.com/liansecurityOS/apk-obfucation-detection

Buffer-overflow in Android native code — MobileHackingLab ‘Notekeeper’ Write-up
https://ajmal-moochingal.medium.com/buffer-overflow-in-android-native-code-mobilehackinglab-notekeeper-write-up-4e7764be3c2a

How to debug Android/iOS native library using GDB debugger?
https://medium.com/@shubhamsonani/how-to-debug-android-ios-native-library-using-gdb-debugger-d02c0e0341eb

Exploit released for Android local privilege elevation (root) impacts several OEMs (APEX key reuse vulnerability CVE-2023-45779)
Info: Devices contained at least one preinstalled APEX signed only with AOSP test keys, for which anyone can produce an update
Write-up: https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys.html
Exploit: https://github.com/metaredteam/rtx-cve-2023-45779

Complete guide on how Bluetooth and BLE works
It also includes source code for a server and client Android apps that demonstrate the communication
https://proandroiddev.com/android-bluetooth-and-ble-the-modern-way-a-complete-guide-4e95138998a0

Twelve Android apps containing VajraSpy RAT used by the Patchwork APT group. Six of these apps had previously been available on Google Play; together they reached over 1,400 installs
https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/

NetHunter Hacker XII: Master Social Engineering using SET
Explained SET attack vectors such as create e-mail template, site clone, credential harvester, mass mailer, Arduino attacks, web jacking attack.
Also how to fix common errors and attack prevention tips
https://www.mobile-hacker.com/2024/02/02/nethunter-hacker-xii-master-social-engineering-using-set/

Hacking a Smart Home Device
Reverse engineered an ESP32-based smart home device to gain remote control access and integrate it with Home Assistant
https://jmswrnr.com/blog/hacking-a-smart-home-device

Analysis of Android settings during a forensic investigation
https://blog.digital-forensics.it/2024/01/analysis-of-android-settings-during.html

MobSF Remote code execution (via CVE-2024-21633)
https://github.com/0x33c0unt/CVE-2024-21633

Commercial spyware companies are behind most zero-day exploits - discovered by Google
Blog: https://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/
PDF: https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Buying_Spying_-_Insights_into_Commercial_Surveillance_Vendors_-_TAG_report.pdf

Android Content Providers 101
https://www.pentestpartners.com/security-blog/android-content-providers-101/

Operation triangulation - Keychain module analysis
https://shindan.io/posts/keychain_module_analysis/

Google Play Protect will soon automatically block sideloading Android apps if they request one of these four permissions: RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility
https://security.googleblog.com/2024/02/piloting-new-ways-to-protect-Android-users-from%20financial-fraud.html