New WiFi authentication vulnerabilities discovered affecting Android, ChromeOS and Linux devices
CVE-2023-52160 (“Phase-2 bypass”): This vulnerability can be exploited by an attacker to deceive the victim into connecting to a fake Wi-Fi network set up by the adversary. Once connected, the attacker can intercept and monitor the victim’s network traffic
CVE-2023-52161 (“4-way bypass”): It allows an adversary to gain full access to an existing protected WiFi network, exposing existing users and devices
PoC exploit is not available.
https://www.top10vpn.com/research/wifi-vulnerabilities/
CVE-2023-52160 (“Phase-2 bypass”): This vulnerability can be exploited by an attacker to deceive the victim into connecting to a fake Wi-Fi network set up by the adversary. Once connected, the attacker can intercept and monitor the victim’s network traffic
CVE-2023-52161 (“4-way bypass”): It allows an adversary to gain full access to an existing protected WiFi network, exposing existing users and devices
PoC exploit is not available.
https://www.top10vpn.com/research/wifi-vulnerabilities/
Top10Vpn
New WiFi Authentication Vulnerabilities Discovered
Two new WiFi vulnerabilities allow hackers to trick you into connecting to fake hotspots and steal your data, and join secure networks without the password.
❤13👏5👍4🔥2
Ghost files in the shared preferences
https://valsamaras.medium.com/ghost-files-in-the-shared-preferences-8d75226c23c0
https://valsamaras.medium.com/ghost-files-in-the-shared-preferences-8d75226c23c0
Medium
Ghost files in the shared preferences
Have you ever encountered an exceptionally clever bug, only to be thwarted by an unforeseen obstacle just moments before exploiting it…
👍13
Anatsa (TeaBot) Android Trojan Returns: Targeting Europe and Expanding Its Reach
Trojan reached on Google Play 10,000 installs, impersonating Phone Cleaner app.
The current campaign involves five droppers with over 100,000 total installations
https://www.threatfabric.com/blogs/anatsa-trojan-returns-targeting-europe-and-expanding-its-reach
Trojan reached on Google Play 10,000 installs, impersonating Phone Cleaner app.
The current campaign involves five droppers with over 100,000 total installations
https://www.threatfabric.com/blogs/anatsa-trojan-returns-targeting-europe-and-expanding-its-reach
ThreatFabric
Anatsa Trojan Returns: Targeting Europe and Expanding Its Reach
The Anatsa trojan returns, targeting Europe while expanding its reach.
🔥8👍3❤2🥱2😁1🤔1
Android file wiper implemented in native library as part of malware campaign
https://harfanglab.io/en/insidethelab/samecoin-malware-hamas/
https://harfanglab.io/en/insidethelab/samecoin-malware-hamas/
🥱9❤1👍1🔥1
Auto DNS poisoning
While charging Android smartphone via computer it is possible to perform automated and even remotely controlled DNS poisoning without any user interaction
Blog and video explains how it works, when it doesn't work and how to prevent it
https://www.mobile-hacker.com/2024/02/20/automated-dns-poisoning-using-android-while-charging-via-computer/
While charging Android smartphone via computer it is possible to perform automated and even remotely controlled DNS poisoning without any user interaction
Blog and video explains how it works, when it doesn't work and how to prevent it
https://www.mobile-hacker.com/2024/02/20/automated-dns-poisoning-using-android-while-charging-via-computer/
Mobile Hacker
Automated local DNS cache poisoning using Android while charging via computer Mobile Hacker
I will delve into using Android smartphone while charging from computer to perform automated DNS poisoning attack without any user interaction. I go through its results, downsides and effective prevention tips.
👍14❤4🤯4
Analysis of Android HookBot malware
HookBot analysis: https://cebrf.knf.gov.pl/komunikaty/artykuly-csirt-knf/362-ostrzezenia/858-hookbot-a-new-mobile-malware
HookBot full report: https://cebrf.knf.gov.pl/images/HOOKBOT_CSIRT_KNF_ENG.pdf
HookBuilder analysis: https://cebrf.knf.gov.pl/images/Hookbot_Builder_-_Analyze_CSIRT_KNF.pdf
HookBot analysis: https://cebrf.knf.gov.pl/komunikaty/artykuly-csirt-knf/362-ostrzezenia/858-hookbot-a-new-mobile-malware
HookBot full report: https://cebrf.knf.gov.pl/images/HOOKBOT_CSIRT_KNF_ENG.pdf
HookBuilder analysis: https://cebrf.knf.gov.pl/images/Hookbot_Builder_-_Analyze_CSIRT_KNF.pdf
👍9
Android Deep Links & WebViews Exploitations Part II
https://medium.com/@justmobilesec/deep-links-webviews-exploitations-part-ii-5c0b118ec6f1
https://medium.com/@justmobilesec/deep-links-webviews-exploitations-part-ii-5c0b118ec6f1
Medium
Deep Links & WebViews Exploitations Part II
TLDR: This post is the second of a two-part series covering Deep Links & WebViews Exploitations. This article focuses on Deep Links. It…
👍15
NetHunter Hacker XIV: Find exploits using SearchSploit and setup Wi-Fi Pineapple connector
https://www.mobile-hacker.com/2024/02/27/nethunter-hacker-xiv-find-exploits-using-searchsploit-and-setup-wi-fi-pineapple-connector/
https://www.mobile-hacker.com/2024/02/27/nethunter-hacker-xiv-find-exploits-using-searchsploit-and-setup-wi-fi-pineapple-connector/
Mobile Hacker
NetHunter Hacker XIV: Find exploits using SearchSploit and setup Wi-Fi Pineapple connector Mobile Hacker
SearchSploit is a powerful command-line tool that is part of the NetHunter system, developed by Offensive Security. It is designed to help security professionals and penetration testers search for known vulnerabilities in software by leveraging a comprehensive…
👍14❤6🥰1
NetHunter Hacker XV: Use Nmap for network scanning
Nmap can also reveal open ports of file manager apps that are running local file sharing servers to allow local attacker to access files on device (video)
https://www.mobile-hacker.com/2024/03/01/nethunter-hacker-xv-use-nmap-for-network-scanning/
Nmap can also reveal open ports of file manager apps that are running local file sharing servers to allow local attacker to access files on device (video)
https://www.mobile-hacker.com/2024/03/01/nethunter-hacker-xv-use-nmap-for-network-scanning/
Mobile Hacker
NetHunter Hacker XV: Use Nmap for network scanning
Besides explaining NetHunter’s nmap user interface and its usage, we will take one extra step further to actually demonstrate its functionality on our router to search for open ports and known vulnerabilities.
👍21🤓2❤1
Unveiling iOS Vulnerabilities: A Deep Dive into Attacking iOS system
https://blog.devsecopsguides.com/attacking-ios
https://blog.devsecopsguides.com/attacking-ios
Devsecopsguides
Attacking IOS
In this comprehensive guide, we delve into the world of iOS security from an offensive perspective, shedding light on the various techniques and methodologies used by attackers to compromise iOS devices and infiltrate their sensitive data.
👍12❤2🤓2
On-Device Fraud on the rise: exposing a recent Android Copybara fraud campaign
https://www.cleafy.com/cleafy-labs/on-device-fraud-on-the-rise-exposing-a-recent-copybara-fraud-campaign
https://www.cleafy.com/cleafy-labs/on-device-fraud-on-the-rise-exposing-a-recent-copybara-fraud-campaign
Cleafy
On-Device Fraud on the rise: exposing a recent Copybara fraud campaign | Cleafy Labs
Uncover the persistent threat of Account Takeover (ATO) and the emerging challenge of On-Device Fraud (ODF) in online banking. Learn how advanced Android banking trojans Copybara enable remote-controlled attacks and explore the tactics of threat actors, from…
👍10🔥4
AndroidDriveSignity: a Python utility designed to bypass driver signature verification in Android kernel(ARMv8.3), facilitating the loading of custom drivers
https://github.com/gmh5225/AndroidDriveSignity
https://github.com/gmh5225/AndroidDriveSignity
GitHub
GitHub - gmh5225/AndroidDriveSignity: AndroidDriveSignity is a Python utility designed to bypass driver signature verification…
AndroidDriveSignity is a Python utility designed to bypass driver signature verification in Android kernel(ARMv8.3), facilitating the loading of custom drivers - gmh5225/AndroidDriveSignity
👍12👻1
NetHunter now supports #BadBluetooth HID attacks to inject keystrokes wirelessly
It is also possible to modify spoofed Bluetooth device class ID to visually mimick any device, no just a keyboard
https://www.mobile-hacker.com/2024/03/06/kali-nethunter-now-supports-bad-bluetooth-hid-attacks-to-inject-keystrokes-wirelessly/
It is also possible to modify spoofed Bluetooth device class ID to visually mimick any device, no just a keyboard
https://www.mobile-hacker.com/2024/03/06/kali-nethunter-now-supports-bad-bluetooth-hid-attacks-to-inject-keystrokes-wirelessly/
Mobile Hacker
Kali NetHunter now supports Bad Bluetooth HID attacks to inject keystrokes wirelessly
This technique allows to impersonate any Bluetooth device and inject keystrokes that allows an attacker to open unwanted website, install malware or lockout user from the smartphone. Further I will explain how Bad Bluetooth attacks work, how they can be carry…
👍11🔥3
Bypassing the "run-as" debuggability check on Android via newline injection (CVE-2024-0044)
Attack scenario: A local attacker with ADB shell access to an Android 12 or 13 device with Developer Mode enabled can exploit the vulnerability to run code in the context of any non-system-UID app. From there, the attacker can do anything the app can, like access its private data files or read the credentials it’s stored in AccountManager
https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html
Attack scenario: A local attacker with ADB shell access to an Android 12 or 13 device with Developer Mode enabled can exploit the vulnerability to run code in the context of any non-system-UID app. From there, the attacker can do anything the app can, like access its private data files or read the credentials it’s stored in AccountManager
https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html
Meta Red Team X
Bypassing the “run-as” debuggability check on Android via newline injection
An attacker with ADB access to an Android device can trick the “run-as” tool into believing any app is debuggable. By doing so, they can read and write private data and invoke system APIs as if they were most apps on the system—including many privileged apps…
👍11🔥2
Android and Windows RATs Distributed Via Online Meeting Lures
https://www.zscaler.com/blogs/security-research/android-and-windows-rats-distributed-online-meeting-lures
https://www.zscaler.com/blogs/security-research/android-and-windows-rats-distributed-online-meeting-lures
Zscaler
RATs Distributed Through Skype, Zoom, & Google Meet Lures
Threat actors are creating and using fake Skype, Zoom, and Google Meet pages to spread RATs.
👍10
Delving into Dalvik: A Look Into DEX Files
https://www.mandiant.com/resources/blog/dalvik-look-into-dex-files
https://www.mandiant.com/resources/blog/dalvik-look-into-dex-files
Google Cloud Blog
Delving into Dalvik: A Look Into DEX Files | Google Cloud Blog
Insight into the Dalvik Executable file format, how it is constructed, and how it can be altered to make analysis easier.
👍14❤3
Forwarded from The Bug Bounty Hunter
Code injection on Android without ptrace
https://erfur.github.io/blog/dev/code-injection-without-ptrace
https://erfur.github.io/blog/dev/code-injection-without-ptrace
erfur's bits and pieces
Code injection on Android without ptrace
👍20❤1
Analysis of an Android Malware-as-a-Service Operation (Coper aka Octo banking Trojan)
https://www.team-cymru.com/post/coper-octo-a-conductor-for-mobile-mayhem-with-eight-limbs
https://www.team-cymru.com/post/coper-octo-a-conductor-for-mobile-mayhem-with-eight-limbs
Team-Cymru
Coper / Octo - A Conductor for Mobile Mayhem | Team Cymru
Explore Coper/Octo, an Android malware-as-a-service evolved from Exobot, targeting users globally with remote access, keylogging, and SMS interception. Contact us.
👍16🎉4
Analyze Android apps for security risks in Termux using APKDeepLens
-analyze downloaded or installed apps on device
-scan APKs on the go
-edit the noscript for custom needs
-works on any non-rooted Android
https://www.mobile-hacker.com/2024/03/11/analyze-installed-android-applications-for-security-risks-in-termux/
-analyze downloaded or installed apps on device
-scan APKs on the go
-edit the noscript for custom needs
-works on any non-rooted Android
https://www.mobile-hacker.com/2024/03/11/analyze-installed-android-applications-for-security-risks-in-termux/
Mobile Hacker
Analyze installed Android applications for security risks in Termux
I will show you how to install and run it on non-rooted Android device using Termux app. This brings convenience of analyzing Android apps directly on device
👍15
Attack spectrum present in Android environments
https://blog.devsecopsguides.com/attacking-android
https://blog.devsecopsguides.com/attacking-android
Devsecopsguides
Attacking Android
In this comprehensive guide, we delve into the world of Android security from an offensive perspective, shedding light on the various techniques and methodologies used by attackers to compromise Android devices and infiltrate their sensitive data.
👍10🥱8
The State of Stalkerware in 2023
https://securelist.com/state-of-stalkerware-2023/112135/
Full report: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/03/07160820/The-State-of-Stalkerware-in-2023.pdf
https://securelist.com/state-of-stalkerware-2023/112135/
Full report: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/03/07160820/The-State-of-Stalkerware-in-2023.pdf
Securelist
Kaspersky 2023 report on stalkerware
In this report, Kaspersky shares statistics on stalkerware detections, as well as insights into the impact of digital stalking in 2023 and the beginning of 2024, and advice for those affected.
👍8