On-Device Fraud on the rise: exposing a recent Android Copybara fraud campaign
https://www.cleafy.com/cleafy-labs/on-device-fraud-on-the-rise-exposing-a-recent-copybara-fraud-campaign
https://www.cleafy.com/cleafy-labs/on-device-fraud-on-the-rise-exposing-a-recent-copybara-fraud-campaign
Cleafy
On-Device Fraud on the rise: exposing a recent Copybara fraud campaign | Cleafy Labs
Uncover the persistent threat of Account Takeover (ATO) and the emerging challenge of On-Device Fraud (ODF) in online banking. Learn how advanced Android banking trojans Copybara enable remote-controlled attacks and explore the tactics of threat actors, from…
👍10🔥4
AndroidDriveSignity: a Python utility designed to bypass driver signature verification in Android kernel(ARMv8.3), facilitating the loading of custom drivers
https://github.com/gmh5225/AndroidDriveSignity
https://github.com/gmh5225/AndroidDriveSignity
GitHub
GitHub - gmh5225/AndroidDriveSignity: AndroidDriveSignity is a Python utility designed to bypass driver signature verification…
AndroidDriveSignity is a Python utility designed to bypass driver signature verification in Android kernel(ARMv8.3), facilitating the loading of custom drivers - gmh5225/AndroidDriveSignity
👍12👻1
NetHunter now supports #BadBluetooth HID attacks to inject keystrokes wirelessly
It is also possible to modify spoofed Bluetooth device class ID to visually mimick any device, no just a keyboard
https://www.mobile-hacker.com/2024/03/06/kali-nethunter-now-supports-bad-bluetooth-hid-attacks-to-inject-keystrokes-wirelessly/
It is also possible to modify spoofed Bluetooth device class ID to visually mimick any device, no just a keyboard
https://www.mobile-hacker.com/2024/03/06/kali-nethunter-now-supports-bad-bluetooth-hid-attacks-to-inject-keystrokes-wirelessly/
Mobile Hacker
Kali NetHunter now supports Bad Bluetooth HID attacks to inject keystrokes wirelessly
This technique allows to impersonate any Bluetooth device and inject keystrokes that allows an attacker to open unwanted website, install malware or lockout user from the smartphone. Further I will explain how Bad Bluetooth attacks work, how they can be carry…
👍11🔥3
Bypassing the "run-as" debuggability check on Android via newline injection (CVE-2024-0044)
Attack scenario: A local attacker with ADB shell access to an Android 12 or 13 device with Developer Mode enabled can exploit the vulnerability to run code in the context of any non-system-UID app. From there, the attacker can do anything the app can, like access its private data files or read the credentials it’s stored in AccountManager
https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html
Attack scenario: A local attacker with ADB shell access to an Android 12 or 13 device with Developer Mode enabled can exploit the vulnerability to run code in the context of any non-system-UID app. From there, the attacker can do anything the app can, like access its private data files or read the credentials it’s stored in AccountManager
https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html
Meta Red Team X
Bypassing the “run-as” debuggability check on Android via newline injection
An attacker with ADB access to an Android device can trick the “run-as” tool into believing any app is debuggable. By doing so, they can read and write private data and invoke system APIs as if they were most apps on the system—including many privileged apps…
👍11🔥2
Android and Windows RATs Distributed Via Online Meeting Lures
https://www.zscaler.com/blogs/security-research/android-and-windows-rats-distributed-online-meeting-lures
https://www.zscaler.com/blogs/security-research/android-and-windows-rats-distributed-online-meeting-lures
Zscaler
RATs Distributed Through Skype, Zoom, & Google Meet Lures
Threat actors are creating and using fake Skype, Zoom, and Google Meet pages to spread RATs.
👍10
Delving into Dalvik: A Look Into DEX Files
https://www.mandiant.com/resources/blog/dalvik-look-into-dex-files
https://www.mandiant.com/resources/blog/dalvik-look-into-dex-files
Google Cloud Blog
Delving into Dalvik: A Look Into DEX Files | Google Cloud Blog
Insight into the Dalvik Executable file format, how it is constructed, and how it can be altered to make analysis easier.
👍14❤3
Forwarded from The Bug Bounty Hunter
Code injection on Android without ptrace
https://erfur.github.io/blog/dev/code-injection-without-ptrace
https://erfur.github.io/blog/dev/code-injection-without-ptrace
erfur's bits and pieces
Code injection on Android without ptrace
👍20❤1
Analysis of an Android Malware-as-a-Service Operation (Coper aka Octo banking Trojan)
https://www.team-cymru.com/post/coper-octo-a-conductor-for-mobile-mayhem-with-eight-limbs
https://www.team-cymru.com/post/coper-octo-a-conductor-for-mobile-mayhem-with-eight-limbs
Team-Cymru
Coper / Octo - A Conductor for Mobile Mayhem | Team Cymru
Explore Coper/Octo, an Android malware-as-a-service evolved from Exobot, targeting users globally with remote access, keylogging, and SMS interception. Contact us.
👍16🎉4
Analyze Android apps for security risks in Termux using APKDeepLens
-analyze downloaded or installed apps on device
-scan APKs on the go
-edit the noscript for custom needs
-works on any non-rooted Android
https://www.mobile-hacker.com/2024/03/11/analyze-installed-android-applications-for-security-risks-in-termux/
-analyze downloaded or installed apps on device
-scan APKs on the go
-edit the noscript for custom needs
-works on any non-rooted Android
https://www.mobile-hacker.com/2024/03/11/analyze-installed-android-applications-for-security-risks-in-termux/
Mobile Hacker
Analyze installed Android applications for security risks in Termux
I will show you how to install and run it on non-rooted Android device using Termux app. This brings convenience of analyzing Android apps directly on device
👍15
Attack spectrum present in Android environments
https://blog.devsecopsguides.com/attacking-android
https://blog.devsecopsguides.com/attacking-android
Devsecopsguides
Attacking Android
In this comprehensive guide, we delve into the world of Android security from an offensive perspective, shedding light on the various techniques and methodologies used by attackers to compromise Android devices and infiltrate their sensitive data.
👍10🥱8
The State of Stalkerware in 2023
https://securelist.com/state-of-stalkerware-2023/112135/
Full report: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/03/07160820/The-State-of-Stalkerware-in-2023.pdf
https://securelist.com/state-of-stalkerware-2023/112135/
Full report: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/03/07160820/The-State-of-Stalkerware-in-2023.pdf
Securelist
Kaspersky 2023 report on stalkerware
In this report, Kaspersky shares statistics on stalkerware detections, as well as insights into the impact of digital stalking in 2023 and the beginning of 2024, and advice for those affected.
👍8
Write-up and PoC kernel exploit affecting Pixel 7/8 Pro running Android 14 targeting Mali GPU
https://github.com/0x36/Pixel_GPU_Exploit
https://github.com/0x36/Pixel_GPU_Exploit
GitHub
GitHub - 0x36/Pixel_GPU_Exploit: Android 14 kernel exploit for Pixel7/8 Pro
Android 14 kernel exploit for Pixel7/8 Pro. Contribute to 0x36/Pixel_GPU_Exploit development by creating an account on GitHub.
😱12👍6
LTair: The LTE Air Interface Tool
https://research.nccgroup.com/2024/03/14/ltair-the-lte-air-interface-tool/
https://research.nccgroup.com/2024/03/14/ltair-the-lte-air-interface-tool/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
🔥25👍3
Android Phishing Scam Using Malware-as-a-Service on the Rise in India
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/android-phishing-scam-using-malware-as-a-service-on-the-rise-in-india/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/android-phishing-scam-using-malware-as-a-service-on-the-rise-in-india/
McAfee Blog
Android Phishing Scam Using Malware-as-a-Service on the Rise in India | McAfee Blog
Authored by ZePeng Chen and Wenfeng Yu McAfee Mobile Research Team has observed an active scam malware campaign targeting Android users in India. This
👍12
A vulnerability (CVE-2023-6241) in the Arm Mali GPU to gain arbitrary kernel code execution from an untrusted app on a Pixel 8 with MTE enabled
https://github.blog/2024-03-18-gaining-kernel-code-execution-on-an-mte-enabled-pixel-8/
https://github.blog/2024-03-18-gaining-kernel-code-execution-on-an-mte-enabled-pixel-8/
The GitHub Blog
Gaining kernel code execution on an MTE-enabled Pixel 8
In this post, I’ll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that allows a malicious app to gain arbitrary kernel code execution and root on an Android phone. I’ll show how this vulnerability can be exploited even when Memory Tagging Extension…
👍9
Analysis of suspicious SMS that leads to install Android malware
https://labs.k7computing.com/index.php/suspicious-text-messages-alert/
https://labs.k7computing.com/index.php/suspicious-text-messages-alert/
K7 Labs
Suspicious Text Messages Alert
Cybercriminals are targeting the users with sophisticated fake apps that can steal your hard-earned money. These messages can appear convincingly […]
🔥10👍3
The complexity of reversing Flutter applications
https://www.fortiguard.com/events/5403/nullcon-berlin-2024-the-complexity-of-reversing-flutter-applications
[slides] https://filestore.fortinet.com/fortiguard/research/nullcon.pdf
https://www.fortiguard.com/events/5403/nullcon-berlin-2024-the-complexity-of-reversing-flutter-applications
[slides] https://filestore.fortinet.com/fortiguard/research/nullcon.pdf
FortiGuard Labs
Publications | FortiGuard Labs
Flutter is a cross-platform application development platform. With the same codebase, developers write and compile native applications for Android,...
👍9
[Questionnaire] We are writing here to get some insights from dedicated malware analysis experts. We are a group of experienced researchers, and we developed a state-of-the-art sandbox for Android malware. We are absolutely convinced that it makes sense to bring this technology to the market, but we need to picture your biggest sandbox needs in your daily work. The idea is to grasp what are, in your eyes, the must-haves of a sandbox. Our goal is to shape the product accordingly and make it available in the forthcoming months/next few months. To this end, we prepared a quick (approximately 15-minutes) questionnaire, and it would really mean a lot to us if you could share your valuable feedback. Thanks to this, we hope to offer you soon a gain of efficiency, time and energy in your job.
Questionnaire: https://forms.gle/qJ9ck8UH5WQK6jAZ8
Questionnaire: https://forms.gle/qJ9ck8UH5WQK6jAZ8
Google Docs
Android Sandboxes: Malware Analysts' Expectations & Needs
Hello!
Thank you very much for taking the time to answer this survey. We really appreciate it!
We are a group of security researchers developing a new Android malware sandbox.
Our objective is to understand what you, as a security professional, expect from…
Thank you very much for taking the time to answer this survey. We really appreciate it!
We are a group of security researchers developing a new Android malware sandbox.
Our objective is to understand what you, as a security professional, expect from…
🔥13👍4❤3🥰2👏1
Android crimeware reports on Tambir, Dwphon and Gigabud malware families
https://securelist.com/crimeware-report-android-malware/112121/
https://securelist.com/crimeware-report-android-malware/112121/
Securelist
Kaspersky crimeware report: Android malware
In this report, we share our latest Android malware findings: the Tambir spyware, Dwphon downloader and Gigabud banking Trojan.
👍12🤔1
Oversecured published vulnerability scan reports for 225 Google-owned apps
https://blog.oversecured.com/Oversecured-Apps-Care-Part-1-Vulnerability-disclosure-of-225-Google-apps/
https://blog.oversecured.com/Oversecured-Apps-Care-Part-1-Vulnerability-disclosure-of-225-Google-apps/
News, Techniques & Guides
Oversecured Apps Care. Part 1: Vulnerability disclosure of 225 Google apps
❤16👍2
Bluetooth vulnerability allows unauthorized user to record & play audio on Bluetooth speaker via #BlueSpy
Prevention section explains how you can check if your Bluetooth LE speakers/headsets are vulnerable to this attack using nRF Connect app
https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/
Prevention section explains how you can check if your Bluetooth LE speakers/headsets are vulnerable to this attack using nRF Connect app
https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/
Mobile Hacker
Bluetooth vulnerability allows unauthorized user to record and play audio on Bluetooth speakers
This critical security issue allows third party user to record audio from Bluetooth speaker with built-in microphone in vicinity, even when it is already paired and connected with another device. This can result in eavesdropping on private conversations using…
👏16👍8❤2