Fake Antivirus app found on Google Play
https://twitter.com/virqdroid/status/1150757620703203329
https://twitter.com/virqdroid/status/1150757620703203329
Twitter
Nikolaos Chrysaidos
Searching for 17 strings (mix of package names and activities) doesn't make you an AV. There's much more work^3 behind a real AV. Plus no update mechanism. #Trashapps in @GooglePlay | #fakeapp
Android Spy spreads in Israel 🇮🇱 via Facebook page
https://twitter.com/IdoNaor1/status/1150818794597703681?s=19
APK sample: https://beta.virusbay.io/sample/browse/895fffe1afc16b2c9836a00f82028282
https://twitter.com/IdoNaor1/status/1150818794597703681?s=19
APK sample: https://beta.virusbay.io/sample/browse/895fffe1afc16b2c9836a00f82028282
Twitter
Ido Naor
Last year, an unknown actor distributed phishing via @wallamail, that infected Israeli victims with a crafted @ScreenConnect implant. Same actor now returns to a 2nd round via Fb: An APK wrapped with #RevCode WebMonitor (recently covered by @briankrebs -…
Subnoscription scam app found on Google Play
https://blog.avast.com/avast-researcher-finds-apparent-android-app-scam
https://blog.avast.com/avast-researcher-finds-apparent-android-app-scam
Avast
Avast researcher finds apparent Android app scam
Researchers at Avast are warning Android customers about an app called Number Finder, which tests suggest is a subnoscription scam.
Unofficial Telegram App Secretly Loads Infinite Malicious Sites
MobonoGram 2019 app was downloaded more than 100,000 times and performed adfraud clicks.
https://www.symantec.com/blogs/threat-intelligence/unofficial-telegram-app-malicious-sites
MobonoGram 2019 app was downloaded more than 100,000 times and performed adfraud clicks.
https://www.symantec.com/blogs/threat-intelligence/unofficial-telegram-app-malicious-sites
Attackers Can Manipulate Your WhatsApp and Telegram Media Files
"Media File Jacking" flaw affects WhatsApp and Telegram for Android
https://www.symantec.com/blogs/expert-perspectives/symantec-mobile-threat-defense-attackers-can-manipulate-your-whatsapp-and-telegram-media
"Media File Jacking" flaw affects WhatsApp and Telegram for Android
https://www.symantec.com/blogs/expert-perspectives/symantec-mobile-threat-defense-attackers-can-manipulate-your-whatsapp-and-telegram-media
Security
Symantec Mobile Threat: Attackers Can Manipulate Your WhatsApp and Telegram Media Files
New research by Symantec reveals a Media File Jacking flaw affecting WhatsApp and Telegram for Android
Hacking into Tinder’s Premium Model
Vulnerability in Tinder API allows user to see photo of person that already liked you without premium model.
Tinder responded: We are aware and we choose to not take any action.
https://medium.com/@sansyrox/hacking-tinders-premium-model-43f9f699d44
Vulnerability in Tinder API allows user to see photo of person that already liked you without premium model.
Tinder responded: We are aware and we choose to not take any action.
https://medium.com/@sansyrox/hacking-tinders-premium-model-43f9f699d44
Medium
Hacking into Tinder’s Premium Model
In this blog, I’ll be talking about how we can bypass the tinder’s premium service and convert likes into matches through a vulnerability…
Android banking Trojan - Riltok - spreads in France 🇫🇷 through SMS as fake Leboncoin
https://twitter.com/benkow_/status/1151047351341072385
https://twitter.com/benkow_/status/1151047351341072385
Twitter
Benkøw moʞuƎq
#Riltok android banker still spreaded heavily in France by SMS. Dropzone : m-leboncoin. com
Stalkerware apps found on Google Play
https://twitter.com/virqdroid/status/1151111407284473861
Article: https://blog.avast.com/avast-identifies-stalker-apps
https://twitter.com/virqdroid/status/1151111407284473861
Article: https://blog.avast.com/avast-identifies-stalker-apps
Twitter
Stalking apps in @GooglePlay. Four apps, the same developer. Install it to your employee/kid etc and track the location, collect contacts, SMS & call history. If the phone is rooted you can also collect WhatsApp/Viber messages.
Those shouldn't exist on Google…
Those shouldn't exist on Google…
HiddenAds Trojan found on Google Play in "beauty selfie" app with 10K+ installs
https://twitter.com/s_metanka/status/1151106094267273217
https://twitter.com/s_metanka/status/1151106094267273217
Twitter
smtnk
Icon-hiding #Android #Adware 10,000+ installs https://t.co/0TLCIEWl6k @GooglePlay
Exploiting SSL Vulnerabilities in Mobile AppsHow an attacker can exploit a vulnerable app’s broken SSL implementation and intercept cleartext HTTPS traffic – without the victim having installed any CA Certificates or accepting any additional untrusted certificates.
https://www.allysonomalley.com/2019/07/15/exploiting-ssl-vulnerabilities-in-mobile-apps/
allysonomalley.com
Exploiting SSL Vulnerabilities in Mobile Apps
This post is an overview of a mobile app MitM vulnerability I’ve found several times in the real world. I’ll explain how an attacker can exploit a vulnerable app’s broken SSL impl…
Kali NetHunter App Store
The New Android Store Dedicated to Free Security Apps based on F-Droid
https://www.offensive-security.com/kali-nethunter/kali-nethunter-app-store/
The New Android Store Dedicated to Free Security Apps based on F-Droid
https://www.offensive-security.com/kali-nethunter/kali-nethunter-app-store/
Google Banned Major Chinese App Developer CooTek From The Play Store And Its Ad Platforms
CooTek, based in Shanghai, had hundreds of Android apps in the Play store. More than 60 of its apps have been removed from the Play store, and CooTek is now completely banned from Google’s lucrative ad platforms.
CooTek is the second major Chinese app developer to receive a ban by Google this year.
https://www.buzzfeednews.com/article/craigsilverman/google-banned-cootek-adware
CooTek, based in Shanghai, had hundreds of Android apps in the Play store. More than 60 of its apps have been removed from the Play store, and CooTek is now completely banned from Google’s lucrative ad platforms.
CooTek is the second major Chinese app developer to receive a ban by Google this year.
https://www.buzzfeednews.com/article/craigsilverman/google-banned-cootek-adware
BuzzFeed News
Exclusive: Google Has Banned Major Chinese App Developer CooTek From The Play Store And Its Ad Platforms
CooTek apps continued to bombard users with disruptive ads even after the company said it had stopped.
Tencent implements realtime, automatic censorship of chat images on WeChat
How?
1) Based on what text is in an image (using OCR)
2) Based on an image’s visual similarity to those on a blacklist
3) Based on hash of image that exist in database
https://citizenlab.ca/2019/07/cant-picture-this-2-an-analysis-of-wechats-realtime-image-filtering-in-chats/
How?
1) Based on what text is in an image (using OCR)
2) Based on an image’s visual similarity to those on a blacklist
3) Based on hash of image that exist in database
https://citizenlab.ca/2019/07/cant-picture-this-2-an-analysis-of-wechats-realtime-image-filtering-in-chats/
The Citizen Lab
(Can’t) Picture This 2
In this work, we study how Tencent implements image filtering on WeChat. We found that Tencent implements realtime, automatic censorship of chat images on WeChat based on what text is in an image and based on an image’s visual similarity to those on a blacklist.…
Mobile Hacking: Using Frida to Monitor Encryption
https://www.trustedsec.com/2019/07/mobile-hacking-using-frida-to-monitor-encryption/
https://www.trustedsec.com/2019/07/mobile-hacking-using-frida-to-monitor-encryption/
TrustedSec
Cybersecurity Education from the Experts | TrustedSec Blog Posts
Learn more about how to safeguard your company through our educational blog posts on everything from updated tech to the newest scams infiltrating organizations today.
Dwarf – joining UI with automation - Frida and r2
http://www.giovanni-rocca.com/dwarf-joining-ui-with-automation-frida-and-r2/
http://www.giovanni-rocca.com/dwarf-joining-ui-with-automation-frida-and-r2/
Android Malware Analysis : Dissecting Hydra Dropper
Includes GDB debugging of its native library
https://pentest.blog/android-malware-analysis-dissecting-hydra-dropper/
Includes GDB debugging of its native library
https://pentest.blog/android-malware-analysis-dissecting-hydra-dropper/
Android Analysis: Solving Flaggy Bird mobile challenge (Google CTF 2019)
https://blog.nviso.be/2019/07/18/solving-flaggy-bird-google-ctf-2019/
https://blog.nviso.be/2019/07/18/solving-flaggy-bird-google-ctf-2019/
NVISO Labs
Solving Flaggy Bird (Google CTF 2019)
A few weekends ago we participated in the Google CTF. While we didn’t make it to the top 10, we did manage to solve quite a few challenges. This is my writeup of FlaggyBird, the only mobile c…
DEXCALIBUR: AUTOMATE YOUR ANDROID APP REVERSE
or hooking for dummies
https://2019.pass-the-salt.org/files/slides/02-Dexcalibur.pdf
or hooking for dummies
https://2019.pass-the-salt.org/files/slides/02-Dexcalibur.pdf
QR code app requests €104,99 per year - subnoscription scam
https://twitter.com/jag_chandra/status/1152146311778635777?s=19
https://twitter.com/jag_chandra/status/1152146311778635777?s=19
Twitter
jagchandra
This QR code reader with 1M+ installs deducts $95 after 3 day trial, wants payment details upfront at installation, also has request install packages ,https://t.co/I9nDEsztuF
FaceApp PRO apps from YouTube gets you in trouble
Two scams:
1)Fake websites (iOS & Android): deliver ads,surveys, subnoscription,PPI,unrelated browser notifications.
2)Fake apps: From YouTube videos with link to adware
In one case with 95,000+ link clicks
https://www.welivesecurity.com/2019/07/19/faceapp-spotlight-scams-emerge/
Two scams:
1)Fake websites (iOS & Android): deliver ads,surveys, subnoscription,PPI,unrelated browser notifications.
2)Fake apps: From YouTube videos with link to adware
In one case with 95,000+ link clicks
https://www.welivesecurity.com/2019/07/19/faceapp-spotlight-scams-emerge/
WeLiveSecurity
With FaceApp in the spotlight, new scams emerge | WeLiveSecurity
ESET research shows how the hype around FaceApp has also attracted scammers, who launch fraudulent schemes piggybacking on the app's popularity.