Technical analysis of Android malware Vultur
https://research.nccgroup.com/2024/03/28/android-malware-vultur-expands-its-wingspan/
https://research.nccgroup.com/2024/03/28/android-malware-vultur-expands-its-wingspan/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
😎8👍6❤2🥱2
Google fixed 2 Pixel vulnerabilities which are being actively exploited in the wild by forensic companies
CVE-2024-29745 refers to a vulnerability in the fastboot firmware used to support unlocking/flashing/locking. Forensic companies are rebooting devices in After First Unlock state into fastboot mode on Pixels and other devices to exploit vulnerabilities there and then dump memory.
CVE-2024-29748 refers to a vulnerability providing the ability to interrupt a factory reset triggered by a device admin app. It appears they've implemented a partial solution in firmware.
https://discuss.grapheneos.org/d/11860-vulnerabilities-exploited-in-the-wild-fixed-based-on-grapheneos-reports
CVE-2024-29745 refers to a vulnerability in the fastboot firmware used to support unlocking/flashing/locking. Forensic companies are rebooting devices in After First Unlock state into fastboot mode on Pixels and other devices to exploit vulnerabilities there and then dump memory.
CVE-2024-29748 refers to a vulnerability providing the ability to interrupt a factory reset triggered by a device admin app. It appears they've implemented a partial solution in firmware.
https://discuss.grapheneos.org/d/11860-vulnerabilities-exploited-in-the-wild-fixed-based-on-grapheneos-reports
GrapheneOS Discussion Forum
Vulnerabilities exploited in the wild fixed based on GrapheneOS reports - GrapheneOS Discussion Forum
❤17👍1
How charging your phone can compromise your data using three types of Juice Jacking attack
https://www.mobile-hacker.com/2024/04/04/how-charging-your-phone-can-compromise-your-data-using-juice-jacking-attack/
https://www.mobile-hacker.com/2024/04/04/how-charging-your-phone-can-compromise-your-data-using-juice-jacking-attack/
Mobile Hacker
How charging your phone can compromise your data using Juice Jacking attack
This is a third time I have seen FBI posting warnings on X about risks of using free public charging stations in airports, hotels, or shopping centers.
👍19😨4⚡2
Hornet dating app with over 10 million installs had vulnerabilities, allowing precise location determination of their users, even with distance display being disabled
https://research.checkpoint.com/2024/the-illusion-of-privacy-geolocation-risks-in-modern-dating-apps/
https://research.checkpoint.com/2024/the-illusion-of-privacy-geolocation-risks-in-modern-dating-apps/
Check Point Research
The Illusion of Privacy: Geolocation Risks in Modern Dating Apps - Check Point Research
Key takeaways Introduction Dating apps traditionally utilize location data, offering the opportunity to connect with people nearby, and enhancing the chances of real-life meetings. Some apps can also display the distance of the user to other users. This feature…
👍16❤2🤷♂1🤔1
Bypassing anti-reversing defences in iOS applications
https://twelvesec.com/2023/10/10/bypassing-anti-reversing-defences-in-ios-applications/
https://twelvesec.com/2023/10/10/bypassing-anti-reversing-defences-in-ios-applications/
Twelvesec
Bypassing anti-reversing defences in iOS applications - Twelvesec
A walktrough on dynamically bypassing anti-debugging and anti-reversing defences in iOS applications.
👍9❤3
Threat actor "Starry Addax" targets human rights defenders in North Africa with new Android malware
https://blog.talosintelligence.com/starry-addax/
https://blog.talosintelligence.com/starry-addax/
Cisco Talos Blog
Starry Addax targets human rights defenders in North Africa with new malware
Cisco Talos is disclosing a new threat actor we deemed “Starry Addax” targeting mostly human rights activists, associated with the Sahrawi Arab Democratic Republic (SADR) cause with a novel mobile malware.
👍11
Active Android espionage campaign targeting users mainly in India and Pakistan with apps bundled with the XploitSPY malware posing mostly as messaging services - even available on Google Play Store
https://www.welivesecurity.com/en/eset-research/exotic-visit-campaign-tracing-footprints-virtual-invaders/
https://www.welivesecurity.com/en/eset-research/exotic-visit-campaign-tracing-footprints-virtual-invaders/
🔥7👍5⚡1
ANDROID SUPPLY CHAIN VALIDATION CHEAT SHEET
This cheat sheet is based on the work performed on Android TV devices (we documented our steps in the post Android TV Devices: Pre-0wned Supply Chain Security Threats)
https://eclypsium.com/blog/android-supply-chain-validation-cheat-sheet/
This cheat sheet is based on the work performed on Android TV devices (we documented our steps in the post Android TV Devices: Pre-0wned Supply Chain Security Threats)
https://eclypsium.com/blog/android-supply-chain-validation-cheat-sheet/
Eclypsium | Supply Chain Security for the Modern Enterprise
Android Supply Chain Validation Cheat Sheet - Eclypsium | Supply Chain Security for the Modern Enterprise
Several different tools and techniques are available for Android to enumerate software and configurations, allowing you to begin to validate the software on devices. This cheat sheet is based on the work performed on Android TV devices (we documented our…
👍14❤2
iOS LightSpy Returns: Renewed Espionage Campaign Targets Southern Asia, Possibly India
https://blogs.blackberry.com/en/2024/04/lightspy-returns-renewed-espionage-campaign-targets-southern-asia-possibly-india
https://blogs.blackberry.com/en/2024/04/lightspy-returns-renewed-espionage-campaign-targets-southern-asia-possibly-india
BlackBerry
LightSpy Returns: Renewed Espionage Campaign Targets Southern Asia, Possibly India
After months of inactivity, the advanced mobile spyware LightSpy has resurfaced with expanded capabilities, targeting individuals in Southern Asia.
👍8🔥2
SoumniBot: the new Android banker’s unique techniques
https://securelist.com/soumnibot-android-banker-obfuscates-app-manifest/112334/
https://securelist.com/soumnibot-android-banker-obfuscates-app-manifest/112334/
Securelist
Analysis of the SoumniBot Android banker
We review the new mobile Trojan banker SoumniBot, which exploits bugs in the Android manifest parser to dodge analysis and detection.
👍8❤2
Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers
https://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers/
https://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers/
Shielder
Shielder - Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers
A writeup about two intent-based Android vulnerabilities CVE-2024-26131 and CVE-2024-26132 in Element (Matrix).
🔥11👍2💯2
XAgent Spyware Targeting iOS Devices in Western Europe: Analysis of Capabilities
https://www.linkedin.com/pulse/xagent-spyware-targeting-ios-devices-western-europe-dmitry-bestuzhev-xunle
https://www.linkedin.com/pulse/xagent-spyware-targeting-ios-devices-western-europe-dmitry-bestuzhev-xunle
Linkedin
XAgent Spyware Targeting iOS Devices in Western Europe: Analysis of Capabilities
Executive Summary: During a recent discussion between "Isabelle Quinn" and myself regarding the latest findings of iOS malware, we encountered new samples of interest. Following observations of activity from the Triangulation group a few days ago by Dmitry…
🔥12❤1👍1
[BlackHat Asia 2024] Analysing a NSO iOS Spyware Sample
https://www.blackhat.com/asia-24/briefings/schedule/?s=03#you-shall-not-pass---analysing-a-nso-ios-spyware-sample-37980
[slides] https://i.blackhat.com/Asia-24/Asia-24-Frielingsdorf-YouShallNotPassAnalysing.pdf
https://www.blackhat.com/asia-24/briefings/schedule/?s=03#you-shall-not-pass---analysing-a-nso-ios-spyware-sample-37980
[slides] https://i.blackhat.com/Asia-24/Asia-24-Frielingsdorf-YouShallNotPassAnalysing.pdf
Blackhat
Black Hat Asia 2024
👍16❤2
[BlackHat Asia 2024] Privacy Detective: Sniffing Out Your Data Leaks for Android
https://www.blackhat.com/asia-24/briefings/schedule/?s=03#privacy-detective-sniffing-out-your-data-leaks-for-android-37301
[slides] https://i.blackhat.com/Asia-24/Presentations/Asia-24-Zhou-PrivacyDetective.pdf
https://www.blackhat.com/asia-24/briefings/schedule/?s=03#privacy-detective-sniffing-out-your-data-leaks-for-android-37301
[slides] https://i.blackhat.com/Asia-24/Presentations/Asia-24-Zhou-PrivacyDetective.pdf
Blackhat
Black Hat Asia 2024
👍6❤3
[BlackHat Asia 2024] SystemUI As EvilPiP: The Hijacking Attacks on Modern Mobile Devices
https://www.blackhat.com/asia-24/briefings/schedule/?s=03#systemui-as-evilpip-the-hijacking-attacks-on-modern-mobile-devices-36260
[slides] https://i.blackhat.com/Asia-24/Presentations/Asia-24-WeiMinCheng-systemui-as-evilpip-the-hijacking-attacks-on-modern-mobile-devices.pdf
https://www.blackhat.com/asia-24/briefings/schedule/?s=03#systemui-as-evilpip-the-hijacking-attacks-on-modern-mobile-devices-36260
[slides] https://i.blackhat.com/Asia-24/Presentations/Asia-24-WeiMinCheng-systemui-as-evilpip-the-hijacking-attacks-on-modern-mobile-devices.pdf
Blackhat
Black Hat Asia 2024
👍7
Security analysis of system apps of prepaid Android carrier devices
[slides] https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ryan%20Johnson%20Mohamed%20Elsabagh%20Angelos%20Stavrou%20-%20Still%20Vulnerable%20Out%20of%20the%20Box%20Revisiting%20the%20Security%20of%20Prepaid%20Android%20Carrier%20Devices.pdf
[slides] https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ryan%20Johnson%20Mohamed%20Elsabagh%20Angelos%20Stavrou%20-%20Still%20Vulnerable%20Out%20of%20the%20Box%20Revisiting%20the%20Security%20of%20Prepaid%20Android%20Carrier%20Devices.pdf
🔥9👍2❤1
Vulnerabilities across cloud keyboard apps reveal keystrokes to network eavesdroppers (Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi that could be exploited to reveal what a user types)
https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/
https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/
The Citizen Lab
The not-so-silent type
In this report, we examine cloud-based pinyin keyboard apps from nine vendors (Baidu, Honor, Huawei, iFlyTek, OPPO, Samsung, Tencent, Vivo, and Xiaomi) for vulnerabilities in how the apps transmit user keystrokes. Our analysis found that eight of the nine…
👍13🔥5
Brokewell: A New Android Banking Trojan Targeting Users In Germany
https://cyble.com/blog/brokewell-a-new-android-banking-trojan-targeting-users-in-germany/
https://cyble.com/blog/brokewell-a-new-android-banking-trojan-targeting-users-in-germany/
Cyble
Brokewell: New Android Trojan Targeting Germany Users
Cybel uncovers the 'Brokewell' Android Banking Trojan targeting German users with overlay attacks, keylogging, and screen recording. Stay updated on threats.
👍10❤2😁1
Security issues in phone-tracking app iSharing exposed users locations
https://www.ericdaigle.ca/isharing-data-leak-writeup/
https://www.ericdaigle.ca/isharing-data-leak-writeup/
👍6❤2
Brokewell: do not go broke from new banking malware
https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware
https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware
ThreatFabric
Brokewell: do not go broke from new banking malware!
Explore the new malware family, Brokewell, with Device Takeover capabilities. Understand the risks it poses to financial institutions and how to stay protected.
🔥9👍4