Hornet dating app with over 10 million installs had vulnerabilities, allowing precise location determination of their users, even with distance display being disabled
https://research.checkpoint.com/2024/the-illusion-of-privacy-geolocation-risks-in-modern-dating-apps/
https://research.checkpoint.com/2024/the-illusion-of-privacy-geolocation-risks-in-modern-dating-apps/
Check Point Research
The Illusion of Privacy: Geolocation Risks in Modern Dating Apps - Check Point Research
Key takeaways Introduction Dating apps traditionally utilize location data, offering the opportunity to connect with people nearby, and enhancing the chances of real-life meetings. Some apps can also display the distance of the user to other users. This feature…
👍16❤2🤷♂1🤔1
Bypassing anti-reversing defences in iOS applications
https://twelvesec.com/2023/10/10/bypassing-anti-reversing-defences-in-ios-applications/
https://twelvesec.com/2023/10/10/bypassing-anti-reversing-defences-in-ios-applications/
Twelvesec
Bypassing anti-reversing defences in iOS applications - Twelvesec
A walktrough on dynamically bypassing anti-debugging and anti-reversing defences in iOS applications.
👍9❤3
Threat actor "Starry Addax" targets human rights defenders in North Africa with new Android malware
https://blog.talosintelligence.com/starry-addax/
https://blog.talosintelligence.com/starry-addax/
Cisco Talos Blog
Starry Addax targets human rights defenders in North Africa with new malware
Cisco Talos is disclosing a new threat actor we deemed “Starry Addax” targeting mostly human rights activists, associated with the Sahrawi Arab Democratic Republic (SADR) cause with a novel mobile malware.
👍11
Active Android espionage campaign targeting users mainly in India and Pakistan with apps bundled with the XploitSPY malware posing mostly as messaging services - even available on Google Play Store
https://www.welivesecurity.com/en/eset-research/exotic-visit-campaign-tracing-footprints-virtual-invaders/
https://www.welivesecurity.com/en/eset-research/exotic-visit-campaign-tracing-footprints-virtual-invaders/
🔥7👍5⚡1
ANDROID SUPPLY CHAIN VALIDATION CHEAT SHEET
This cheat sheet is based on the work performed on Android TV devices (we documented our steps in the post Android TV Devices: Pre-0wned Supply Chain Security Threats)
https://eclypsium.com/blog/android-supply-chain-validation-cheat-sheet/
This cheat sheet is based on the work performed on Android TV devices (we documented our steps in the post Android TV Devices: Pre-0wned Supply Chain Security Threats)
https://eclypsium.com/blog/android-supply-chain-validation-cheat-sheet/
Eclypsium | Supply Chain Security for the Modern Enterprise
Android Supply Chain Validation Cheat Sheet - Eclypsium | Supply Chain Security for the Modern Enterprise
Several different tools and techniques are available for Android to enumerate software and configurations, allowing you to begin to validate the software on devices. This cheat sheet is based on the work performed on Android TV devices (we documented our…
👍14❤2
iOS LightSpy Returns: Renewed Espionage Campaign Targets Southern Asia, Possibly India
https://blogs.blackberry.com/en/2024/04/lightspy-returns-renewed-espionage-campaign-targets-southern-asia-possibly-india
https://blogs.blackberry.com/en/2024/04/lightspy-returns-renewed-espionage-campaign-targets-southern-asia-possibly-india
BlackBerry
LightSpy Returns: Renewed Espionage Campaign Targets Southern Asia, Possibly India
After months of inactivity, the advanced mobile spyware LightSpy has resurfaced with expanded capabilities, targeting individuals in Southern Asia.
👍8🔥2
SoumniBot: the new Android banker’s unique techniques
https://securelist.com/soumnibot-android-banker-obfuscates-app-manifest/112334/
https://securelist.com/soumnibot-android-banker-obfuscates-app-manifest/112334/
Securelist
Analysis of the SoumniBot Android banker
We review the new mobile Trojan banker SoumniBot, which exploits bugs in the Android manifest parser to dodge analysis and detection.
👍8❤2
Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers
https://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers/
https://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers/
Shielder
Shielder - Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers
A writeup about two intent-based Android vulnerabilities CVE-2024-26131 and CVE-2024-26132 in Element (Matrix).
🔥11👍2💯2
XAgent Spyware Targeting iOS Devices in Western Europe: Analysis of Capabilities
https://www.linkedin.com/pulse/xagent-spyware-targeting-ios-devices-western-europe-dmitry-bestuzhev-xunle
https://www.linkedin.com/pulse/xagent-spyware-targeting-ios-devices-western-europe-dmitry-bestuzhev-xunle
Linkedin
XAgent Spyware Targeting iOS Devices in Western Europe: Analysis of Capabilities
Executive Summary: During a recent discussion between "Isabelle Quinn" and myself regarding the latest findings of iOS malware, we encountered new samples of interest. Following observations of activity from the Triangulation group a few days ago by Dmitry…
🔥12❤1👍1
[BlackHat Asia 2024] Analysing a NSO iOS Spyware Sample
https://www.blackhat.com/asia-24/briefings/schedule/?s=03#you-shall-not-pass---analysing-a-nso-ios-spyware-sample-37980
[slides] https://i.blackhat.com/Asia-24/Asia-24-Frielingsdorf-YouShallNotPassAnalysing.pdf
https://www.blackhat.com/asia-24/briefings/schedule/?s=03#you-shall-not-pass---analysing-a-nso-ios-spyware-sample-37980
[slides] https://i.blackhat.com/Asia-24/Asia-24-Frielingsdorf-YouShallNotPassAnalysing.pdf
Blackhat
Black Hat Asia 2024
👍16❤2
[BlackHat Asia 2024] Privacy Detective: Sniffing Out Your Data Leaks for Android
https://www.blackhat.com/asia-24/briefings/schedule/?s=03#privacy-detective-sniffing-out-your-data-leaks-for-android-37301
[slides] https://i.blackhat.com/Asia-24/Presentations/Asia-24-Zhou-PrivacyDetective.pdf
https://www.blackhat.com/asia-24/briefings/schedule/?s=03#privacy-detective-sniffing-out-your-data-leaks-for-android-37301
[slides] https://i.blackhat.com/Asia-24/Presentations/Asia-24-Zhou-PrivacyDetective.pdf
Blackhat
Black Hat Asia 2024
👍6❤3
[BlackHat Asia 2024] SystemUI As EvilPiP: The Hijacking Attacks on Modern Mobile Devices
https://www.blackhat.com/asia-24/briefings/schedule/?s=03#systemui-as-evilpip-the-hijacking-attacks-on-modern-mobile-devices-36260
[slides] https://i.blackhat.com/Asia-24/Presentations/Asia-24-WeiMinCheng-systemui-as-evilpip-the-hijacking-attacks-on-modern-mobile-devices.pdf
https://www.blackhat.com/asia-24/briefings/schedule/?s=03#systemui-as-evilpip-the-hijacking-attacks-on-modern-mobile-devices-36260
[slides] https://i.blackhat.com/Asia-24/Presentations/Asia-24-WeiMinCheng-systemui-as-evilpip-the-hijacking-attacks-on-modern-mobile-devices.pdf
Blackhat
Black Hat Asia 2024
👍7
Security analysis of system apps of prepaid Android carrier devices
[slides] https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ryan%20Johnson%20Mohamed%20Elsabagh%20Angelos%20Stavrou%20-%20Still%20Vulnerable%20Out%20of%20the%20Box%20Revisiting%20the%20Security%20of%20Prepaid%20Android%20Carrier%20Devices.pdf
[slides] https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ryan%20Johnson%20Mohamed%20Elsabagh%20Angelos%20Stavrou%20-%20Still%20Vulnerable%20Out%20of%20the%20Box%20Revisiting%20the%20Security%20of%20Prepaid%20Android%20Carrier%20Devices.pdf
🔥9👍2❤1
Vulnerabilities across cloud keyboard apps reveal keystrokes to network eavesdroppers (Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi that could be exploited to reveal what a user types)
https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/
https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/
The Citizen Lab
The not-so-silent type
In this report, we examine cloud-based pinyin keyboard apps from nine vendors (Baidu, Honor, Huawei, iFlyTek, OPPO, Samsung, Tencent, Vivo, and Xiaomi) for vulnerabilities in how the apps transmit user keystrokes. Our analysis found that eight of the nine…
👍13🔥5
Brokewell: A New Android Banking Trojan Targeting Users In Germany
https://cyble.com/blog/brokewell-a-new-android-banking-trojan-targeting-users-in-germany/
https://cyble.com/blog/brokewell-a-new-android-banking-trojan-targeting-users-in-germany/
Cyble
Brokewell: New Android Trojan Targeting Germany Users
Cybel uncovers the 'Brokewell' Android Banking Trojan targeting German users with overlay attacks, keylogging, and screen recording. Stay updated on threats.
👍10❤2😁1
Security issues in phone-tracking app iSharing exposed users locations
https://www.ericdaigle.ca/isharing-data-leak-writeup/
https://www.ericdaigle.ca/isharing-data-leak-writeup/
👍6❤2
Brokewell: do not go broke from new banking malware
https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware
https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware
ThreatFabric
Brokewell: do not go broke from new banking malware!
Explore the new malware family, Brokewell, with Device Takeover capabilities. Understand the risks it poses to financial institutions and how to stay protected.
🔥9👍4
Advanced Frida Usage Part 9 – Memory Scanning in Android
https://8ksec.io/advanced-frida-usage-part-9-memory-scanning-in-android/
https://8ksec.io/advanced-frida-usage-part-9-memory-scanning-in-android/
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Advanced Frida Usage Part 9 – Memory Scanning in Android - 8kSec
In part-9 of Advanced Frida Usage, learn about API provided by frida called Memory.scan() which can help you to scan bytes from memory & help you to patch them.
🔥9👍3❤2
In 2023, Google prevented 2.28 million policy-violating apps from being published on Google Play
https://security.googleblog.com/2024/04/how-we-fought-bad-apps-and-bad-actors-in-2023.html
https://security.googleblog.com/2024/04/how-we-fought-bad-apps-and-bad-actors-in-2023.html
Google Online Security Blog
How we fought bad apps and bad actors in 2023
Posted by Steve Kafka and Khawaja Shams (Android Security and Privacy Team), and Mohet Saxena (Play Trust and Safety) A safe and trusted ...
❤8😁1
New Android malware called Wpeeper hides behind hacked WordPress sites
https://blog.xlab.qianxin.com/playing-possum-whats-the-wpeeper-backdoor-up-to/
https://blog.xlab.qianxin.com/playing-possum-whats-the-wpeeper-backdoor-up-to/
奇安信 X 实验室
Playing Possum: What's the Wpeeper Backdoor Up To?
Summary
On April 18, 2024, XLab's threat hunting system detected an ELF file with zero detections on VirusTotal being distributed through two different domains. One of the domains was marked as malicious by three security firms, while the other was recently…
On April 18, 2024, XLab's threat hunting system detected an ELF file with zero detections on VirusTotal being distributed through two different domains. One of the domains was marked as malicious by three security firms, while the other was recently…
❤6🔥4👍1