Stalkerware apps found on Google Play
https://twitter.com/virqdroid/status/1151111407284473861
Article: https://blog.avast.com/avast-identifies-stalker-apps
https://twitter.com/virqdroid/status/1151111407284473861
Article: https://blog.avast.com/avast-identifies-stalker-apps
Twitter
Stalking apps in @GooglePlay. Four apps, the same developer. Install it to your employee/kid etc and track the location, collect contacts, SMS & call history. If the phone is rooted you can also collect WhatsApp/Viber messages.
Those shouldn't exist on Google…
Those shouldn't exist on Google…
HiddenAds Trojan found on Google Play in "beauty selfie" app with 10K+ installs
https://twitter.com/s_metanka/status/1151106094267273217
https://twitter.com/s_metanka/status/1151106094267273217
Twitter
smtnk
Icon-hiding #Android #Adware 10,000+ installs https://t.co/0TLCIEWl6k @GooglePlay
Exploiting SSL Vulnerabilities in Mobile AppsHow an attacker can exploit a vulnerable app’s broken SSL implementation and intercept cleartext HTTPS traffic – without the victim having installed any CA Certificates or accepting any additional untrusted certificates.
https://www.allysonomalley.com/2019/07/15/exploiting-ssl-vulnerabilities-in-mobile-apps/
allysonomalley.com
Exploiting SSL Vulnerabilities in Mobile Apps
This post is an overview of a mobile app MitM vulnerability I’ve found several times in the real world. I’ll explain how an attacker can exploit a vulnerable app’s broken SSL impl…
Kali NetHunter App Store
The New Android Store Dedicated to Free Security Apps based on F-Droid
https://www.offensive-security.com/kali-nethunter/kali-nethunter-app-store/
The New Android Store Dedicated to Free Security Apps based on F-Droid
https://www.offensive-security.com/kali-nethunter/kali-nethunter-app-store/
Google Banned Major Chinese App Developer CooTek From The Play Store And Its Ad Platforms
CooTek, based in Shanghai, had hundreds of Android apps in the Play store. More than 60 of its apps have been removed from the Play store, and CooTek is now completely banned from Google’s lucrative ad platforms.
CooTek is the second major Chinese app developer to receive a ban by Google this year.
https://www.buzzfeednews.com/article/craigsilverman/google-banned-cootek-adware
CooTek, based in Shanghai, had hundreds of Android apps in the Play store. More than 60 of its apps have been removed from the Play store, and CooTek is now completely banned from Google’s lucrative ad platforms.
CooTek is the second major Chinese app developer to receive a ban by Google this year.
https://www.buzzfeednews.com/article/craigsilverman/google-banned-cootek-adware
BuzzFeed News
Exclusive: Google Has Banned Major Chinese App Developer CooTek From The Play Store And Its Ad Platforms
CooTek apps continued to bombard users with disruptive ads even after the company said it had stopped.
Tencent implements realtime, automatic censorship of chat images on WeChat
How?
1) Based on what text is in an image (using OCR)
2) Based on an image’s visual similarity to those on a blacklist
3) Based on hash of image that exist in database
https://citizenlab.ca/2019/07/cant-picture-this-2-an-analysis-of-wechats-realtime-image-filtering-in-chats/
How?
1) Based on what text is in an image (using OCR)
2) Based on an image’s visual similarity to those on a blacklist
3) Based on hash of image that exist in database
https://citizenlab.ca/2019/07/cant-picture-this-2-an-analysis-of-wechats-realtime-image-filtering-in-chats/
The Citizen Lab
(Can’t) Picture This 2
In this work, we study how Tencent implements image filtering on WeChat. We found that Tencent implements realtime, automatic censorship of chat images on WeChat based on what text is in an image and based on an image’s visual similarity to those on a blacklist.…
Mobile Hacking: Using Frida to Monitor Encryption
https://www.trustedsec.com/2019/07/mobile-hacking-using-frida-to-monitor-encryption/
https://www.trustedsec.com/2019/07/mobile-hacking-using-frida-to-monitor-encryption/
TrustedSec
Cybersecurity Education from the Experts | TrustedSec Blog Posts
Learn more about how to safeguard your company through our educational blog posts on everything from updated tech to the newest scams infiltrating organizations today.
Dwarf – joining UI with automation - Frida and r2
http://www.giovanni-rocca.com/dwarf-joining-ui-with-automation-frida-and-r2/
http://www.giovanni-rocca.com/dwarf-joining-ui-with-automation-frida-and-r2/
Android Malware Analysis : Dissecting Hydra Dropper
Includes GDB debugging of its native library
https://pentest.blog/android-malware-analysis-dissecting-hydra-dropper/
Includes GDB debugging of its native library
https://pentest.blog/android-malware-analysis-dissecting-hydra-dropper/
Android Analysis: Solving Flaggy Bird mobile challenge (Google CTF 2019)
https://blog.nviso.be/2019/07/18/solving-flaggy-bird-google-ctf-2019/
https://blog.nviso.be/2019/07/18/solving-flaggy-bird-google-ctf-2019/
NVISO Labs
Solving Flaggy Bird (Google CTF 2019)
A few weekends ago we participated in the Google CTF. While we didn’t make it to the top 10, we did manage to solve quite a few challenges. This is my writeup of FlaggyBird, the only mobile c…
DEXCALIBUR: AUTOMATE YOUR ANDROID APP REVERSE
or hooking for dummies
https://2019.pass-the-salt.org/files/slides/02-Dexcalibur.pdf
or hooking for dummies
https://2019.pass-the-salt.org/files/slides/02-Dexcalibur.pdf
QR code app requests €104,99 per year - subnoscription scam
https://twitter.com/jag_chandra/status/1152146311778635777?s=19
https://twitter.com/jag_chandra/status/1152146311778635777?s=19
Twitter
jagchandra
This QR code reader with 1M+ installs deducts $95 after 3 day trial, wants payment details upfront at installation, also has request install packages ,https://t.co/I9nDEsztuF
FaceApp PRO apps from YouTube gets you in trouble
Two scams:
1)Fake websites (iOS & Android): deliver ads,surveys, subnoscription,PPI,unrelated browser notifications.
2)Fake apps: From YouTube videos with link to adware
In one case with 95,000+ link clicks
https://www.welivesecurity.com/2019/07/19/faceapp-spotlight-scams-emerge/
Two scams:
1)Fake websites (iOS & Android): deliver ads,surveys, subnoscription,PPI,unrelated browser notifications.
2)Fake apps: From YouTube videos with link to adware
In one case with 95,000+ link clicks
https://www.welivesecurity.com/2019/07/19/faceapp-spotlight-scams-emerge/
WeLiveSecurity
With FaceApp in the spotlight, new scams emerge | WeLiveSecurity
ESET research shows how the hype around FaceApp has also attracted scammers, who launch fraudulent schemes piggybacking on the app's popularity.
Android KicoBotnet malware
https://twitter.com/virqdroid/status/1152216041830981633
https://twitter.com/virqdroid/status/1152216041830981633
Twitter
Nikolaos Chrysaidos
🆕Android #KicoBotnet malware it seems in active development. Features: - Exfiltration of the full call log, contacts, SMS - Crypto-ransomware / AES - appends .xdrop to the encrypted files (hardcoded key🤦♂️)
Tinder is another app to bypass the Play Store to avoid Google’s 30 percent cut
TINDER WILL NOW TAKE YOUR PAYMENT INFO DIRECTLY, INSTEAD OF LETTING GOOGLE PROCESS THE TRANSACTION
https://www.theverge.com/2019/7/19/20701256/tinder-google-play-store-android-bypass-30-percent-cut-avoid-self-install
TINDER WILL NOW TAKE YOUR PAYMENT INFO DIRECTLY, INSTEAD OF LETTING GOOGLE PROCESS THE TRANSACTION
https://www.theverge.com/2019/7/19/20701256/tinder-google-play-store-android-bypass-30-percent-cut-avoid-self-install
The Verge
Tinder is now bypassing the Play Store on Android to avoid Google’s 30 percent cut
Match Group joins Fortnite maker Epic Games
Gaza Cybergang's attack on the Arabic via Android platform #chinese
http://blog.avlsec.com/2019/07/5455/gaza-cybergang%e5%9c%a8%e7%a7%bb%e5%8a%a8%e7%ab%af%e5%af%b9%e9%98%bf%e6%8b%89%e4%bc%af%e8%af%ad%e5%9c%b0%e5%8c%ba%e7%9a%84%e6%94%bb%e5%87%bb%e4%ba%8b%e4%bb%b6/
http://blog.avlsec.com/2019/07/5455/gaza-cybergang%e5%9c%a8%e7%a7%bb%e5%8a%a8%e7%ab%af%e5%af%b9%e9%98%bf%e6%8b%89%e4%bc%af%e8%af%ad%e5%9c%b0%e5%8c%ba%e7%9a%84%e6%94%bb%e5%87%bb%e4%ba%8b%e4%bb%b6/
HiddenAd Trojan found on Google Play
Info: https://twitter.com/Maler360/status/1153260314902708225?s=19
Info: https://twitter.com/Maler360/status/1153260314902708225?s=19
Analyzing iOS Stalkerware Applications
https://ivrodriguez.com/analyzing-ios-stalkerware-apps/amp/?__twitter_impression=true
https://ivrodriguez.com/analyzing-ios-stalkerware-apps/amp/?__twitter_impression=true
Ivan R Blog
Analyzing iOS Stalkerware Applications
Stalkerware (a.k.a. Spouseware) applications are invasive applications that an
individual installs on a target's device (usually their partner) to spy on them,
snooping in as much data as they can. They aim to collect phone calls history,
private messages…
individual installs on a target's device (usually their partner) to spy on them,
snooping in as much data as they can. They aim to collect phone calls history,
private messages…
Looks like someone successfully created PoC for Android CVE-2019-2107 RCE
PoC: You can own the mobile by viewing a video with payload. Should works on Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.
https://github.com/marcinguy/CVE-2019-2107
PoC: You can own the mobile by viewing a video with payload. Should works on Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.
https://github.com/marcinguy/CVE-2019-2107
Story wrap-up about PoC CVE-2019-2107 with the comments from PoC author and Google.
▪️ Google - vulnerability wasn't exploited in the wild yet
▪️ PoC author - exploit wouldn't work if the video will be shared on Facebook, YouTube, Instagram...because of encoding
https://thenextweb.com/security/2019/07/24/google-android-vulnerability-malicious-video/
▪️ Google - vulnerability wasn't exploited in the wild yet
▪️ PoC author - exploit wouldn't work if the video will be shared on Facebook, YouTube, Instagram...because of encoding
https://thenextweb.com/security/2019/07/24/google-android-vulnerability-malicious-video/
TNW
Android vulnerability lets hackers hijack your phone with malicious videos
A vulnerability in Android ( found in versions between 7.0 and 9.0) enables hackers to hijack your phone by tricking you into watching malicious videos.