Google Banned Major Chinese App Developer CooTek From The Play Store And Its Ad Platforms
CooTek, based in Shanghai, had hundreds of Android apps in the Play store. More than 60 of its apps have been removed from the Play store, and CooTek is now completely banned from Google’s lucrative ad platforms.
CooTek is the second major Chinese app developer to receive a ban by Google this year.
https://www.buzzfeednews.com/article/craigsilverman/google-banned-cootek-adware
CooTek, based in Shanghai, had hundreds of Android apps in the Play store. More than 60 of its apps have been removed from the Play store, and CooTek is now completely banned from Google’s lucrative ad platforms.
CooTek is the second major Chinese app developer to receive a ban by Google this year.
https://www.buzzfeednews.com/article/craigsilverman/google-banned-cootek-adware
BuzzFeed News
Exclusive: Google Has Banned Major Chinese App Developer CooTek From The Play Store And Its Ad Platforms
CooTek apps continued to bombard users with disruptive ads even after the company said it had stopped.
Tencent implements realtime, automatic censorship of chat images on WeChat
How?
1) Based on what text is in an image (using OCR)
2) Based on an image’s visual similarity to those on a blacklist
3) Based on hash of image that exist in database
https://citizenlab.ca/2019/07/cant-picture-this-2-an-analysis-of-wechats-realtime-image-filtering-in-chats/
How?
1) Based on what text is in an image (using OCR)
2) Based on an image’s visual similarity to those on a blacklist
3) Based on hash of image that exist in database
https://citizenlab.ca/2019/07/cant-picture-this-2-an-analysis-of-wechats-realtime-image-filtering-in-chats/
The Citizen Lab
(Can’t) Picture This 2
In this work, we study how Tencent implements image filtering on WeChat. We found that Tencent implements realtime, automatic censorship of chat images on WeChat based on what text is in an image and based on an image’s visual similarity to those on a blacklist.…
Mobile Hacking: Using Frida to Monitor Encryption
https://www.trustedsec.com/2019/07/mobile-hacking-using-frida-to-monitor-encryption/
https://www.trustedsec.com/2019/07/mobile-hacking-using-frida-to-monitor-encryption/
TrustedSec
Cybersecurity Education from the Experts | TrustedSec Blog Posts
Learn more about how to safeguard your company through our educational blog posts on everything from updated tech to the newest scams infiltrating organizations today.
Dwarf – joining UI with automation - Frida and r2
http://www.giovanni-rocca.com/dwarf-joining-ui-with-automation-frida-and-r2/
http://www.giovanni-rocca.com/dwarf-joining-ui-with-automation-frida-and-r2/
Android Malware Analysis : Dissecting Hydra Dropper
Includes GDB debugging of its native library
https://pentest.blog/android-malware-analysis-dissecting-hydra-dropper/
Includes GDB debugging of its native library
https://pentest.blog/android-malware-analysis-dissecting-hydra-dropper/
Android Analysis: Solving Flaggy Bird mobile challenge (Google CTF 2019)
https://blog.nviso.be/2019/07/18/solving-flaggy-bird-google-ctf-2019/
https://blog.nviso.be/2019/07/18/solving-flaggy-bird-google-ctf-2019/
NVISO Labs
Solving Flaggy Bird (Google CTF 2019)
A few weekends ago we participated in the Google CTF. While we didn’t make it to the top 10, we did manage to solve quite a few challenges. This is my writeup of FlaggyBird, the only mobile c…
DEXCALIBUR: AUTOMATE YOUR ANDROID APP REVERSE
or hooking for dummies
https://2019.pass-the-salt.org/files/slides/02-Dexcalibur.pdf
or hooking for dummies
https://2019.pass-the-salt.org/files/slides/02-Dexcalibur.pdf
QR code app requests €104,99 per year - subnoscription scam
https://twitter.com/jag_chandra/status/1152146311778635777?s=19
https://twitter.com/jag_chandra/status/1152146311778635777?s=19
Twitter
jagchandra
This QR code reader with 1M+ installs deducts $95 after 3 day trial, wants payment details upfront at installation, also has request install packages ,https://t.co/I9nDEsztuF
FaceApp PRO apps from YouTube gets you in trouble
Two scams:
1)Fake websites (iOS & Android): deliver ads,surveys, subnoscription,PPI,unrelated browser notifications.
2)Fake apps: From YouTube videos with link to adware
In one case with 95,000+ link clicks
https://www.welivesecurity.com/2019/07/19/faceapp-spotlight-scams-emerge/
Two scams:
1)Fake websites (iOS & Android): deliver ads,surveys, subnoscription,PPI,unrelated browser notifications.
2)Fake apps: From YouTube videos with link to adware
In one case with 95,000+ link clicks
https://www.welivesecurity.com/2019/07/19/faceapp-spotlight-scams-emerge/
WeLiveSecurity
With FaceApp in the spotlight, new scams emerge | WeLiveSecurity
ESET research shows how the hype around FaceApp has also attracted scammers, who launch fraudulent schemes piggybacking on the app's popularity.
Android KicoBotnet malware
https://twitter.com/virqdroid/status/1152216041830981633
https://twitter.com/virqdroid/status/1152216041830981633
Twitter
Nikolaos Chrysaidos
🆕Android #KicoBotnet malware it seems in active development. Features: - Exfiltration of the full call log, contacts, SMS - Crypto-ransomware / AES - appends .xdrop to the encrypted files (hardcoded key🤦♂️)
Tinder is another app to bypass the Play Store to avoid Google’s 30 percent cut
TINDER WILL NOW TAKE YOUR PAYMENT INFO DIRECTLY, INSTEAD OF LETTING GOOGLE PROCESS THE TRANSACTION
https://www.theverge.com/2019/7/19/20701256/tinder-google-play-store-android-bypass-30-percent-cut-avoid-self-install
TINDER WILL NOW TAKE YOUR PAYMENT INFO DIRECTLY, INSTEAD OF LETTING GOOGLE PROCESS THE TRANSACTION
https://www.theverge.com/2019/7/19/20701256/tinder-google-play-store-android-bypass-30-percent-cut-avoid-self-install
The Verge
Tinder is now bypassing the Play Store on Android to avoid Google’s 30 percent cut
Match Group joins Fortnite maker Epic Games
Gaza Cybergang's attack on the Arabic via Android platform #chinese
http://blog.avlsec.com/2019/07/5455/gaza-cybergang%e5%9c%a8%e7%a7%bb%e5%8a%a8%e7%ab%af%e5%af%b9%e9%98%bf%e6%8b%89%e4%bc%af%e8%af%ad%e5%9c%b0%e5%8c%ba%e7%9a%84%e6%94%bb%e5%87%bb%e4%ba%8b%e4%bb%b6/
http://blog.avlsec.com/2019/07/5455/gaza-cybergang%e5%9c%a8%e7%a7%bb%e5%8a%a8%e7%ab%af%e5%af%b9%e9%98%bf%e6%8b%89%e4%bc%af%e8%af%ad%e5%9c%b0%e5%8c%ba%e7%9a%84%e6%94%bb%e5%87%bb%e4%ba%8b%e4%bb%b6/
HiddenAd Trojan found on Google Play
Info: https://twitter.com/Maler360/status/1153260314902708225?s=19
Info: https://twitter.com/Maler360/status/1153260314902708225?s=19
Analyzing iOS Stalkerware Applications
https://ivrodriguez.com/analyzing-ios-stalkerware-apps/amp/?__twitter_impression=true
https://ivrodriguez.com/analyzing-ios-stalkerware-apps/amp/?__twitter_impression=true
Ivan R Blog
Analyzing iOS Stalkerware Applications
Stalkerware (a.k.a. Spouseware) applications are invasive applications that an
individual installs on a target's device (usually their partner) to spy on them,
snooping in as much data as they can. They aim to collect phone calls history,
private messages…
individual installs on a target's device (usually their partner) to spy on them,
snooping in as much data as they can. They aim to collect phone calls history,
private messages…
Looks like someone successfully created PoC for Android CVE-2019-2107 RCE
PoC: You can own the mobile by viewing a video with payload. Should works on Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.
https://github.com/marcinguy/CVE-2019-2107
PoC: You can own the mobile by viewing a video with payload. Should works on Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.
https://github.com/marcinguy/CVE-2019-2107
Story wrap-up about PoC CVE-2019-2107 with the comments from PoC author and Google.
▪️ Google - vulnerability wasn't exploited in the wild yet
▪️ PoC author - exploit wouldn't work if the video will be shared on Facebook, YouTube, Instagram...because of encoding
https://thenextweb.com/security/2019/07/24/google-android-vulnerability-malicious-video/
▪️ Google - vulnerability wasn't exploited in the wild yet
▪️ PoC author - exploit wouldn't work if the video will be shared on Facebook, YouTube, Instagram...because of encoding
https://thenextweb.com/security/2019/07/24/google-android-vulnerability-malicious-video/
TNW
Android vulnerability lets hackers hijack your phone with malicious videos
A vulnerability in Android ( found in versions between 7.0 and 9.0) enables hackers to hijack your phone by tricking you into watching malicious videos.
Monokle
The Mobile Surveillance Tooling of the Special Technology Center
https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf
The Mobile Surveillance Tooling of the Special Technology Center
https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf
Android Security & Malware
Monokle The Mobile Surveillance Tooling of the Special Technology Center https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf
Monokle - Mobile Surveillance ToolHighlights
▪️ on rooted devices can install own certificate to MitM TLS traffic
▪️ steals user defined words used for predictive text input
▪️ records the user unlocking device to get PIN
▪️ spread as Trojanized: Signal, ES explorer, Porn Hub...
▪️ via Xposed module can create hooks and hide presence in process list
▪️ via accessibility services can capture data from: Microsoft Word, Google Docs, Facebook messenger, Whatsapp, imo, Viber, Skype, WeChat, VK, Line, and Snapchat.
▪️ developed by Special Technology Center (STC) - a Russian defense contractor
▪️ there is also iOS version
▪️ can execute 33 commands on infected devices
👍1
jnitrace
A Frida module to trace usage of the JNI API in Android apps.
https://github.com/chame1eon/jnitrace
A Frida module to trace usage of the JNI API in Android apps.
https://github.com/chame1eon/jnitrace
GitHub
GitHub - chame1eon/jnitrace: A Frida based tool that traces usage of the JNI API in Android apps.
A Frida based tool that traces usage of the JNI API in Android apps. - chame1eon/jnitrace
Mobile banking malware: With over 50% increase in attacks when compared to 2018 - via Check Point
https://www.checkpoint.com/press/2019/check-point-research-from-supply-chain-to-email-mobile-and-the-cloud-no-environment-is-immune-to-cyber-attacks/
https://www.checkpoint.com/press/2019/check-point-research-from-supply-chain-to-email-mobile-and-the-cloud-no-environment-is-immune-to-cyber-attacks/
👍1