Dynamic Analysis Technique of Android Malware by Injecting Smali Gadgets
Patch APK with logcat output as alternative to using Frida
https://blogs.jpcert.or.jp/en/2024/08/smaligadget.html
Patch APK with logcat output as alternative to using Frida
https://blogs.jpcert.or.jp/en/2024/08/smaligadget.html
JPCERT/CC Eyes
Dynamic Analysis Technique of Android Malware by Injecting Smali Gadgets - JPCERT/CC Eyes
When dynamically analyzing Android malware, it is currently difficult to follow its code using debuggers unlike Windows malware. Although there is a technique [1] to hook a method dynamically by Frida [2], obtaining the in-progress state of the method is...
🤡11🤣9❤8👍6💩6🌚2
Android Game Hacking: Increase money in Dude Theft Wars Shooting
https://8ksec.io/hacking-android-games/
https://8ksec.io/hacking-android-games/
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Hacking Android Games - 8kSec
Learn the process involved in hacking Android games and learn how to distinguish between app hacking and game hacking within the Android ecosystem.
🔥17👍2
Android Vulnerability Impacting Millions of Pixel Devices Around the World
https://iverify.io/blog/iverify-discovers-android-vulnerability-impacting-millions-of-pixel-devices-around-the-world
https://iverify.io/blog/iverify-discovers-android-vulnerability-impacting-millions-of-pixel-devices-around-the-world
iverify.io
iVerify Discovers Android Vulnerability Impacting Millions of Pixel Devices Around the World
iVerify discovered an Android package, with excessive system privileges on a very large percentage of Pixel devices shipped worldwide.
🤮7👍3🌚1
Exploiting Android’s Hardened Memory Allocator
PoC: https://github.com/HexHive/scudo-exploitation
Paper: https://nebelwelt.net/publications/files/24WOOT.pdf
PoC: https://github.com/HexHive/scudo-exploitation
Paper: https://nebelwelt.net/publications/files/24WOOT.pdf
GitHub
GitHub - HexHive/scudo-exploitation
Contribute to HexHive/scudo-exploitation development by creating an account on GitHub.
👍8🔥5
Media is too big
VIEW IN TELEGRAM
RCE on Xiaomi 13 Pro (CVE-2023-26324)
👉Exploitation:
1) Open URL in WebView
2) Inject JavaScript
3) Execute JavaScript Interface functions from vulnerable GetApps to install & launch payload
4) Get shell
👉Slides with PoC: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Ken%20Gannon%20Ilyes%20Beghdadi%20-%20Xiaomi%20The%20Money%20Our%20Toronto%20Pwn2Own%20Exploit%20and%20Behind%20The%20Scenes%20Story.pdf
👉Exploitation:
1) Open URL in WebView
2) Inject JavaScript
3) Execute JavaScript Interface functions from vulnerable GetApps to install & launch payload
4) Get shell
👉Slides with PoC: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Ken%20Gannon%20Ilyes%20Beghdadi%20-%20Xiaomi%20The%20Money%20Our%20Toronto%20Pwn2Own%20Exploit%20and%20Behind%20The%20Scenes%20Story.pdf
🔥28👍7😁2
Exploiting Bluetooth: From your car to the bank account
Defcon slides: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Vladyslav%20Zubkov%20Martin%20Strohmeier%20-%20Exploiting%20Bluetooth%20-%20from%20your%20car%20to%20the%20bank%20account%24%24.pdf
Defcon slides: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Vladyslav%20Zubkov%20Martin%20Strohmeier%20-%20Exploiting%20Bluetooth%20-%20from%20your%20car%20to%20the%20bank%20account%24%24.pdf
🔥14🏆5❤2👍1
The ColorOS Internet Browser (com.heytap.browser) app for Android allows a remote attacker to execute arbitrary JavaScript code
PoC: https://github.com/actuator/com.heytap.browser
PoC: https://github.com/actuator/com.heytap.browser
GitHub
GitHub - actuator/com.heytap.browser: CVE-2024-23729
CVE-2024-23729. Contribute to actuator/com.heytap.browser development by creating an account on GitHub.
🌚12🔥3
Sophisticated phishing method targeted mobile users via Progressive Web Apps (iOS, Android) and WebAPKs (Android) to mimic banking apps. Installing WebAPK apps doesn't warn the victim about installing a third-party application and they even appear to have been installed from the Google Play store
https://www.welivesecurity.com/en/eset-research/be-careful-what-you-pwish-for-phishing-in-pwa-applications/
https://www.welivesecurity.com/en/eset-research/be-careful-what-you-pwish-for-phishing-in-pwa-applications/
Welivesecurity
Be careful what you pwish for – Phishing in PWA applications
ESET Research uncovers a novel method of phishing; targeting Android and iOS users via PWAs, and on Android also WebAPKs, without warning the user about installing a third-party app.
👍8🌚5
New Android malware - NGate - relays NFC data from victims’ payment cards, via victims’ compromised mobile phones, to attacker's device waiting at an ATM to withdraw cash
https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/
https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/
Welivesecurity
NGate Android malware relays NFC traffic to steal cash
ESET Research uncovers Android malware that relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM.
👍13🏆6🔥4❤1
Technical Analysis of Copybara
https://threatlabz.zscaler.com/blogs/security-research/technical-analysis-copybara
https://threatlabz.zscaler.com/blogs/security-research/technical-analysis-copybara
🏆7
How to root an Android device for analysis and vulnerability assessment
https://www.pentestpartners.com/security-blog/how-to-root-an-android-device-for-analysis-and-vulnerability-assessment/
https://www.pentestpartners.com/security-blog/how-to-root-an-android-device-for-analysis-and-vulnerability-assessment/
Pen Test Partners
How to root an Android device for analysis and vulnerability assessment | Pen Test Partners
TL;DR Introduction For mobile testing, be it for apps or hardware, having complete control over the device is essential for analysis and vulnerability assessment. Rooting an Android device allows us to gain root privileges, giving us full access to the OS…
🔥13👍8🤡4
Intercepting iHealth app traffic with Caido and Frida
iHealth Nexus Pro Body Composition Scale only communicates via Bluetooth Low Energy (BLE) to a iHealth mobile app
Blog: https://brownfinesecurity.com/blog/intercepting-mobile-traffic-with-caido-and-frida/
Video: https://youtu.be/GvRi7chKMPI
iHealth Nexus Pro Body Composition Scale only communicates via Bluetooth Low Energy (BLE) to a iHealth mobile app
Blog: https://brownfinesecurity.com/blog/intercepting-mobile-traffic-with-caido-and-frida/
Video: https://youtu.be/GvRi7chKMPI
Brownfinesecurity
Intercepting Mobile Application Traffic with Caido and Frida - Brown Fine Security
🔥10👍4
Critical Zip Slip Vulnerability Discovered in Mobile Security Framework (MobSF) could allow malicious actors to execute code remotely on servers running MobSF (CVE-2024-43399)
https://securityonline.info/cve-2024-43399-critical-zip-slip-vulnerability-discovered-in-mobile-security-framework-mobsf
https://securityonline.info/cve-2024-43399-critical-zip-slip-vulnerability-discovered-in-mobile-security-framework-mobsf
Daily CyberSecurity
CVE-2024-43399: Critical Zip Slip Vulnerability Discovered in Mobile Security Framework (MobSF)
Discover the critical vulnerability in MobSF - CVE-2024-43399. Find out how this flaw could lead to remote code execution and the potential impact on app security.
🔥25👍3❤2
Rocinante: Analysis of new Android banking trojan
https://www.threatfabric.com/blogs/the-trojan-horse-that-wanted-to-fly-rocinante
https://www.threatfabric.com/blogs/the-trojan-horse-that-wanted-to-fly-rocinante
ThreatFabric
Rocinante: The trojan horse that wanted to fly
New DTO malware appears in Brazil, posing as security updates and banking applications.
👍11🌚3❤1
Reverse Engineering Obfuscated Flutter App
https://youtu.be/0uUSwMg2suk
https://youtu.be/0uUSwMg2suk
YouTube
Reverse Engineering Obfuscated Flutter App
#flutterobfuscatedapp #mobilesecurity #dartdecompilation #dartobjectpool #reverse-engineering
Hello everyone and welcome to another video on Flutter by FatalSec. In this video we are gonna learn how to deal with an obfuscated flutter application by resolving…
Hello everyone and welcome to another video on Flutter by FatalSec. In this video we are gonna learn how to deal with an obfuscated flutter application by resolving…
👍24❤1
New Phishing Campaign Spreads EagleSpy Android Malware
https://www-d3lab-net.translate.goog/nuova-campagna-di-phishing-diffonde-malware-android-eaglespy/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en
https://www-d3lab-net.translate.goog/nuova-campagna-di-phishing-diffonde-malware-android-eaglespy/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en
D3Lab
Nuova Campagna di Phishing diffonde malware Android EagleSpy
Una recente campagna di phishing sta diffondendo il malware Android EagleSpy, un potente RAT in grado di rubare dati sensibili attraverso false app bancarie. Analizziamo le somiglianze tecniche con SpyNote e CraxsRAT, rivelando le sofisticate tecniche di…
🌚8👍3
GPUAF Using a general GPU exploit tech to attack Pixel 8
We developed an advanced exploit technique capable of transforming a conventional out-of-bounds (OOB) bug into a more potent exploit primitive, specifically a page Use-After-Free (UAF). Utilizing this technique, we successfully exploited a vulnerability in the Pixel series, achieving Kernel Code Execution.
https://www.youtube.com/watch?v=Mw6iCqjOV9Q
We developed an advanced exploit technique capable of transforming a conventional out-of-bounds (OOB) bug into a more potent exploit primitive, specifically a page Use-After-Free (UAF). Utilizing this technique, we successfully exploited a vulnerability in the Pixel series, achieving Kernel Code Execution.
https://www.youtube.com/watch?v=Mw6iCqjOV9Q
YouTube
Off-By-One 2024 Day 1 - GPUAF Using a general GPU exploit tech to attack Pixel8
Abstract
Last year, we developed an advanced exploit technique capable of transforming a conventional out-of-bounds (OOB) bug into a more potent exploit primitive, specifically a page Use-After-Free (UAF). Utilizing this technique, we successfully exploited…
Last year, we developed an advanced exploit technique capable of transforming a conventional out-of-bounds (OOB) bug into a more potent exploit primitive, specifically a page Use-After-Free (UAF). Utilizing this technique, we successfully exploited…
🔥14🌚3
New Android SpyAgent Campaign Steals Crypto Credentials via Image Recognition
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-spyagent-campaign-steals-crypto-credentials-via-image-recognition/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-spyagent-campaign-steals-crypto-credentials-via-image-recognition/
McAfee Blog
New Android SpyAgent Campaign Steals Crypto Credentials via Image Recognition | McAfee Blog
Authored by SangRyol Ryu Recently, McAfee’s Mobile Research Team uncovered a new type of mobile malware that targets mnemonic keys by scanning for images
🔥6🌚1
Attempted cyberattacks on Ukrainian military systems using mobile malware
https://cert.gov.ua/article/6280563
https://cert.gov.ua/article/6280563
cert.gov.ua
CERT-UA
Урядова команда реагування на комп’ютерні надзвичайні події України, яка функціонує в складі Державної служби спеціального зв’язку та захисту інформації України.
🔥10👍3🥰2🌚2😢1
How to intercepting Android at runtime on non-rooted devices using frida-gadget
https://dispatchersdotplayground.hashnode.dev/intercepting-android-at-runtime-on-non-rooted-devices
https://dispatchersdotplayground.hashnode.dev/intercepting-android-at-runtime-on-non-rooted-devices
🔥10👍2🌚2
[$12000] How I found 3 Critical 0-click TikTok Account Takeover Vulnerabilities, 2FA bypass & more security issues in TikTok’s system
https://vojtechcekal.medium.com/12000-3-critical-0-click-tiktok-account-takeover-vulnerabilities-2fa-bypass-more-security-78554827cfc3
https://vojtechcekal.medium.com/12000-3-critical-0-click-tiktok-account-takeover-vulnerabilities-2fa-bypass-more-security-78554827cfc3
👍20🌚7