Analysis of AwSpy spyware that Targets South Korean Android users
https://labs.k7computing.com/index.php/awspy-new-spyware-targets-south-korean-android-users/
https://labs.k7computing.com/index.php/awspy-new-spyware-targets-south-korean-android-users/
K7 Labs
AwSpy – New Spyware Targets South Korean Android users
Threat actors are constantly working on different ways to target users across the globe. Spyware has the capability to quietly […]
🔥15👍5
Use Case: Bypassing In-App Purchase By Payment Client-Side Validation
https://secfathy0x1.medium.com/use-case-bypassing-in-app-purchase-by-payment-client-side-validation-e87e2c775a9c
https://secfathy0x1.medium.com/use-case-bypassing-in-app-purchase-by-payment-client-side-validation-e87e2c775a9c
Medium
Use Case: Bypassing In-App Purchase By Payment Client-Side Validation
Exploring Android in-app purchase vulnerabilities using Frida to simulate and bypass payment validation
👏18👍8🌚8👎5❤4🔥3
Write-up on 1-click Exploit in South Korea's KakaoTalk mobile chat app allowed to steal access token and remotely exfiltrate all chat messages.
Issue is fixed, but the bug reporter haven't received reward, because only Koreans are eligible to receive bounty
https://stulle123.github.io/posts/kakaotalk-account-takeover/
Issue is fixed, but the bug reporter haven't received reward, because only Koreans are eligible to receive bounty
https://stulle123.github.io/posts/kakaotalk-account-takeover/
stulle123
1-click Exploit in South Korea's biggest mobile chat app
Stealing another KakaoTalk user’s chat messages with a simple 1-click exploit.
😢28❤7🔥2👍1🤬1
SELinux bypasses
This post aims at giving an overview of what SELinux is, how it is implemented, and how to bypass it, from the point of view of Android kernel exploitation
https://klecko.github.io/posts/selinux-bypasses/
This post aims at giving an overview of what SELinux is, how it is implemented, and how to bypass it, from the point of view of Android kernel exploitation
https://klecko.github.io/posts/selinux-bypasses/
Klecko Blog
SELinux bypasses
This post aims at giving an overview of what SELinux is, how it is implemented, and how to bypass it, from the point of view of Android kernel exploitation.
❤29🔥5🕊1
Analysis of CVE-2024-26926
A Linux kernel bug in the Binder component primarily affecting Android devices labeled as EoP
https://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf
A Linux kernel bug in the Binder component primarily affecting Android devices labeled as EoP
https://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf
GitHub
LinuxKernel-nday/CVE-2024-26926/CVE_2024_26926_Analysis.pdf at main · MaherAzzouzi/LinuxKernel-nday
Linux Kernel N-day Exploit/Analysis. Contribute to MaherAzzouzi/LinuxKernel-nday development by creating an account on GitHub.
👍16❤4
South Korean Mobile Malware Campaign: A Technical Deep Dive
https://www.linkedin.com/pulse/south-korean-mobile-malware-campaign-technical-deep-dive-rastogi-rma6e
https://www.linkedin.com/pulse/south-korean-mobile-malware-campaign-technical-deep-dive-rastogi-rma6e
👍15
This media is not supported in your browser
VIEW IN TELEGRAM
ShadyShader 2: An Apple bug that could freeze any device or cause crash loops by exploiting how GPUs handle shaders
Similar issue Apple patched last year (CVE-2023-40441)
https://www.imperva.com/blog/shadyshader-crashing-apple-m-series-with-single-click/
Similar issue Apple patched last year (CVE-2023-40441)
https://www.imperva.com/blog/shadyshader-crashing-apple-m-series-with-single-click/
🔥23❤2
I tried to explain how it is possible to locate smartphones using Advertising ID and ad plugins that are part of thousand popular apps without needing any spyware or exploits
https://www.mobile-hacker.com/2024/10/25/locate-smartphones-using-advertising-id-without-spyware-or-exploit/
https://www.mobile-hacker.com/2024/10/25/locate-smartphones-using-advertising-id-without-spyware-or-exploit/
Mobile Hacker
Locate smartphones using Advertising ID without spyware or exploit
I explain how it is possible to locate Google and Apple smartphones legally by misusing device unique Advertising ID and stream of data collected by advertising plugins. These plugins are part of thousands of popular and legitimate apps.
👍25🤡3🤔2😱2
Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives also using Android malware
https://cloud.google.com/blog/topics/threat-intelligence/russian-espionage-influence-ukrainian-military-recruits-anti-mobilization-narratives/
https://cloud.google.com/blog/topics/threat-intelligence/russian-espionage-influence-ukrainian-military-recruits-anti-mobilization-narratives/
Google Cloud Blog
Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives…
A suspected Russian hybrid espionage and influence operation, delivering Windows and Android malware.
❤16😁5🤮3😎2👍1🔥1🤡1😈1
iOS Forensics Suite: Generates detailed reports from iOS backups (encrypted & unencrypted) with device info, contacts, messages, WiFi, notes, WhatsApp data & more. All done locally.
https://github.com/piotrbania/ios_forensics_suite
https://github.com/piotrbania/ios_forensics_suite
GitHub
GitHub - piotrbania/ios_forensics_suite: A tool for generating detailed, locally-processed reports from iOS backups, supporting…
A tool for generating detailed, locally-processed reports from iOS backups, supporting encrypted and unencrypted data. - piotrbania/ios_forensics_suite
❤13🔥4🙏2
Frida Script Runner - Versatile web-based tool designed for Android and iOS penetration testing purposes
https://github.com/z3n70/Frida-Script-Runner
https://github.com/z3n70/Frida-Script-Runner
🔥26👍5❤3
Nine writeup for some Android specific chromium behavior vulnerabilities
1) intent:// restrictions bypassed via firebase dynamic links (Fixed, Awarded $3000)
2) Bypass to issue 40060327 via market:// URL (Fixed, Awarded $2250)
3) Add to home screen spoof (Fixed, Awarded $1125)
4) Iframe sandbox allow-popups-to-escape-sandbox bypass via intent (Asked, Not fixed)
5) Controlling Google assistant (Asked, Not fixed)
6) Controlling Clock (Accepted, Not fixed)
7) URL Spoof via intent (Fixed, Awarded $3133.70)
8) BROWSABLE intent:// bypass (Fixed, Duplicate)
9) BROWSABLE intent:// bypass (Fixed, Awarded $4500.00)
https://ndevtk.github.io/writeups/2024/08/01/awas/
1) intent:// restrictions bypassed via firebase dynamic links (Fixed, Awarded $3000)
2) Bypass to issue 40060327 via market:// URL (Fixed, Awarded $2250)
3) Add to home screen spoof (Fixed, Awarded $1125)
4) Iframe sandbox allow-popups-to-escape-sandbox bypass via intent (Asked, Not fixed)
5) Controlling Google assistant (Asked, Not fixed)
6) Controlling Clock (Accepted, Not fixed)
7) URL Spoof via intent (Fixed, Awarded $3133.70)
8) BROWSABLE intent:// bypass (Fixed, Duplicate)
9) BROWSABLE intent:// bypass (Fixed, Awarded $4500.00)
https://ndevtk.github.io/writeups/2024/08/01/awas/
Writeups
Android web attack surface
The following is a writeup for some Android specific chromium behaviors.
👍14🌚4❤3
Cracking into a Just Eat / Takeaway.com terminal with an NFC card
https://blog.mgdproductions.com/justeat-takeaway-terminal/
https://blog.mgdproductions.com/justeat-takeaway-terminal/
MGD Blog
Cracking into a Just Eat / Takeaway.com terminal with an NFC card
So this is a pretty interesting one, i found this one on a local marketplace for 25 dollars, so i immediately snagged it up.
After it booted up, it showed an activation screen. Looks like the previous owner has logged out.
We can't do much from this screen…
After it booted up, it showed an activation screen. Looks like the previous owner has logged out.
We can't do much from this screen…
🌚8👍2🔥1
LightSpy: Implant for iOS
https://www.threatfabric.com/blogs/lightspy-implant-for-ios
https://www.threatfabric.com/blogs/lightspy-implant-for-ios
ThreatFabric
LightSpy: Implant for iOS
ThreatFabric’s latest insights on LightSpy malware, targeting both iOS and macOS. Learn about the evolving tactics, new destructive features, and the importance of keeping devices updated to defend against these advanced cyber threats.
👍15🔥1
Emulating Android native libraries using unidbg
https://bhamza.me/blogpost/2024/09/10/Emulating-Android-native-libraries-using-unidbg.html
https://bhamza.me/blogpost/2024/09/10/Emulating-Android-native-libraries-using-unidbg.html
Hamza’s blog posts, notes and thoughts.
Emulating Android native libraries using unidbg
Introduction Unidbg is an open-source framework to emulate Android native libraries (and to a certain extent has experimental iOS emulation capabilities). There are a few use cases where emulating Android libraries is beneficial. I will cover a single use…
🔥11❤3👍1
Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware
https://www.zimperium.com/blog/mishing-in-motion-uncovering-the-evolving-functionality-of-fakecall-malware/
https://www.zimperium.com/blog/mishing-in-motion-uncovering-the-evolving-functionality-of-fakecall-malware/
Zimperium
Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware - Zimperium
In this blog post we share Zimperium’s Zero-Day Protection against the Water Makara Spear-Phishing campaign.
👍12🔥5
Low-Level Development on Retail Android Hardware - Reconnaissance and Prototyping a Bootloader
https://blog.timschumi.net/2024/10/05/lldorah-bootloader-prototype.html
https://blog.timschumi.net/2024/10/05/lldorah-bootloader-prototype.html
timschumi’s low-traffic blog
Low-Level Development on Retail Android Hardware - Reconnaissance and Prototyping a Bootloader
Many months ago, a slightly younger Tim thought that porting mainline Linux to his old Android phone for the purpose of experimentation would be a great way to pass time. (In hindsight it was, but not for the reasons imagined.)
🔥12🌚3👍1
Android G700 spyware: The Next Generation of Craxs RAT
https://www.cyfirma.com/research/g700-the-next-generation-of-craxs-rat/
https://www.cyfirma.com/research/g700-the-next-generation-of-craxs-rat/
CYFIRMA
G700 : The Next Generation of Craxs RAT - CYFIRMA
EXECUTIVE SUMMARY At CYFIRMA, we are dedicated to providing timely and relevant insights into emerging threats and tactics used by...
⚡14🌚4👍3
ToxicPanda: a new banking trojan from Asia hit Europe and LATAM
https://www.cleafy.com/cleafy-labs/toxicpanda-a-new-banking-trojan-from-asia-hit-europe-and-latam
https://www.cleafy.com/cleafy-labs/toxicpanda-a-new-banking-trojan-from-asia-hit-europe-and-latam
Cleafy
ToxicPanda: a new banking trojan from Asia hit Europe and LATAM | Cleafy Labs
Discover Cleafy's in-depth analysis of a new Android banking Trojan campaign, ToxicPanda, initially linked to TgToxic. Our findings reveal a sophisticated fraud operation targeting European and LATAM banks, using On-Device Fraud (ODF) tactics to execute account…
🌚13👍2