ToxicPanda: a new banking trojan from Asia hit Europe and LATAM
https://www.cleafy.com/cleafy-labs/toxicpanda-a-new-banking-trojan-from-asia-hit-europe-and-latam
https://www.cleafy.com/cleafy-labs/toxicpanda-a-new-banking-trojan-from-asia-hit-europe-and-latam
Cleafy
ToxicPanda: a new banking trojan from Asia hit Europe and LATAM | Cleafy Labs
Discover Cleafy's in-depth analysis of a new Android banking Trojan campaign, ToxicPanda, initially linked to TgToxic. Our findings reveal a sophisticated fraud operation targeting European and LATAM banks, using On-Device Fraud (ODF) tactics to execute account…
🌚13👍2
Apple CarPlay: What's Under the Hood
Slides: https://troopers.de/downloads/troopers24/TR24_Apple_CarPlay-What's_Under_the_Hood_8MCYKG.pdf
Video: https://www.youtube.com/watch?v=cHhxJzavq5I
Slides: https://troopers.de/downloads/troopers24/TR24_Apple_CarPlay-What's_Under_the_Hood_8MCYKG.pdf
Video: https://www.youtube.com/watch?v=cHhxJzavq5I
❤16👍3🕊1
Fake physical letters were sent to potential victims at their address to download "Severe Weather Warning App" via QR code. Coper AKA Octo2 malware is downloaded instead.
https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2024/2024-meteosuisse.html
https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2024/2024-meteosuisse.html
www.ncsc.admin.ch
Caution: Fake letters on behalf of MeteoSwiss – Instead of a ‘Severe Weather Warning App’, malware is downloaded
14.11.2024 - Physical letters with MeteoSwiss as the sender are currently being sent out. The letters ask the recipients to download a new ‘Severe Weather Warning App’ via a QR code. However, malware is downloaded to the smartphone instead. This looks similar…
😁18👍7🔥4❤1🌚1
GPUAF - Two ways of Rooting All Qualcomm based Android phones
https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf
https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf
🤯20🔥5👍4👏1
Reverse Engineering iOS 18 Inactivity Reboot
https://naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.html
https://naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.html
Blogspot
Reverse Engineering iOS 18 Inactivity Reboot
Wireless and firmware hacking, PhD life, Technology
🔥19❤1👍1
Disclosure of 7 Android and Google Pixel Vulnerabilities
https://blog.oversecured.com/Disclosure-of-7-Android-and-Google-Pixel-Vulnerabilities/
https://blog.oversecured.com/Disclosure-of-7-Android-and-Google-Pixel-Vulnerabilities/
News, Techniques & Guides
Disclosure of 7 Android and Google Pixel Vulnerabilities
❤23
Rooting an Android POS "Smart Terminal" to steal credit card information
Paper: https://www.nohat.it/slides/2024/jannone.pdf
Presentation: https://www.youtube.com/watch?v=a9BFGlxP71Y
Paper: https://www.nohat.it/slides/2024/jannone.pdf
Presentation: https://www.youtube.com/watch?v=a9BFGlxP71Y
YouTube
No Hat 2024 - Jacopo Jannone - Exploring and Exploiting an Android “Smart POS” Payment Terminal
EXPLORING AND EXPLOITING AN ANDROID "SMART POS" PAYMENT TERMINAL
Today, credit card terminals are undergoing a drastic evolution, moving from specialized hardware and custom-built operating systems to Android devices similar to ordinary smartphones. While…
Today, credit card terminals are undergoing a drastic evolution, moving from specialized hardware and custom-built operating systems to Android devices similar to ordinary smartphones. While…
👍20🔥7
SMS blaster - gang that drove around Bangkok sending thousands of phishing messages by impersonating cellular base station
https://techcrunch.com/2024/11/25/authorities-catch-sms-blaster-gang-that-drove-around-bangkok-sending-thousands-of-phishing-messages/
https://techcrunch.com/2024/11/25/authorities-catch-sms-blaster-gang-that-drove-around-bangkok-sending-thousands-of-phishing-messages/
TechCrunch
Authorities catch 'SMS blaster' gang that drove around Bangkok sending thousands of phishing messages | TechCrunch
Thai authorities said the crime gang sent around a million malicious SMS text messages to nearby residents over a three-day period in November.
👍14❤3⚡2
SpyLoan: A Global Threat Exploiting Social Engineering
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyloan-a-global-threat-exploiting-social-engineering/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyloan-a-global-threat-exploiting-social-engineering/
McAfee Blog
SpyLoan: A Global Threat Exploiting Social Engineering | McAfee Blog
Authored by: Fernando Ruiz The McAfee mobile research team recently identified a significant global increase of SpyLoan, also known as predatory
🔥13👍5🥱2💩1😴1🤷1
Mobile scareware now mimics cracked smartphone screen as a result of a fake virus infection
https://www.mobile-hacker.com/2024/11/27/smartphone-scareware-cracked-screen-as-a-result-of-virus/
https://www.mobile-hacker.com/2024/11/27/smartphone-scareware-cracked-screen-as-a-result-of-virus/
Mobile Hacker
Smartphone scareware: cracked screen as a result of virus
This new technique mimics a cracked screen that is a result of a fake virus infection as visible in the video below
👍12😁8❤2🌚2
Analyzing the Integration of Effective Defenses against One-Day Exploits in Android Kernels
https://www.usenix.org/system/files/usenixsecurity24-maar-defects.pdf
https://www.usenix.org/system/files/usenixsecurity24-maar-defects.pdf
🔥11❤3
Police in India warns about 'wedding card scam' Android malware being distributed via WhatsApp
[Does anyone here has this malware sample to share? If so, please post a comment or send me a message. Thanks!]
https://www.msn.com/en-in/money/news/police-of-the-four-biggest-states-in-india-warn-about-this-wedding-card-scam-on-whatsapp-that-people-have-lost-lakhs-to/ar-AA1uLCma
[Does anyone here has this malware sample to share? If so, please post a comment or send me a message. Thanks!]
https://www.msn.com/en-in/money/news/police-of-the-four-biggest-states-in-india-warn-about-this-wedding-card-scam-on-whatsapp-that-people-have-lost-lakhs-to/ar-AA1uLCma
👍13❤1💩1
Introduction to Fuzzing Android Native Components using tools like AFL++ and QEMU
https://blog.convisoappsec.com/en/introduction-to-fuzzing-android-native-components/
https://blog.convisoappsec.com/en/introduction-to-fuzzing-android-native-components/
Conviso AppSec
Introduction to Fuzzing Android Native Components
Discover how fuzzing can identify critical vulnerabilities in native Android components, strengthening device security.
🔥14🌚2👍1💩1
Forwarded from The Bug Bounty Hunter
( ͡◕ _ ͡◕)👌
Android's CVE-2020-0238 (AccountTypePreferenceLoader)
Note: This is part of my @vr_progress journal. Also, subscribe to my new @SideQuest_256 channel and I might post videos about the Android journey too :D This is a story about how I wasted my weekend over a bug that was categorized as a High/EoP but then couldn’t…
👍12🌚2❤1
The Ultimate Handheld Hacking Device - My Experience with NetHunter
https://andy.codes/blog/security_articles/2024-11-27-the-ultimate-handheld-hacking-device.html
https://andy.codes/blog/security_articles/2024-11-27-the-ultimate-handheld-hacking-device.html
andy.codes
2024-11-27 - The Ultimate Handheld Hacking Device - My Experience with NetHunter - Andy's Cave
This page is a collection of my security research, and other infosec-related activities.
🌚8❤4👍2
This media is not supported in your browser
VIEW IN TELEGRAM
How to build portable hacking lab and control it with a smartphone
https://www.mobile-hacker.com/2024/10/04/portable-hacking-lab-control-the-smallest-kali-linux-with-a-smartphone/
https://www.mobile-hacker.com/2024/10/04/portable-hacking-lab-control-the-smallest-kali-linux-with-a-smartphone/
👍18❤5
Cybercriminals Use NFC Relay to Turn Stolen Credit Cards into Cash without a PIN
https://www.mobile-hacker.com/2024/12/02/cybercriminals-use-nfc-relay-to-turn-stolen-credit-cards-into-cash-without-a-pin/
https://www.mobile-hacker.com/2024/12/02/cybercriminals-use-nfc-relay-to-turn-stolen-credit-cards-into-cash-without-a-pin/
Mobile Hacker
Cybercriminals Use NFC Relay to Turn Stolen Credit Cards into Cash without a PIN Mobile Hacker
ThreatFabric has identified a new cash-out tactic that wasn’t seen before called “Ghost Tap”, which cybercriminals use to exploit stolen credit card details linked to mobile payment services like Google Pay and Apple Pay. This method involves relaying NFC…
👍14🔥2❤1