14.11.2024 - Physical letters with MeteoSwiss as the sender are currently being sent out. The letters ask the recipients to download a new ‘Severe Weather Warning App’ via a QR code. However, malware is downloaded to the smartphone instead. This looks similar…

Wireless and firmware hacking, PhD life, Technology

Discover how reverse engineering led to a $5000 bounty by exploiting a critical vulnerability in a popular Android app

EXPLORING AND EXPLOITING AN ANDROID "SMART POS" PAYMENT TERMINAL

Today, credit card terminals are undergoing a drastic evolution, moving from specialized hardware and custom-built operating systems to Android devices similar to ordinary smartphones. While…

Thai authorities said the crime gang sent around a million malicious SMS text messages to nearby residents over a three-day period in November.

Authored by: Fernando Ruiz The McAfee mobile research team recently identified a significant global increase of SpyLoan, also known as predatory

This new technique mimics a cracked screen that is a result of a fake virus infection as visible in the video below

Discover how fuzzing can identify critical vulnerabilities in native Android components, strengthening device security.

Note: This is part of my @vr_progress journal. Also, subscribe to my new @SideQuest_256 channel and I might post videos about the Android journey too :D This is a story about how I wasted my weekend over a bug that was categorized as a High/EoP but then couldn’t…

This page is a collection of my security research, and other infosec-related activities.

ThreatFabric has identified a new cash-out tactic that wasn’t seen before called “Ghost Tap”, which cybercriminals use to exploit stolen credit card details linked to mobile payment services like Google Pay and Apple Pay. This method involves relaying NFC…

Presented at the VB2024 conference in Dublin, 2 - 4 October 2024.
↓ Slides: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/slides/Slides-Android-Flutter-malware.pdf
↓ Paper: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/papers/Android…

Cleafy Labs reveals DroidBot, a new Android Remote Access Trojan targeting banks, crypto exchanges, and national organisations in Europe and beyond. Learn how it operates with dual-channel communication and evolving tactics. Read here the full report.

TruffleHog now automatically decodes Android Package Kit (APK) files and searches them for secrets. It runs ~9x faster than using an external decompiler before calling TruffleHog.

Note This is another attempt in my Android Side Quest (the previous one was Android’s CVE-2020-0238). Intro While digging around through my old gadgets, I found my ancient OnePlus phone that had been gathering dust in a drawer.

iOS and macOS Decompiler. Contribute to LaurieWired/Malimite development by creating an account on GitHub.