Rooting an Android POS "Smart Terminal" to steal credit card information
Paper: https://www.nohat.it/slides/2024/jannone.pdf
Presentation: https://www.youtube.com/watch?v=a9BFGlxP71Y
Paper: https://www.nohat.it/slides/2024/jannone.pdf
Presentation: https://www.youtube.com/watch?v=a9BFGlxP71Y
YouTube
No Hat 2024 - Jacopo Jannone - Exploring and Exploiting an Android “Smart POS” Payment Terminal
EXPLORING AND EXPLOITING AN ANDROID "SMART POS" PAYMENT TERMINAL
Today, credit card terminals are undergoing a drastic evolution, moving from specialized hardware and custom-built operating systems to Android devices similar to ordinary smartphones. While…
Today, credit card terminals are undergoing a drastic evolution, moving from specialized hardware and custom-built operating systems to Android devices similar to ordinary smartphones. While…
👍20🔥7
SMS blaster - gang that drove around Bangkok sending thousands of phishing messages by impersonating cellular base station
https://techcrunch.com/2024/11/25/authorities-catch-sms-blaster-gang-that-drove-around-bangkok-sending-thousands-of-phishing-messages/
https://techcrunch.com/2024/11/25/authorities-catch-sms-blaster-gang-that-drove-around-bangkok-sending-thousands-of-phishing-messages/
TechCrunch
Authorities catch 'SMS blaster' gang that drove around Bangkok sending thousands of phishing messages | TechCrunch
Thai authorities said the crime gang sent around a million malicious SMS text messages to nearby residents over a three-day period in November.
👍14❤3⚡2
SpyLoan: A Global Threat Exploiting Social Engineering
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyloan-a-global-threat-exploiting-social-engineering/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyloan-a-global-threat-exploiting-social-engineering/
McAfee Blog
SpyLoan: A Global Threat Exploiting Social Engineering | McAfee Blog
Authored by: Fernando Ruiz The McAfee mobile research team recently identified a significant global increase of SpyLoan, also known as predatory
🔥13👍5🥱2💩1😴1🤷1
Mobile scareware now mimics cracked smartphone screen as a result of a fake virus infection
https://www.mobile-hacker.com/2024/11/27/smartphone-scareware-cracked-screen-as-a-result-of-virus/
https://www.mobile-hacker.com/2024/11/27/smartphone-scareware-cracked-screen-as-a-result-of-virus/
Mobile Hacker
Smartphone scareware: cracked screen as a result of virus
This new technique mimics a cracked screen that is a result of a fake virus infection as visible in the video below
👍12😁8❤2🌚2
Analyzing the Integration of Effective Defenses against One-Day Exploits in Android Kernels
https://www.usenix.org/system/files/usenixsecurity24-maar-defects.pdf
https://www.usenix.org/system/files/usenixsecurity24-maar-defects.pdf
🔥11❤3
Police in India warns about 'wedding card scam' Android malware being distributed via WhatsApp
[Does anyone here has this malware sample to share? If so, please post a comment or send me a message. Thanks!]
https://www.msn.com/en-in/money/news/police-of-the-four-biggest-states-in-india-warn-about-this-wedding-card-scam-on-whatsapp-that-people-have-lost-lakhs-to/ar-AA1uLCma
[Does anyone here has this malware sample to share? If so, please post a comment or send me a message. Thanks!]
https://www.msn.com/en-in/money/news/police-of-the-four-biggest-states-in-india-warn-about-this-wedding-card-scam-on-whatsapp-that-people-have-lost-lakhs-to/ar-AA1uLCma
👍13❤1💩1
Introduction to Fuzzing Android Native Components using tools like AFL++ and QEMU
https://blog.convisoappsec.com/en/introduction-to-fuzzing-android-native-components/
https://blog.convisoappsec.com/en/introduction-to-fuzzing-android-native-components/
Conviso AppSec
Introduction to Fuzzing Android Native Components
Discover how fuzzing can identify critical vulnerabilities in native Android components, strengthening device security.
🔥14🌚2👍1💩1
Forwarded from The Bug Bounty Hunter
( ͡◕ _ ͡◕)👌
Android's CVE-2020-0238 (AccountTypePreferenceLoader)
Note: This is part of my @vr_progress journal. Also, subscribe to my new @SideQuest_256 channel and I might post videos about the Android journey too :D This is a story about how I wasted my weekend over a bug that was categorized as a High/EoP but then couldn’t…
👍12🌚2❤1
The Ultimate Handheld Hacking Device - My Experience with NetHunter
https://andy.codes/blog/security_articles/2024-11-27-the-ultimate-handheld-hacking-device.html
https://andy.codes/blog/security_articles/2024-11-27-the-ultimate-handheld-hacking-device.html
andy.codes
2024-11-27 - The Ultimate Handheld Hacking Device - My Experience with NetHunter - Andy's Cave
This page is a collection of my security research, and other infosec-related activities.
🌚8❤4👍2
This media is not supported in your browser
VIEW IN TELEGRAM
How to build portable hacking lab and control it with a smartphone
https://www.mobile-hacker.com/2024/10/04/portable-hacking-lab-control-the-smallest-kali-linux-with-a-smartphone/
https://www.mobile-hacker.com/2024/10/04/portable-hacking-lab-control-the-smallest-kali-linux-with-a-smartphone/
👍18❤5
Cybercriminals Use NFC Relay to Turn Stolen Credit Cards into Cash without a PIN
https://www.mobile-hacker.com/2024/12/02/cybercriminals-use-nfc-relay-to-turn-stolen-credit-cards-into-cash-without-a-pin/
https://www.mobile-hacker.com/2024/12/02/cybercriminals-use-nfc-relay-to-turn-stolen-credit-cards-into-cash-without-a-pin/
Mobile Hacker
Cybercriminals Use NFC Relay to Turn Stolen Credit Cards into Cash without a PIN Mobile Hacker
ThreatFabric has identified a new cash-out tactic that wasn’t seen before called “Ghost Tap”, which cybercriminals use to exploit stolen credit card details linked to mobile payment services like Google Pay and Apple Pay. This method involves relaying NFC…
👍14🔥2❤1
Android Flutter malware analysis by Axelle Apvrille (Fortinet)
Presentation: https://youtu.be/K9Ekxo-K_QY?si=W-QhYvcVEYxTCKwz
Slides: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/slides/Slides-Android-Flutter-malware.pdf
Paper: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/papers/Android-Flutter-malware.pdf
Presentation: https://youtu.be/K9Ekxo-K_QY?si=W-QhYvcVEYxTCKwz
Slides: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/slides/Slides-Android-Flutter-malware.pdf
Paper: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/papers/Android-Flutter-malware.pdf
YouTube
Android Flutter malware - Axelle Apvrille (Fortinet)
Presented at the VB2024 conference in Dublin, 2 - 4 October 2024.
↓ Slides: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/slides/Slides-Android-Flutter-malware.pdf
↓ Paper: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/papers/Android…
↓ Slides: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/slides/Slides-Android-Flutter-malware.pdf
↓ Paper: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/papers/Android…
👍17✍2🔥1
DroidBot: Insights from a new Turkish MaaS fraud operation
https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation?s=03
https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation?s=03
Cleafy
DroidBot: Insights from a new Turkish MaaS fraud operation | Cleafy Labs
Cleafy Labs reveals DroidBot, a new Android Remote Access Trojan targeting banks, crypto exchanges, and national organisations in Europe and beyond. Learn how it operates with dual-channel communication and evolving tactics. Read here the full report.
👍13❤3
Automatically decode Android apps and searche for secrets
https://trufflesecurity.com/blog/cracking-open-apk-files-at-scale
https://trufflesecurity.com/blog/cracking-open-apk-files-at-scale
Trufflesecurity
Cracking Open APK Files at Scale ◆ Truffle Security Co.
TruffleHog now automatically decodes Android Package Kit (APK) files and searches them for secrets. It runs ~9x faster than using an external decompiler before calling TruffleHog.
👍19❤7🔥3
Trying to exploit my old Android using CVE-2020-0401 (PackageManagerService)
https://pwner.gg/blog/Android's-CVE-2020-0401
https://pwner.gg/blog/Android's-CVE-2020-0401
( ͡◕ _ ͡◕)👌
Android's CVE-2020-0401 (PackageManagerService)
Note This is another attempt in my Android Side Quest (the previous one was Android’s CVE-2020-0238). Intro While digging around through my old gadgets, I found my ancient OnePlus phone that had been gathering dust in a drawer.
👍20
Malimite: iOS decompiler designed to analyze and decode IPA files
Built on top of Ghidra to offer direct support for Swift, Objective-C, and iOS resources
https://github.com/LaurieWired/Malimite
Built on top of Ghidra to offer direct support for Swift, Objective-C, and iOS resources
https://github.com/LaurieWired/Malimite
GitHub
GitHub - LaurieWired/Malimite: iOS and macOS Decompiler
iOS and macOS Decompiler. Contribute to LaurieWired/Malimite development by creating an account on GitHub.
🔥22🥰4❤3
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
https://www.trendmicro.com/en_us/research/24/l/earth-minotaur.html
https://www.trendmicro.com/en_us/research/24/l/earth-minotaur.html
Trend Micro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
👍14
Android smartphone Confiscated by Russian Authorities Returned with Monokle-Type Spyware Installed
https://citizenlab.ca/2024/12/device-confiscated-by-russian-authorities-returned-with-monokle-type-spyware-installed/
https://citizenlab.ca/2024/12/device-confiscated-by-russian-authorities-returned-with-monokle-type-spyware-installed/
The Citizen Lab
Something to Remember Us By
In a joint investigation with The First Department, The Citizen Lab uncovered spyware covertly implanted on the phone of a Russian programmer following his release from Russian custody. The Monokle-like spyware allows an operator to track the device’s location…
👍13🔥2
Deobfuscate Android App: LLM tool to find any potential security vulnerabilities in Android apps and deobfuscate Android app code
https://github.com/In3tinct/deobfuscate-android-app
https://github.com/In3tinct/deobfuscate-android-app
GitHub
GitHub - In3tinct/Androidmeda: LLM tool to deobfuscate android app and find any potential vulnerabilities in android apps and …
LLM tool to deobfuscate android app and find any potential vulnerabilities in android apps and code. - In3tinct/Androidmeda
🔥25
OWApp Benchmark Suite: A comprehensive framework designed to automate and enhance the benchmarking process for mobile applications, particularly within the context of security analysis
https://github.com/Mobile-IoT-Security-Lab/OWApp-Benchmarking-Suite
https://github.com/Mobile-IoT-Security-Lab/OWApp-Benchmarking-Suite
GitHub
GitHub - Mobile-IoT-Security-Lab/OWApp-Benchmarking-Suite: The OWApp Benchmark: an OWASP-compliant Vulnerable Android App Dataset
The OWApp Benchmark: an OWASP-compliant Vulnerable Android App Dataset - Mobile-IoT-Security-Lab/OWApp-Benchmarking-Suite
🔥12👍4
AppLite: A New AntiDot Variant Targeting Mobile Employee Devices
https://www.zimperium.com/blog/applite-a-new-antidot-variant-targeting-mobile-employee-devices/
https://www.zimperium.com/blog/applite-a-new-antidot-variant-targeting-mobile-employee-devices/
Zimperium
AppLite: A New AntiDot Variant Targeting Mobile Employee Devices
true
🔥17