Android Security & Malware
Five bugs in iMessages 1) CVE-2019-8647 is a remote, interactionless use-after-free - https://bugs.chromium.org/p/project-zero/issues/detail?id=1873 2) CVE-2019-8662 - https://bugs.chromium.org/p/project-zero/issues/detail?id=1917 3) CVE-2019-8660 is remote…
Remotely Stole Files Through iMessage on iOS 12.3.1 (CVE-2019-8646 by natashenka)
https://youtu.be/ld2m0CPR1nM
https://youtu.be/ld2m0CPR1nM
YouTube
Remotely Stole Files Through iMessage on iOS 12.3.1 (CVE-2019-8646 by natashenka)
Remotely Stole Files Through iMessage on iOS 12.3.1 (CVE-2019-8646 by natashenka)
Twitter @ SparkZheng
Reference: https://bugs.chromium.org/p/project-zero/issues/detail?id=1858
Twitter @ SparkZheng
Reference: https://bugs.chromium.org/p/project-zero/issues/detail?id=1858
👍1
Review of harmful apps on Google Play in July 2019
All these apps and numbers are based on researches, blogs, reports, tweets published in July, 2019 by #infosec community.
All these apps and numbers are based on researches, blogs, reports, tweets published in July, 2019 by #infosec community.
Forwarded from The Bug Bounty Hunter
Opera Android Address Bar Spoofing: CVE-2019–12278
https://medium.com/@justm0rph3u5/opera-android-address-bar-spoofing-cve-2019-12278-9ffcfd6c508c
https://medium.com/@justm0rph3u5/opera-android-address-bar-spoofing-cve-2019-12278-9ffcfd6c508c
Medium
Opera Android Address Bar Spoofing: CVE-2019–12278
Learning is a continuous process, there are millions of writeups, blogs and researches which one keeps on studying. Similarly, I read that…
America Phone Farmers
Ordinary Americans are using armies of phones to generate cash through ad fraud.
https://www.vice.com/en_us/article/d3naek/how-to-make-a-phone-farm
Ordinary Americans are using armies of phones to generate cash through ad fraud.
https://www.vice.com/en_us/article/d3naek/how-to-make-a-phone-farm
VICE
America’s DIY Phone Farmers
Ordinary Americans are using armies of phones to generate cash to buy food, diapers, and beer through ad fraud.
Tested 21 Android antivirus apps and found serious vulnerabilities
-3 IDOR vulnerabilities (leak address book, send fake alerts, remotely disabling AV protection)
-2 XSS
https://www.comparitech.com/antivirus/android-antivirus-vulnerabilities/
-3 IDOR vulnerabilities (leak address book, send fake alerts, remotely disabling AV protection)
-2 XSS
https://www.comparitech.com/antivirus/android-antivirus-vulnerabilities/
Comparitech
We tested 21 Android antivirus apps and found these serious vulnerabilities - Comparitech
Android antivirus apps claim to protect your device, but we found a ton of security holes and privacy risks -- one of them even exposes your address book
Top Android malware threats - Month of July, 2019
Full list: http://skptr.me/malware_timeline_2019.html
Download samples: https://github.com/sk3ptre/AndroidMalware_2019
Full list: http://skptr.me/malware_timeline_2019.html
Download samples: https://github.com/sk3ptre/AndroidMalware_2019
Fake Antivirus with 100K+ installs found on Google Play
https://twitter.com/tom_sara05/status/1157176010585997312?s=19
https://twitter.com/tom_sara05/status/1157176010585997312?s=19
Subnoscription scam on Google Play with 1,000,000+ downloads exploits 3-day trial, then robs you of €54.99 per week
https://twitter.com/ESETresearch/status/1157206903602028544
https://twitter.com/ESETresearch/status/1157206903602028544
Twitter
ESET research
Subnoscription #scam on #GooglePlay with 1M+ downloads exploits 3-day trial, then robs you of €54.99 per week. This makes it 10 times more expensive than legitimate professional software. @LukasStefanko #reported it to Google. #ESETresearch thanks @jaymin9687…
Three adware apps with 30,000+ installs altogether.
- in app manager they change name to Google Play Store
- hide itself icon
- display full-screen ads every 15 minutes, but only starting 24 hours after installation
https://labs.bitdefender.com/2019/07/adware-packed-fake-apps-still-making-their-way-to-google-play/
- in app manager they change name to Google Play Store
- hide itself icon
- display full-screen ads every 15 minutes, but only starting 24 hours after installation
https://labs.bitdefender.com/2019/07/adware-packed-fake-apps-still-making-their-way-to-google-play/
Bitdefender Labs
Adware-Packed Fake Apps Still Making Their Way to Google Play
Adware is nothing new, nor will it go away any time soon, especially since it’s a legitimate means for app developers to generate revenue. When it... #aggressiveadware #androidadware #androidresearch
HiddenAd adware discovered on Google Play was one of the top 10 new apps in the store in July!
Reached 1M+ downloads. Reported.
https://t.co/iY3z60gicp
Reached 1M+ downloads. Reported.
https://t.co/iY3z60gicp
Twitter
ESET research
#HiddenAd adware found on Google Play was one of the top 10 new apps in the store in July, with 1M+ downloads - until @LukasStefanko #reported it. IoC Hash: 3E1E1FD9BAE9E7DDE2CB06859E125352B7EA8ABD ESET detection name: Android/Hiddad.ADQ
Record for HiddenAd Adware found on Google Play.
It reached 5,000,000+ installs.
-after launch can hide itself icon
-after unlocking device it display fullscreen ad
-reported
https://twitter.com/ReBensk/status/1157267868993515521?s=19
It reached 5,000,000+ installs.
-after launch can hide itself icon
-after unlocking device it display fullscreen ad
-reported
https://twitter.com/ReBensk/status/1157267868993515521?s=19
Found new ways to hack WPA3 protected wifi passwords
https://wpa3.mathyvanhoef.com/
https://wpa3.mathyvanhoef.com/
Mathyvanhoef
Dragonblood: Analysing WPA3's Dragonfly Handshake
This website presents the Dragonblood Attack. It is a collection of attacks against the WPA3 protocol, which mainly abuse the password element generation algorithm of WPA3's Dragonfly handshake.
HiddenAd trojan discovered on Google Play with 100,000 installs.
Once installed, it executes itself without user interaction and displays ads.
https://t.co/DOVPmX50Bs
Once installed, it executes itself without user interaction and displays ads.
https://t.co/DOVPmX50Bs
Twitter
ESET
#HiddenAd #trojan discovered by @LukasStefanko on Google Play with 100,000 installs is removed now. Once installed, it executes itself without user interaction and displays ads. @ESETresearch ESET detection: Android/Hiddad.ACS https://t.co/DOVPmX50Bs
Compromise Android Kernel be compromised by over-the-air
CVE-2019-10538 - allows attackers to compromise the WLAN and the chip's modem over-the-air.
CVE-2019-10540 - an attacker can exploit it to compromise the Android Kernel from the WLAN component.
https://blade.tencent.com/en/advisories/qualpwn/
CVE-2019-10538 - allows attackers to compromise the WLAN and the chip's modem over-the-air.
CVE-2019-10540 - an attacker can exploit it to compromise the Android Kernel from the WLAN component.
https://blade.tencent.com/en/advisories/qualpwn/
Within 1 kilometer - surveillance van - can spy on WhatsApp messages, Facebook chats, texts, calls, contacts...
https://www.forbes.com/sites/thomasbrewster/2019/08/05/a-multimillionaire-surveillance-dealer-steps-out-of-the-shadows-and-his-9-million-whatsapp-hacking-van/
https://www.forbes.com/sites/thomasbrewster/2019/08/05/a-multimillionaire-surveillance-dealer-steps-out-of-the-shadows-and-his-9-million-whatsapp-hacking-van/
Forbes
A Multimillionaire Surveillance Dealer Steps Out Of The Shadows . . . And His $9 Million WhatsApp Hacking Van
He can hack your WhatsApp, find out where you are in 15 minutes and monitor your iPhone. But Tal Dilian says he's one of the good guys. It's badly-behaved governments who should be in trouble, not the $12 billion industry he's come to represent.
Doctor Web’s overview of virus activity on mobile devices in July 2019
https://news.drweb.com/show/review/?lng=en&i=13374
https://news.drweb.com/show/review/?lng=en&i=13374
Dr.Web
Dr.Web — Doctor Web’s overview of virus activity on mobile devices in July 2019
Find out on Doctor Web’s site about the latest virus threats and information security issues.
Need to reverse engineer an iOS app?
Works on iOS11 & 12
https://twitter.com/ddouhine/status/1158700402419937280?s=19
Works on iOS11 & 12
https://twitter.com/ddouhine/status/1158700402419937280?s=19
Twitter
Davy Douhine
Need to reverse engineer an iOS app ? 1/ Add https://t.co/PjjYGi0uSC src to Cydia 2/ Install bfdecrypt 3/ Go to bfdecrypt pref pane in Settings & set the app to decrypt 4/ Launch it 5/ Decrypted IPA is stored in the Documents folder of the app Works on iOS11…
How To Start IoT Device Firmware Reverse Engineering? #IoT
http://blog.securelayer7.net/how-to-start-iot-device-firmware-reverse-engineering/
http://blog.securelayer7.net/how-to-start-iot-device-firmware-reverse-engineering/
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
How to Start IoT device Firmware Reverse Engineering?
IoT device Firmware Reverse Engineering: It is a process to understand the device architecture, functionality and vulnerabilities present in the device incorporating different methods....
Pwning the Galaxy S8
Bug 0: Pwning and Examining the browser’s renderer process
Bug 1: Incomplete fix for CVE-2016-5197
Bug 2: The Email loves EML with a … XSS
Bug 3: … And file:/// crossdomain
Bug 4: Pwn a process with INSTALL_PACKAGES privilege
Bug 5: Push SDK pushes vulnerability
https://blog.flanker017.me/galaxy-leapfrogging-pwning-the-galaxy-s8/
Bug 0: Pwning and Examining the browser’s renderer process
Bug 1: Incomplete fix for CVE-2016-5197
Bug 2: The Email loves EML with a … XSS
Bug 3: … And file:/// crossdomain
Bug 4: Pwn a process with INSTALL_PACKAGES privilege
Bug 5: Push SDK pushes vulnerability
https://blog.flanker017.me/galaxy-leapfrogging-pwning-the-galaxy-s8/
Flanker Sky
Galaxy Leapfrogging: Pwning the Galaxy S8
Hello everyone, long time no see! Now begins a series of blog posts about bugs I found before and now on Android vendors, including memory corruption and logical bugs, reported and fixed via Pwn2Ow…
Facebook sues two developers from Google Play for click injection fraud
Developers: LIONMOBI and Jedimobi
Altogether 7 apps on Google Play
Altogether 217,000,000+ installs of these apps
https://newsroom.fb.com/news/2019/08/enforcing-against-click-injection-fraud/
Developers: LIONMOBI and Jedimobi
Altogether 7 apps on Google Play
Altogether 217,000,000+ installs of these apps
Click injection fraud: The malware created fake user clicks on Facebook ads that appeared on the users’ phones, giving the impression that the users had clicked on the ads.https://newsroom.fb.com/news/2019/08/enforcing-against-click-injection-fraud/
About Facebook
Enforcing Against Click Injection Fraud - About Facebook
Facebook filed suit against two app developers for misrepresenting that a real person had clicked on their ads.