Top Android malware threats - Month of July, 2019
Full list: http://skptr.me/malware_timeline_2019.html
Download samples: https://github.com/sk3ptre/AndroidMalware_2019
Full list: http://skptr.me/malware_timeline_2019.html
Download samples: https://github.com/sk3ptre/AndroidMalware_2019
Fake Antivirus with 100K+ installs found on Google Play
https://twitter.com/tom_sara05/status/1157176010585997312?s=19
https://twitter.com/tom_sara05/status/1157176010585997312?s=19
Subnoscription scam on Google Play with 1,000,000+ downloads exploits 3-day trial, then robs you of €54.99 per week
https://twitter.com/ESETresearch/status/1157206903602028544
https://twitter.com/ESETresearch/status/1157206903602028544
Twitter
ESET research
Subnoscription #scam on #GooglePlay with 1M+ downloads exploits 3-day trial, then robs you of €54.99 per week. This makes it 10 times more expensive than legitimate professional software. @LukasStefanko #reported it to Google. #ESETresearch thanks @jaymin9687…
Three adware apps with 30,000+ installs altogether.
- in app manager they change name to Google Play Store
- hide itself icon
- display full-screen ads every 15 minutes, but only starting 24 hours after installation
https://labs.bitdefender.com/2019/07/adware-packed-fake-apps-still-making-their-way-to-google-play/
- in app manager they change name to Google Play Store
- hide itself icon
- display full-screen ads every 15 minutes, but only starting 24 hours after installation
https://labs.bitdefender.com/2019/07/adware-packed-fake-apps-still-making-their-way-to-google-play/
Bitdefender Labs
Adware-Packed Fake Apps Still Making Their Way to Google Play
Adware is nothing new, nor will it go away any time soon, especially since it’s a legitimate means for app developers to generate revenue. When it... #aggressiveadware #androidadware #androidresearch
HiddenAd adware discovered on Google Play was one of the top 10 new apps in the store in July!
Reached 1M+ downloads. Reported.
https://t.co/iY3z60gicp
Reached 1M+ downloads. Reported.
https://t.co/iY3z60gicp
Twitter
ESET research
#HiddenAd adware found on Google Play was one of the top 10 new apps in the store in July, with 1M+ downloads - until @LukasStefanko #reported it. IoC Hash: 3E1E1FD9BAE9E7DDE2CB06859E125352B7EA8ABD ESET detection name: Android/Hiddad.ADQ
Record for HiddenAd Adware found on Google Play.
It reached 5,000,000+ installs.
-after launch can hide itself icon
-after unlocking device it display fullscreen ad
-reported
https://twitter.com/ReBensk/status/1157267868993515521?s=19
It reached 5,000,000+ installs.
-after launch can hide itself icon
-after unlocking device it display fullscreen ad
-reported
https://twitter.com/ReBensk/status/1157267868993515521?s=19
Found new ways to hack WPA3 protected wifi passwords
https://wpa3.mathyvanhoef.com/
https://wpa3.mathyvanhoef.com/
Mathyvanhoef
Dragonblood: Analysing WPA3's Dragonfly Handshake
This website presents the Dragonblood Attack. It is a collection of attacks against the WPA3 protocol, which mainly abuse the password element generation algorithm of WPA3's Dragonfly handshake.
HiddenAd trojan discovered on Google Play with 100,000 installs.
Once installed, it executes itself without user interaction and displays ads.
https://t.co/DOVPmX50Bs
Once installed, it executes itself without user interaction and displays ads.
https://t.co/DOVPmX50Bs
Twitter
ESET
#HiddenAd #trojan discovered by @LukasStefanko on Google Play with 100,000 installs is removed now. Once installed, it executes itself without user interaction and displays ads. @ESETresearch ESET detection: Android/Hiddad.ACS https://t.co/DOVPmX50Bs
Compromise Android Kernel be compromised by over-the-air
CVE-2019-10538 - allows attackers to compromise the WLAN and the chip's modem over-the-air.
CVE-2019-10540 - an attacker can exploit it to compromise the Android Kernel from the WLAN component.
https://blade.tencent.com/en/advisories/qualpwn/
CVE-2019-10538 - allows attackers to compromise the WLAN and the chip's modem over-the-air.
CVE-2019-10540 - an attacker can exploit it to compromise the Android Kernel from the WLAN component.
https://blade.tencent.com/en/advisories/qualpwn/
Within 1 kilometer - surveillance van - can spy on WhatsApp messages, Facebook chats, texts, calls, contacts...
https://www.forbes.com/sites/thomasbrewster/2019/08/05/a-multimillionaire-surveillance-dealer-steps-out-of-the-shadows-and-his-9-million-whatsapp-hacking-van/
https://www.forbes.com/sites/thomasbrewster/2019/08/05/a-multimillionaire-surveillance-dealer-steps-out-of-the-shadows-and-his-9-million-whatsapp-hacking-van/
Forbes
A Multimillionaire Surveillance Dealer Steps Out Of The Shadows . . . And His $9 Million WhatsApp Hacking Van
He can hack your WhatsApp, find out where you are in 15 minutes and monitor your iPhone. But Tal Dilian says he's one of the good guys. It's badly-behaved governments who should be in trouble, not the $12 billion industry he's come to represent.
Doctor Web’s overview of virus activity on mobile devices in July 2019
https://news.drweb.com/show/review/?lng=en&i=13374
https://news.drweb.com/show/review/?lng=en&i=13374
Dr.Web
Dr.Web — Doctor Web’s overview of virus activity on mobile devices in July 2019
Find out on Doctor Web’s site about the latest virus threats and information security issues.
Need to reverse engineer an iOS app?
Works on iOS11 & 12
https://twitter.com/ddouhine/status/1158700402419937280?s=19
Works on iOS11 & 12
https://twitter.com/ddouhine/status/1158700402419937280?s=19
Twitter
Davy Douhine
Need to reverse engineer an iOS app ? 1/ Add https://t.co/PjjYGi0uSC src to Cydia 2/ Install bfdecrypt 3/ Go to bfdecrypt pref pane in Settings & set the app to decrypt 4/ Launch it 5/ Decrypted IPA is stored in the Documents folder of the app Works on iOS11…
How To Start IoT Device Firmware Reverse Engineering? #IoT
http://blog.securelayer7.net/how-to-start-iot-device-firmware-reverse-engineering/
http://blog.securelayer7.net/how-to-start-iot-device-firmware-reverse-engineering/
SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management
How to Start IoT device Firmware Reverse Engineering?
IoT device Firmware Reverse Engineering: It is a process to understand the device architecture, functionality and vulnerabilities present in the device incorporating different methods....
Pwning the Galaxy S8
Bug 0: Pwning and Examining the browser’s renderer process
Bug 1: Incomplete fix for CVE-2016-5197
Bug 2: The Email loves EML with a … XSS
Bug 3: … And file:/// crossdomain
Bug 4: Pwn a process with INSTALL_PACKAGES privilege
Bug 5: Push SDK pushes vulnerability
https://blog.flanker017.me/galaxy-leapfrogging-pwning-the-galaxy-s8/
Bug 0: Pwning and Examining the browser’s renderer process
Bug 1: Incomplete fix for CVE-2016-5197
Bug 2: The Email loves EML with a … XSS
Bug 3: … And file:/// crossdomain
Bug 4: Pwn a process with INSTALL_PACKAGES privilege
Bug 5: Push SDK pushes vulnerability
https://blog.flanker017.me/galaxy-leapfrogging-pwning-the-galaxy-s8/
Flanker Sky
Galaxy Leapfrogging: Pwning the Galaxy S8
Hello everyone, long time no see! Now begins a series of blog posts about bugs I found before and now on Android vendors, including memory corruption and logical bugs, reported and fixed via Pwn2Ow…
Facebook sues two developers from Google Play for click injection fraud
Developers: LIONMOBI and Jedimobi
Altogether 7 apps on Google Play
Altogether 217,000,000+ installs of these apps
https://newsroom.fb.com/news/2019/08/enforcing-against-click-injection-fraud/
Developers: LIONMOBI and Jedimobi
Altogether 7 apps on Google Play
Altogether 217,000,000+ installs of these apps
Click injection fraud: The malware created fake user clicks on Facebook ads that appeared on the users’ phones, giving the impression that the users had clicked on the ads.https://newsroom.fb.com/news/2019/08/enforcing-against-click-injection-fraud/
About Facebook
Enforcing Against Click Injection Fraud - About Facebook
Facebook filed suit against two app developers for misrepresenting that a real person had clicked on their ads.
Fake Antivirus with 50,000+ installs
https://twitter.com/ReBensk/status/1158280511124471808?s=19
https://twitter.com/ReBensk/status/1158280511124471808?s=19
Contractors working for Microsoft are listening to personal conversations of Skype users conducted through the mobile app's translation service
https://www.vice.com/amp/en_us/article/xweqbq/microsoft-contractors-listen-to-skype-calls
https://www.vice.com/amp/en_us/article/xweqbq/microsoft-contractors-listen-to-skype-calls
Vice
Revealed: Microsoft Contractors Are Listening to Some Skype Calls
Documents, screenshots, and audio obtained by Motherboard show that humans listen to Skype calls made using the app's translation function.
Android Spyware masquerade as a security application performed spy activities - tracking device location and eavesdropping on call conversations. It was distributed via Google Play.
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/moqhao-related-android-spyware-targeting-japan-and-korea-found-on-google-play/
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/moqhao-related-android-spyware-targeting-japan-and-korea-found-on-google-play/
McAfee Blog
Cybersecurity News and Insights to Stay Safe Online | McAfee Blog
Welcome to the McAfee Blog, where we share posts about security solutions and products to keep you and your connected family safe online.
Security analysis of counterfeit iPhone 6 and Samsung S10
-cost 1/10th of original
-both run vulnerable Android OS(4.4, 5.1)
-vulnerable kernels
-collect user info
-S10 contained RAT
I wouldn't use financial or social media apps on fake phones
https://blog.trailofbits.com/2019/08/07/from-the-depths-of-counterfeit-smartphones/
-cost 1/10th of original
-both run vulnerable Android OS(4.4, 5.1)
-vulnerable kernels
-collect user info
-S10 contained RAT
I wouldn't use financial or social media apps on fake phones
https://blog.trailofbits.com/2019/08/07/from-the-depths-of-counterfeit-smartphones/
The Trail of Bits Blog
From The Depths Of Counterfeit Smartphones
In an age of online second-hand retailers, marketplace exchanges, and third-party refurb shops, it’s easier than ever to save hundreds of dollars when buying a phone. These channels provide an appealing alternative for people foregoing a retail shopping experience…