Solving Android CTF from BSidesSF2019
https://aadityapurani.com/2019/03/07/bsidessf-ctf-2019-mobile-track/
https://aadityapurani.com/2019/03/07/bsidessf-ctf-2019-mobile-track/
Aaditya Purani - Hacker
[BSidesSF CTF 2019] – Mobile Track
Introduction BSIDES CTF 2019 was hosted by Google and Facebook in San Francisco during the BSides Conference. Teams from all over the world could compete, but the prizes can only be claimed by team…
Bypass passcode protection in NextCloud Android app
https://hackerone.com/reports/631206
https://hackerone.com/reports/631206
HackerOne
Nextcloud disclosed on HackerOne: Passcode Protection in Android...
###What is The Vulnerability?
The Passcode can be bypassed by calling a MainLoginActivity which is com.owncloud.android.ui.activity.FileDisplayActivity , We have successfully bypassed the passcode...
The Passcode can be bypassed by calling a MainLoginActivity which is com.owncloud.android.ui.activity.FileDisplayActivity , We have successfully bypassed the passcode...
Android Trojan Dropper - xHelper
https://blog.malwarebytes.com/android/2019/08/mobile-menace-monday-android-trojan-raises-xhelper/
https://blog.malwarebytes.com/android/2019/08/mobile-menace-monday-android-trojan-raises-xhelper/
Malwarebytes Labs
Mobile Menace Monday: Android Trojan raises xHelper Malwarebytes Labs
Since its introduction in May 2019, the xHelper dropper, an Android Trojan, has climbed to our top 10 list of most detected mobile malware.
Tests of some of Android Antiviruses (Banking, Trojans, Spyware, PUAs, SMS)
https://www.mrg-effitas.com/wp-content/uploads/2019/08/Android360_2019q2_7.pdf
https://www.mrg-effitas.com/wp-content/uploads/2019/08/Android360_2019q2_7.pdf
Trojan found in CamScanner – Phone PDF creator app with 100,000,000+ installs on Google Play
This Trojan downloads malicious payload from developer's server.
https://securelist.com/dropper-in-google-play/92496/
This Trojan downloads malicious payload from developer's server.
https://securelist.com/dropper-in-google-play/92496/
Securelist
An advertising dropper in Google Play
Recently, the popular CamScanner – Phone PDF creator app caught our attention. After analyzing the app, we saw that the developer added an advertising library to it that contains a malicious dropper component.
Two fake phishing apps found on Google Play. Both of them request user's credit card details. Target Brazilian 🇧🇷 users.
https://twitter.com/silvaaa_anne/status/1166435030182313985?s=19
https://twitter.com/silvaaa_anne/status/1166407382840168449?s=19
Pernambucanas - Cupons - 100+ installsMidway Acesso (impersontes Riachuelo) - 5+ installshttps://twitter.com/silvaaa_anne/status/1166435030182313985?s=19
https://twitter.com/silvaaa_anne/status/1166407382840168449?s=19
Twitter
Anne Silva
Another Malicious App targeting Pernambucanas clients: https://t.co/vcZjTNDDeB @assolini @defesa_digital @Android @GooglePlay @emilio_simoni
Six new HiddenAd Trojans found on Google Play with 280,000+ downloads. If you have them installed, remove them. https://t.co/fB1CCttfIZ
Fake VPN app found on Google Play can download and install additional apps.
https://twitter.com/m0br3v/status/1166680295023812609?s=19
https://twitter.com/m0br3v/status/1166680295023812609?s=19
Twitter
I.Zhilyakov
Fake VPN client has been found and removed from Google Play. On command: -opens web, #instagram, #telegram and google play pages -downloads and tries to install other applications ioc: d789d13c6187ad3cd2991b6d387d9e943d394a8c #android #trojan #malware
Two adware apps found on Google Play with over 1.5 million installs.
https://www.symantec.com/blogs/threat-intelligence/stealthy-ad-clicking-apps-google-play
https://www.symantec.com/blogs/threat-intelligence/stealthy-ad-clicking-apps-google-play
Symantec
New Stealthy Ad Clicking Tactics Found in Popular Apps on Google Play
Two apps with over 1.5 million downloads use new method to stealthily click ads on users’ devices. Apps present on Play Store for almost a year before being discovered.
👍1
Forwarded from The Bug Bounty Hunter
Google adds all Android apps with +100m installs to its bug bounty program
https://www.zdnet.com/article/google-adds-all-android-apps-with-100m-installs-to-its-bug-bounty-program/
https://www.zdnet.com/article/google-adds-all-android-apps-with-100m-installs-to-its-bug-bounty-program/
ZDNet
Google adds all Android apps with +100m installs to its bug bounty program
Google will pay security researchers for bugs they report in non-Google Android apps that have over 100 million installs.
Russian police take down malware gang that infected 800,000+ Android smartphones
They rented Hqwar, Asacub (Honli), Cron, CatsElite (MarsElite), Lokibot and modernized Marcher (Rahunok).
https://www.zdnet.com/article/russian-police-take-down-malware-gang-that-infected-800000-android-smartphones/
They rented Hqwar, Asacub (Honli), Cron, CatsElite (MarsElite), Lokibot and modernized Marcher (Rahunok).
https://www.zdnet.com/article/russian-police-take-down-malware-gang-that-infected-800000-android-smartphones/
ZDNet
Russian police take down malware gang that infected 800,000+ Android smartphones
TipTop malware gang was making between $1,500 and $10,500 in daily profits.
Brazilian Android RAT distributed by over 20 apps via Google Play mostly as WhatsApp update exploiting WhatsApp's CVE-2019-3568.
One of the apps had 10,000+ installs.
https://securelist.com/spying-android-rat-from-brazil-brata/92775/
One of the apps had 10,000+ installs.
https://securelist.com/spying-android-rat-from-brazil-brata/92775/
Securelist
Fully equipped Spying Android RAT from Brazil: BRATA
BRATA” is a new Android remote access tool malware family. It exclusively targets victims in Brazil.
A very deep dive into iOS Exploit chains found in the wild
Waterhole attacks - get your iPhone hacked only by visiting hacked website.
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
Waterhole attacks - get your iPhone hacked only by visiting hacked website.
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
Blogspot
A very deep dive into iOS Exploit chains found in the wild
Posted by Ian Beer, Project Zero Project Zero’s mission is to make 0-day hard. We often work with other companies to find and report se...
How to Extract and Decrypt Signal Conversation History from the iPhone
https://blog.elcomsoft.com/2019/08/how-to-extract-and-decrypt-signal-conversation-history-from-the-iphone/
https://blog.elcomsoft.com/2019/08/how-to-extract-and-decrypt-signal-conversation-history-from-the-iphone/
ElcomSoft blog
How to Extract and Decrypt Signal Conversation History from the iPhone
With over half a million users, Signal is an incredibly secure cross-platform instant messaging app. With emphasis on security, there is no wonder that Signal is frequently picked as a communication tool by those who have something to hide. Elcomsoft Phone…
ARES ADB IOT Botnet Targeting Android Devices especially STBs/ TVs
https://www.wootcloud.com/blogs/ars_botnet.html
https://www.wootcloud.com/blogs/ars_botnet.html
Facebook Android app scans system libraries from their user’s phone in the background and uploads them to their server...without user's permission
https://twitter.com/wongmjane/status/1167463054709334017?s=19
https://twitter.com/wongmjane/status/1167463054709334017?s=19
Twitter
Jane Manchun Wong
Facebook scans system libraries from their Android app user’s phone in the background and uploads them to their server This is called "Global Library Collector" at Facebook, known as "GLC" in app’s code It periodically uploads metadata of system libraries…
Analysis and Reproduction of iOS/OSX Vulnerability: CVE-2019-7286
▪️CVE-2019-7286 was exploited in the wild
▪️The vulnerability seems to be of critical severity
▪️Vulnerability reproduced (includes POC code)
▪️The vulnerability could be used to escalate privileges to root as part of a chain for jailbreak on iOS 12.1.3.
https://blog.zecops.com/vulnerabilities/analysis-and-reproduction-of-cve-2019-7286/
▪️CVE-2019-7286 was exploited in the wild
▪️The vulnerability seems to be of critical severity
▪️Vulnerability reproduced (includes POC code)
▪️The vulnerability could be used to escalate privileges to root as part of a chain for jailbreak on iOS 12.1.3.
https://blog.zecops.com/vulnerabilities/analysis-and-reproduction-of-cve-2019-7286/
Jamf
Jamf Threat Labs | Blog
Global Rankings in Updating Smartphone Software and Security (besides Pixel)
1) Nokia
2) Samsung
3) Xiaomi
4) Huawei
5) Lenovo
https://www.counterpointresearch.com/nokia-leads-global-rankings-updating-smartphone-software-security/
1) Nokia
2) Samsung
3) Xiaomi
4) Huawei
5) Lenovo
https://www.counterpointresearch.com/nokia-leads-global-rankings-updating-smartphone-software-security/
Roaming Mantis(MoqHao/XLoader): spreads via SMShing
Distribution:
Infected Android device sends a SMS with a bit.ly link that links to a Tumblr blog that redirects to a malicous landing page.
https://hitcon.org/2019/CMT/slide-files/d2_s1_r1.pdf
Distribution:
Infected Android device sends a SMS with a bit.ly link that links to a Tumblr blog that redirects to a malicous landing page.
https://hitcon.org/2019/CMT/slide-files/d2_s1_r1.pdf
Review of harmful apps found on Google Play in August 2019
Summary: 204 apps with over 438,400,00 installs.
https://lukasstefanko.com/2019/09/android-security-monthly-recap-8.html
Summary: 204 apps with over 438,400,00 installs.
https://lukasstefanko.com/2019/09/android-security-monthly-recap-8.html