Roaming Mantis(MoqHao/XLoader): spreads via SMShing
Distribution:
Infected Android device sends a SMS with a bit.ly link that links to a Tumblr blog that redirects to a malicous landing page.
https://hitcon.org/2019/CMT/slide-files/d2_s1_r1.pdf
Distribution:
Infected Android device sends a SMS with a bit.ly link that links to a Tumblr blog that redirects to a malicous landing page.
https://hitcon.org/2019/CMT/slide-files/d2_s1_r1.pdf
Review of harmful apps found on Google Play in August 2019
Summary: 204 apps with over 438,400,00 installs.
https://lukasstefanko.com/2019/09/android-security-monthly-recap-8.html
Summary: 204 apps with over 438,400,00 installs.
https://lukasstefanko.com/2019/09/android-security-monthly-recap-8.html
Top Android malware threats in August, 2019
Full list http://skptr.me/malware_timeline_2019.html
Download samples https://github.com/sk3ptre/AndroidMalware_2019
Full list http://skptr.me/malware_timeline_2019.html
Download samples https://github.com/sk3ptre/AndroidMalware_2019
GitHub
GitHub - sk3ptre/AndroidMalware_2019: Popular Android threats in 2019
Popular Android threats in 2019. Contribute to sk3ptre/AndroidMalware_2019 development by creating an account on GitHub.
Fake cryptocurrency exchange app found on Google Play that bypasses SMS 2FA by stealing SMS notifications.
Targets users of 6 different cryptocurrency exchanges. https://twitter.com/ESETresearch/status/1168850608872460288
Targets users of 6 different cryptocurrency exchanges. https://twitter.com/ESETresearch/status/1168850608872460288
Twitter
ESET research
Fake multi-cryptocurrency exchange app found on Google Play bypasses SMS 2FA by stealing SMS notifications. Targets users of 6 different cryptocurrency exchanges. We informed about this threat in June 2019: https://t.co/ILNqPfnmQD #ESETresearch 1/2
Price For Mobile Exploits
For the first time Zerodium pays more for Android then iOS.
https://zerodium.com/program.html#changelog
For the first time Zerodium pays more for Android then iOS.
https://zerodium.com/program.html#changelog
Heap Exploit Development – Case study from an in-the-wild iOS 0-day
https://azeria-labs.com/heap-exploit-development-part-1/
https://azeria-labs.com/heap-exploit-development-part-1/
Azeria-Labs
Heap Exploit Development
Weekly tests of APK files uploaded on Virus Total based on Antivirus engines
Results:
1. K7GW
2. ESET-NOD32
3. Trustlook
4. Avira
5. AhnLab-V3
https://blog.trustlook.com/virustotal-apk-malware-detection-data-20190826-20190901/
Results:
1. K7GW
2. ESET-NOD32
3. Trustlook
4. Avira
5. AhnLab-V3
https://blog.trustlook.com/virustotal-apk-malware-detection-data-20190826-20190901/
Trustlook blog
VirusTotal APK Malware Detection Data -
Week 35: 20190826-20190901
Week 35: 20190826-20190901
At Trustlook, we monitor live feed from VirusTotal (VT). On a daily basis, we
collect APK samples from VT along with detection results from Anti-Virus (AV)
vendors hosted on VT. Using a conservative labeling policy, we are able to
select thousands of benign…
collect APK samples from VT along with detection results from Anti-Virus (AV)
vendors hosted on VT. Using a conservative labeling policy, we are able to
select thousands of benign…
HiddenAd adware with 50,000+ installs found on Google Play
https://twitter.com/ReBensk/status/1169127907958112256
https://twitter.com/ReBensk/status/1169127907958112256
Twitter
Re-ind
Hiddad APP found on Google Play 50,000+ Installs https://t.co/jeFC1OG4Ho after install hides it's icon from the App Drawer and running in the background. force the user to install another app https://t.co/0xYwJ7tNoI
Android banking Trojan - Hydra - found on Google Play with 10,000+ installs
https://twitter.com/0xabc0/status/1169186569615532032
https://twitter.com/0xabc0/status/1169186569615532032
Twitter
Ahmet Bilal Can
#hydra 10.000+ installs. reported on 12 july, still up :( https://t.co/lk3TyLBQVO time check bypass noscript : https://t.co/aRUtRo2R9y sends request to ip-api.json checks if country code is `TR`. c2: hxxp://23.106.124.182:2055
Android Spy that signs you for SMS premium subnoscription (€6,71 per week) found in 24 apps on Google Play with 472,000+ installs
-campaign started in June 2019
-targets 37 countries
-can steal victim SMS, contact list + perform AdFraud
https://medium.com/csis-techblog/analysis-of-joker-a-spy-premium-subnoscription-bot-on-googleplay-9ad24f044451
-campaign started in June 2019
-targets 37 countries
-can steal victim SMS, contact list + perform AdFraud
https://medium.com/csis-techblog/analysis-of-joker-a-spy-premium-subnoscription-bot-on-googleplay-9ad24f044451
Medium
Analysis of Joker — A Spy & Premium Subnoscription Bot on GooglePlay
Over the past couple of weeks, we have been observing a new Trojan on GooglePlay. So far, we have detected it in 24 apps with over…
Advanced SMS Phishing Attacks Against Modern Android-based Smartphones
https://research.checkpoint.com/advanced-sms-phishing-attacks-against-modern-android-based-smartphones/
https://research.checkpoint.com/advanced-sms-phishing-attacks-against-modern-android-based-smartphones/
Check Point Research
Advanced SMS Phishing Attacks Against Modern Android-based Smartphones - Check Point Research
Research By: Artyom Skrobov, Slava Makkaveev Introduction Check Point Researchers have identified a susceptibility to advanced phishing attacks in certain modern Android-based phones, including models by Samsung, Huawei, LG and Sony. In these attacks, a remote…
FunkyBot: Android Malware Family Targeting Japan
New variant of FakeSpy/Roaming Mantis/MaqHao/XLoader
https://www.fortinet.com/blog/threat-research/funkybot-malware-targets-japan.html
New variant of FakeSpy/Roaming Mantis/MaqHao/XLoader
https://www.fortinet.com/blog/threat-research/funkybot-malware-targets-japan.html
Fortinet Blog
FunkyBot: A New Android Malware Family Targeting Japan
FortiGuard Labs has uncovered FunkyBot, a new android malware family targeting Japan. Read more about the packing mechanisms and deployed payload of FunkyBot.…
Hack iOS or Computer via USB cable
Cable controlled remotely from Wifi.
Capable of :
-screen recording on SD card
-screen live stream via Wifi
-used as remote mouse + keyboard
http://blog.lambdaconcept.com/doku.php?id=research:graywire
Cable controlled remotely from Wifi.
Capable of :
-screen recording on SD card
-screen live stream via Wifi
-used as remote mouse + keyboard
http://blog.lambdaconcept.com/doku.php?id=research:graywire
0-day Privilege Escalation Vulnerability in Android
Not patched. No exploit available.
Can by exploited by malicious app that could gain root privileges on infected device.
https://www.zerodayinitiative.com/advisories/ZDI-19-780/
Not patched. No exploit available.
Can by exploited by malicious app that could gain root privileges on infected device.
https://www.zerodayinitiative.com/advisories/ZDI-19-780/
Zerodayinitiative
ZDI-19-780
(0Day) Google Android v4l2 Double Free Privilege Escalation Vulnerability
Stalkerware app with 10,000+ installs found on Google Play
https://twitter.com/ReBensk/status/1169842841532526593
https://twitter.com/ReBensk/status/1169842841532526593
Twitter
Re-ind
Stalkerware App Found on Googleplay 10,000+ Installs https://t.co/ju56LevfSw
Indian 🇮🇳 face recogintion app was leaking: suspect & submited photo, OTP codes, police officers using app, admin password.
After report they: restricted db access, removed app from Google Play, removed their Twitter account and Firebase db. BTW this company works for Indian government.
https://twitter.com/olihough86/status/1169641409592381440
After report they: restricted db access, removed app from Google Play, removed their Twitter account and Firebase db. BTW this company works for Indian government.
https://twitter.com/olihough86/status/1169641409592381440
Heap Overflows and the iOS Kernel Heap - Case Study from an in-the-wild iOS 0-Day. #Part2
Learn how the exploit developer used a clever vulnerability-conversion to turn a heap-overflow into an artificial Use-After-Free.
https://azeria-labs.com/heap-overflows-and-the-ios-kernel-heap/
Learn how the exploit developer used a clever vulnerability-conversion to turn a heap-overflow into an artificial Use-After-Free.
https://azeria-labs.com/heap-overflows-and-the-ios-kernel-heap/
Azeria-Labs
Heap Overflows and the iOS Kernel Heap
Doctor Web’s overview of malware detected on mobile devices in August 2019
https://news.drweb.com/show/review/?lng=en&i=13397
https://news.drweb.com/show/review/?lng=en&i=13397
Dr.Web
Dr.Web — Doctor Web’s overview of malware detected on mobile devices in August 2019
Find out on Doctor Web’s site about the latest virus threats and information security issues.
Bug in Telegram that didn't remove not sent videos and pictures from device
https://www.inputzero.io/2019/09/telegram-privacy-fails-again.html
https://www.inputzero.io/2019/09/telegram-privacy-fails-again.html
Weekly tests (week 36) of APK files uploaded on Virus Total based on Antivirus engines
Results:
1. K7GW
2. ESET-NOD32
3. Trustlook
4. AhnLab-V3
5. Fortinet
https://blog.trustlook.com/virustotal-apk-malware-detection-data-week-36-20190826-20190901/
Results:
1. K7GW
2. ESET-NOD32
3. Trustlook
4. AhnLab-V3
5. Fortinet
https://blog.trustlook.com/virustotal-apk-malware-detection-data-week-36-20190826-20190901/
Trustlook blog
VirusTotal APK Malware Detection Data -
Week 36: 20190902-20190908
Week 36: 20190902-20190908
At Trustlook, we monitor live feed from VirusTotal (VT). On a daily basis, we
collect APK samples from VT along with detection results from Anti-Virus (AV)
vendors hosted on VT. Using a conservative labeling policy, we are able to
select thousands of benign…
collect APK samples from VT along with detection results from Anti-Virus (AV)
vendors hosted on VT. Using a conservative labeling policy, we are able to
select thousands of benign…
radare2 & Frida in OWASP Mobile Security Testing Guide
https://github.com/radareorg/r2con2019/blob/master/talks/r2_and_frida_owasp_mstg/r2_and_frida_in_the_OWASP_MSTG_Carlos_Holguera.pdf
https://github.com/radareorg/r2con2019/blob/master/talks/r2_and_frida_owasp_mstg/r2_and_frida_in_the_OWASP_MSTG_Carlos_Holguera.pdf
GitHub
r2con2019/talks/r2_and_frida_owasp_mstg/r2_and_frida_in_the_OWASP_MSTG_Carlos_Holguera.pdf at master · radareorg/r2con2019
r2con2019 - slides and materials. Contribute to radareorg/r2con2019 development by creating an account on GitHub.