Discovered 17 apps on the Apple App Store that are infected with clicker Trojan malware
https://www.wandera.com/mobile-security/ios-trojan-malware/
https://www.wandera.com/mobile-security/ios-trojan-malware/
Jamf
Trojan malware infecting 17 apps on the App Store
Wandera’s threat research team has discovered 17 apps on the Apple App Store that are infected with clicker trojan malware.
NFC Beaming could bypass “install unknown application” prompt to install apps on Android 8 and higher - CVE-2019-2114
https://wwws.nightwatchcybersecurity.com/2019/10/24/nfc-beaming-bypasses-security-controls-in-android-cve-2019-2114/
https://wwws.nightwatchcybersecurity.com/2019/10/24/nfc-beaming-bypasses-security-controls-in-android-cve-2019-2114/
Nightwatch Cybersecurity
NFC Beaming Bypasses Security Controls in Android [CVE-2019-2114]
Summary NFC beaming of applications between devices using Android OS bypasses some security controls (the “install unknown application” prompt). A rogue device like a payment terminal c…
ANDROID HACKING WITH TERMUX
How to setup and install all the necessary tools
https://dotweak.com/2019/10/12/android-hacking-with-termux-QldEN2RLSU9rc2VOZUJjREEzeWlSdz09
How to setup and install all the necessary tools
https://dotweak.com/2019/10/12/android-hacking-with-termux-QldEN2RLSU9rc2VOZUJjREEzeWlSdz09
Mobile Malware and APT Espionage: Prolific, Pervasive, and Cross-Platform
https://threatvector.cylance.com/en_us/home/mobile-malware-and-apt-espionage-prolific-pervasive-and-cross-platform.html
https://threatvector.cylance.com/en_us/home/mobile-malware-and-apt-espionage-prolific-pervasive-and-cross-platform.html
Four Joker Trojans found on Google Play with 16,000+ installs
https://twitter.com/sh1shk0va/status/1188754354779672576
https://twitter.com/sh1shk0va/status/1188754354779672576
Twitter
Tatyana Shishkova
#Joker Trojans are appearing on Google Play almost every day. More fake apps added on Oct 26 and still available: https://t.co/2QtrVAooXh https://t.co/0WAMRGjy6t https://t.co/rCLbI9vQVA https://t.co/CnwFbokLV7
102 adware apps with over 440,000 installs on Google Play
https://twitter.com/0xabc0/status/1189132270256513025
https://twitter.com/0xabc0/status/1189132270256513025
Twitter
Ahmet Bilal Can
moreee https://t.co/8YJVE5bDgJ
Xhelper: Persistent Android dropper app infects 45K devices in past 6 months
Functionality: it hide itself, can download additional apps and display ads
https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware
Functionality: it hide itself, can download additional apps and display ads
https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware
Security
Xhelper: Persistent Android Dropper App Infects 45K Devices in Past 6 Months
Malicious app hides itself, downloads other threats, displays ads, and is mainly targeting users in India, U.S., and Russia.
Analysis of Joker Trojans found on Google Play
https://labs.k7computing.com/?p=19247
https://labs.k7computing.com/?p=19247
Top Android malware threats of October, 2019
Full list: http://skptr.me/malware_timeline_2019.html
Download: - https://github.com/sk3ptre/AndroidMalware_2019
Full list: http://skptr.me/malware_timeline_2019.html
Download: - https://github.com/sk3ptre/AndroidMalware_2019
ai.type keyboard app from Google Play contained AdFraud functionality to make ad clicks and unwanted purchases
https://www.upstreamsystems.com/secure-d-uncovers-suspicious-mobile-transactions-android-keyboard-app-ai-type-generating-non-human-clicks-making-unwanted-purchases/
https://www.upstreamsystems.com/secure-d-uncovers-suspicious-mobile-transactions-android-keyboard-app-ai-type-generating-non-human-clicks-making-unwanted-purchases/
Upstream
Secure-D uncovers suspicious mobile transactions from Android Keyboard app ai.type - Upstream
Over a recent period, Upstream’s security platform Secure-D has blocked millions of suspicious mobile transaction requests coming from popular Android Emoji app ai.type.
MESSAGETAP: Tool created by APT41 (a Chinese APT group) that is designed to monitor and save SMS traffic from specific phone numbers
https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html
https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html
Google Cloud Blog
MESSAGETAP: Who's Reading Your Text Messages? | Mandiant | Google Cloud Blog
apk-mitm - tool that patches your APK to bypass certificate pinning
https://github.com/shroudedcode/apk-mitm
https://github.com/shroudedcode/apk-mitm
GitHub
GitHub - niklashigi/apk-mitm: 🤖 A CLI application that automatically prepares Android APK files for HTTPS inspection
🤖 A CLI application that automatically prepares Android APK files for HTTPS inspection - niklashigi/apk-mitm
1 Click Android 10 Remote Rooting via Chrome Browser by @ThomasKing2014
https://youtu.be/2pNsCi0T9MI
https://youtu.be/2pNsCi0T9MI
YouTube
1 Click Android 10 Remote Rooting DemoPixel 2XL
The App Defense Alliance: Bringing the security industry together to fight bad apps
ESET + Lookout + Zimperium will help protect apps on Google Play Store
https://security.googleblog.com/2019/11/the-app-defense-alliance-bringing.html
ESET + Lookout + Zimperium will help protect apps on Google Play Store
https://security.googleblog.com/2019/11/the-app-defense-alliance-bringing.html
Google Online Security Blog
The App Defense Alliance: Bringing the security industry together to fight bad apps
Posted by Dave Kleidermacher, VP, Android Security & Privacy Fighting against bad actors in the ecosystem is a top priority for Google, bu...
49 Disguised Adware Apps With Optimized Evasion Features Found on Google Play
https://blog.trendmicro.com/trendlabs-security-intelligence/49-disguised-adware-apps-with-optimized-evasion-features-found-on-google-play/
https://blog.trendmicro.com/trendlabs-security-intelligence/49-disguised-adware-apps-with-optimized-evasion-features-found-on-google-play/
Trend Micro
Fake Apps Read SMS Codes to Trigger WAP, Carrier Bill
We found an app named “Yellow Camera” disguised as a photo editing app. It reads SMS codes to activate a Wireless Application Protocol (WAP), targeting users in Southeast Asia but may expand as it also targets Chinese-speaking users.
Droppers downloading adware found on Google Play
https://www.wandera.com/mobile-security/dropper-apps/
https://www.wandera.com/mobile-security/dropper-apps/
Joker Trojan now uses ads on YouTube to spread
https://twitter.com/0xabc0/status/1193089908946153472?s=19
https://twitter.com/0xabc0/status/1193089908946153472?s=19
Twitter
Ahmet Bilal Can
@sh1shk0va Found the ad on youtube :(
Vulnerabilities found in Android baseband firmware could be exploited via AT commands for vulnerable devices to: get unique identifiers, such as their IMEI and IMSI numbers, downgrade a target’s connection in order to intercept phone calls, forward calls to another phone or block all phone calls and internet access altogether.
https://techcrunch.com/2019/11/08/android-baseband-flaws/
Research: https://www.documentcloud.org/documents/6543391-ATFuzzer.html
https://techcrunch.com/2019/11/08/android-baseband-flaws/
Research: https://www.documentcloud.org/documents/6543391-ATFuzzer.html
TechCrunch
Exclusive: Baseband attacks can spy on popular Android phones
The vulnerabilities affect at least ten popular Android devices, including Google's Pixel 2 and Samsung's Galaxy S8+.
How to bypass Android’s hidden API restrictions
https://www.xda-developers.com/android-development-bypass-hidden-api-restrictions/
https://www.xda-developers.com/android-development-bypass-hidden-api-restrictions/
XDA Developers
Developers: It’s super easy to bypass Android’s hidden API restrictions
Android 9 Pie and Android 10 throw warnings or outright block access to hidden APIs. Here's how developers can get around the hidden API restrictions.
Forwarded from The Bug Bounty Hunter
Configuring Frida with BurpSuite and Genymotion to bypass Android SSL Pinning
https://spenkk.github.io/bugbounty/Configuring-Frida-with-Burp-and-GenyMotion-to-bypass-SSL-Pinning/
https://spenkk.github.io/bugbounty/Configuring-Frida-with-Burp-and-GenyMotion-to-bypass-SSL-Pinning/