Joker Trojan now uses ads on YouTube to spread
https://twitter.com/0xabc0/status/1193089908946153472?s=19
https://twitter.com/0xabc0/status/1193089908946153472?s=19
Twitter
Ahmet Bilal Can
@sh1shk0va Found the ad on youtube :(
Vulnerabilities found in Android baseband firmware could be exploited via AT commands for vulnerable devices to: get unique identifiers, such as their IMEI and IMSI numbers, downgrade a target’s connection in order to intercept phone calls, forward calls to another phone or block all phone calls and internet access altogether.
https://techcrunch.com/2019/11/08/android-baseband-flaws/
Research: https://www.documentcloud.org/documents/6543391-ATFuzzer.html
https://techcrunch.com/2019/11/08/android-baseband-flaws/
Research: https://www.documentcloud.org/documents/6543391-ATFuzzer.html
TechCrunch
Exclusive: Baseband attacks can spy on popular Android phones
The vulnerabilities affect at least ten popular Android devices, including Google's Pixel 2 and Samsung's Galaxy S8+.
How to bypass Android’s hidden API restrictions
https://www.xda-developers.com/android-development-bypass-hidden-api-restrictions/
https://www.xda-developers.com/android-development-bypass-hidden-api-restrictions/
XDA Developers
Developers: It’s super easy to bypass Android’s hidden API restrictions
Android 9 Pie and Android 10 throw warnings or outright block access to hidden APIs. Here's how developers can get around the hidden API restrictions.
Forwarded from The Bug Bounty Hunter
Configuring Frida with BurpSuite and Genymotion to bypass Android SSL Pinning
https://spenkk.github.io/bugbounty/Configuring-Frida-with-Burp-and-GenyMotion-to-bypass-SSL-Pinning/
https://spenkk.github.io/bugbounty/Configuring-Frida-with-Burp-and-GenyMotion-to-bypass-SSL-Pinning/
VirtualXposed
A simple App based on VirtualApp and epic that allows you to use an Xposed Module without needing to root, unlock the bootloader, or flash a custom system image. (Supports Android 5.0~9.0)
https://github.com/android-hacker/VirtualXposed
A simple App based on VirtualApp and epic that allows you to use an Xposed Module without needing to root, unlock the bootloader, or flash a custom system image. (Supports Android 5.0~9.0)
https://github.com/android-hacker/VirtualXposed
GitHub
GitHub - android-hacker/VirtualXposed: A simple app to use Xposed without root, unlock the bootloader or modify system image, etc.
A simple app to use Xposed without root, unlock the bootloader or modify system image, etc. - android-hacker/VirtualXposed
RCE Vulnerability found in Android
CVE-2019-2205 - memory corruption due to a use after free could lead to RCE
It was fixed in the latest Android Security Bulletin—November 2019. Update!
https://www.nowsecure.com/blog/2019/11/13/nowsecure-discovers-critical-android-vuln-that-may-lead-to-remote-code-execution/
CVE-2019-2205 - memory corruption due to a use after free could lead to RCE
It was fixed in the latest Android Security Bulletin—November 2019. Update!
https://www.nowsecure.com/blog/2019/11/13/nowsecure-discovers-critical-android-vuln-that-may-lead-to-remote-code-execution/
Nowsecure
Critical Android Vuln May Hide Remote Code Execution - NowSecure Blog
In the course of performing Android application security testing, I suspected that a library called libpac might be vulnerable to exploit. This vulnerability has been assigned CVE-2019-2205. Google deployed a fix and we recommend all users apply it to secure…
The Road to Qualcomm TrustZone Apps Fuzzing
Vulnerability allows to execute trusted apps in the Normal World (Android OS)
https://research.checkpoint.com/the-road-to-qualcomm-trustzone-apps-fuzzing/
Vulnerability allows to execute trusted apps in the Normal World (Android OS)
https://research.checkpoint.com/the-road-to-qualcomm-trustzone-apps-fuzzing/
Check Point Research
The Road to Qualcomm TrustZone Apps Fuzzing - Check Point Research
Research By: Slava Makkaveev Trusted Execution Environment TrustZone is a security extension integrated by ARM into the Corex-A processor. This extension creates an isolated virtual secure world which can be used by the main operating system running on the…
iOS sandbox escape due to integer overflow in mediaserverd
Fixed in iOS 13.2.
https://bugs.chromium.org/p/project-zero/issues/detail?id=1922
Fixed in iOS 13.2.
https://bugs.chromium.org/p/project-zero/issues/detail?id=1922
Library created to secure iOS apps in development process according to the OWASP MASVS standards.
With this library you can detect:
- Jailbreak
- being debugged
- Reverse Engineering Tools (e.g. Frida)
- Run in an emulator
https://github.com/securing/IOSSecuritySuite
With this library you can detect:
- Jailbreak
- being debugged
- Reverse Engineering Tools (e.g. Frida)
- Run in an emulator
https://github.com/securing/IOSSecuritySuite
GitHub
GitHub - securing/IOSSecuritySuite: iOS platform security & anti-tampering Swift library
iOS platform security & anti-tampering Swift library - securing/IOSSecuritySuite
Don't trust USB charging stations!
LA officials publish warning about the dangers of using public USB charging stations -- as they can hide malware
Their advice:
- use the AC charging socket, not the USB one
- bring your own USB charger from home
via @campuscodi
https://www.zdnet.com/google-amp/article/officials-warn-about-the-dangers-of-using-public-usb-charging-stations/
LA officials publish warning about the dangers of using public USB charging stations -- as they can hide malware
Their advice:
- use the AC charging socket, not the USB one
- bring your own USB charger from home
via @campuscodi
https://www.zdnet.com/google-amp/article/officials-warn-about-the-dangers-of-using-public-usb-charging-stations/
ZDNET
Officials warn about the dangers of using public USB charging stations
Travelers should use only AC charging ports, use USB no-data cables, or "USB condom" devices.
Google sheet to track Joker/Adware/HiddenAd/etc. created by @0xabc0
If you find such malware, let him know via Twitter DM
https://docs.google.com/spreadsheets/d/15Vf8mRfCjPy0m_7CbM--luBFu4iUNHS9CPkNbEGPXhs/edit
DM: https://twitter.com/0xabc0
If you find such malware, let him know via Twitter DM
https://docs.google.com/spreadsheets/d/15Vf8mRfCjPy0m_7CbM--luBFu4iUNHS9CPkNbEGPXhs/edit
DM: https://twitter.com/0xabc0
Google Docs
Android Adware/Trojan/Malware Tracker
December 2019
Package Name,Removed ?,Type,Installation,Version,Hash,Total
com.ygygame.stack.block.crusher,No,Hiddad,100000,1.0.3,23f4e63cf13e23c918bdae6b4097b43b60a009257845ec6a19d98bd4dc331a27,16737658
com.youtupu.fastclean,MobOK,5,1.2.13,6471ba74e34fa…
Package Name,Removed ?,Type,Installation,Version,Hash,Total
com.ygygame.stack.block.crusher,No,Hiddad,100000,1.0.3,23f4e63cf13e23c918bdae6b4097b43b60a009257845ec6a19d98bd4dc331a27,16737658
com.youtupu.fastclean,MobOK,5,1.2.13,6471ba74e34fa…
In September, a new iPhone Boot ROM exploit was released that allows anyone with physical control of a phone to run arbitrary code.
However, iVerify alerts you to security anomalies
https://blog.trailofbits.com/2019/11/14/introducing-iverify-the-security-toolkit-for-iphone-users/
iVerify app: https://apps.apple.com/us/app/iverify/id1466120520
However, iVerify alerts you to security anomalies
https://blog.trailofbits.com/2019/11/14/introducing-iverify-the-security-toolkit-for-iphone-users/
iVerify app: https://apps.apple.com/us/app/iverify/id1466120520
The Trail of Bits Blog
Introducing iVerify, the security toolkit for iPhone users
“If privacy matters, it should matter to the phone your life is on.” So says Apple in their recent ads about Privacy on the iPhone and controlling the data you share—but many of the security features they highlight are opt-in, and users often don’t know when…
Stealthy new Android malware poses as ad blocker, serves up ads instead
https://blog.malwarebytes.com/android/2019/11/stealthy-new-android-malware-poses-as-ad-blocker-serves-up-ads-instead/
https://blog.malwarebytes.com/android/2019/11/stealthy-new-android-malware-poses-as-ad-blocker-serves-up-ads-instead/
Malwarebytes Labs
Stealthy new Android malware poses as ad blocker, serves up ads instead - Malwarebytes Labs
Since its discovery less than a month ago, a stealthy new Android malware has already been detected on over 500 devices, and it’s on the rise.
RCE in WhatsApp - CVE-2019-11931
Denoscription: A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user.
https://facebook.com/security/advisories/cve-2019-11931
Denoscription: A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user.
https://facebook.com/security/advisories/cve-2019-11931
Buying new Android but already with pre-installed vulnerabilities
Android Firmware Vulnerabilities - November 2019
https://www.kryptowire.com/android-firmware-2019/
Android Firmware Vulnerabilities - November 2019
https://www.kryptowire.com/android-firmware-2019/
Vulnerability in Google's camera app allowed 3rd party apps to take pictures and video without user knowledge or permission. CVE-2019-2234
https://www.checkmarx.com/blog/how-attackers-could-hijack-your-android-camera
https://www.checkmarx.com/blog/how-attackers-could-hijack-your-android-camera
Checkmarx
How Attackers Could Hijack Your Android Camera to Spy on You - Checkmarx.com
Android Camera Hack: How Attackers Spy on You! Discover their tricks & secure your device with Checkmarx tips.
Instagram stalker app **Ghosty** that takes advantage of Instagram's API to spy on users was removed from Google Play
https://www.androidpolice.com/2019/11/19/instagram-private-accounts-viewer-app/
https://www.androidpolice.com/2019/11/19/instagram-private-accounts-viewer-app/
Android Police
(Update: Removed from Play Store) Shady app lets stalkers view private Instagram accounts in exchange for their own data
Facebook doesn't have the best reputation when it comes to minding its users' privacy, and Cambridge Analytica exploiting the social network's third-party APIs for unchecked data collection surely hasn't helped. Now, we've found another service called Ghosty…
Gnip - new Android banking Trojan that reuses parts of Anubis source code
First time spotted in June 2019
https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html
First time spotted in June 2019
https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html
ThreatFabric
Ginp - A malware patchwork borrowing from Anubis
New Ginp Android banking Trojan expands the banking threat-landscape and strengthens itself by reusing parts of the infamous Anubis malware. Learn more about its evolution.