Stealthy new Android malware poses as ad blocker, serves up ads instead
https://blog.malwarebytes.com/android/2019/11/stealthy-new-android-malware-poses-as-ad-blocker-serves-up-ads-instead/
https://blog.malwarebytes.com/android/2019/11/stealthy-new-android-malware-poses-as-ad-blocker-serves-up-ads-instead/
Malwarebytes Labs
Stealthy new Android malware poses as ad blocker, serves up ads instead - Malwarebytes Labs
Since its discovery less than a month ago, a stealthy new Android malware has already been detected on over 500 devices, and it’s on the rise.
RCE in WhatsApp - CVE-2019-11931
Denoscription: A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user.
https://facebook.com/security/advisories/cve-2019-11931
Denoscription: A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user.
https://facebook.com/security/advisories/cve-2019-11931
Buying new Android but already with pre-installed vulnerabilities
Android Firmware Vulnerabilities - November 2019
https://www.kryptowire.com/android-firmware-2019/
Android Firmware Vulnerabilities - November 2019
https://www.kryptowire.com/android-firmware-2019/
Vulnerability in Google's camera app allowed 3rd party apps to take pictures and video without user knowledge or permission. CVE-2019-2234
https://www.checkmarx.com/blog/how-attackers-could-hijack-your-android-camera
https://www.checkmarx.com/blog/how-attackers-could-hijack-your-android-camera
Checkmarx
How Attackers Could Hijack Your Android Camera to Spy on You - Checkmarx.com
Android Camera Hack: How Attackers Spy on You! Discover their tricks & secure your device with Checkmarx tips.
Instagram stalker app **Ghosty** that takes advantage of Instagram's API to spy on users was removed from Google Play
https://www.androidpolice.com/2019/11/19/instagram-private-accounts-viewer-app/
https://www.androidpolice.com/2019/11/19/instagram-private-accounts-viewer-app/
Android Police
(Update: Removed from Play Store) Shady app lets stalkers view private Instagram accounts in exchange for their own data
Facebook doesn't have the best reputation when it comes to minding its users' privacy, and Cambridge Analytica exploiting the social network's third-party APIs for unchecked data collection surely hasn't helped. Now, we've found another service called Ghosty…
Gnip - new Android banking Trojan that reuses parts of Anubis source code
First time spotted in June 2019
https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html
First time spotted in June 2019
https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html
ThreatFabric
Ginp - A malware patchwork borrowing from Anubis
New Ginp Android banking Trojan expands the banking threat-landscape and strengthens itself by reusing parts of the infamous Anubis malware. Learn more about its evolution.
Analysis of use-after-free in Binder vulnerability - CVE-2019-2215
This exploit was used in-the-wild to install NSO group malware - Pegasus.
The bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device. If chained with a browser renderer exploit, this bug could fully compromise a device through a malicious website.
https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html
This exploit was used in-the-wild to install NSO group malware - Pegasus.
The bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device. If chained with a browser renderer exploit, this bug could fully compromise a device through a malicious website.
https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html
projectzero.google
Bad Binder: Android In-The-Wild Exploit - Project Zero
Posted by Maddie Stone, Project ZeroIntroductionOn October 3, 2019, we disclosed issue 1942 (CVE-2019-2215), which is a use-after-free in Binder in the Andro...
How Mobile Ad Fraud’s Scams Work?
1) Click Fraud
2) Click-jacking
3) Device Hijacking
4) Device Emulation
5) IP Emulation
https://lab.secure-d.io/mobile-ad-frauds-most-sophisticated-scams/
1) Click Fraud
2) Click-jacking
3) Device Hijacking
4) Device Emulation
5) IP Emulation
https://lab.secure-d.io/mobile-ad-frauds-most-sophisticated-scams/
Secure-D Lab
Mobile Ad Fraud’s Most Sophisticated Scams | Secure-D Lab
In the mobile ad world, it’s easy to overlook just how sophisticated the operations of fraudsters have become. Not only are individual attack methods increasingly complicated and cunning, but the different fraud techniques often combine to make it harder…
Old vulnerabilities are still present in Android apps such as Yahoo Browser, Facebook, Instagram and WeChat
https://research.checkpoint.com/2019/long-known-vulnerabilities-in-high-profile-android-applications/
https://research.checkpoint.com/2019/long-known-vulnerabilities-in-high-profile-android-applications/
Check Point Research
Long-known Vulnerabilities in High-Profile Android Applications - Check Point Research
Research by: Slava Makkaveev Introduction Most mobile users understandably worry about known vulnerabilities in the core operating system of their devices, which can give an attacker complete control over their mobile phones, and about zero-day vulnerabilities…
Smartphone maker OnePlus discloses data breach
> says hackers accessed some OnePlus customer data through a vulnerability in its website
> hack happened last week
> OnePlus says it's opening a bug bounty program next month
Via @campuscodi
https://www.zdnet.com/google-amp/article/smartphone-maker-oneplus-discloses-data-breach/
> says hackers accessed some OnePlus customer data through a vulnerability in its website
> hack happened last week
> OnePlus says it's opening a bug bounty program next month
Via @campuscodi
https://www.zdnet.com/google-amp/article/smartphone-maker-oneplus-discloses-data-breach/
ZDNet
Smartphone maker OnePlus discloses data breach
Hackers accessed some OnePlus customer data through a vulnerability in the vendor's website.
The Analyst’s Guide to MiTM Issues in Mobile Apps
1 in 5 Android apps use HTTP
1 in 7 iOS apps use HTTP
https://www.nowsecure.com/blog/2019/11/20/the-analysts-guide-to-mitm-issues-in-mobile-apps/
1 in 5 Android apps use HTTP
1 in 7 iOS apps use HTTP
https://www.nowsecure.com/blog/2019/11/20/the-analysts-guide-to-mitm-issues-in-mobile-apps/
Nowsecure
The Analyst’s Guide to MiTM Issues in Mobile Apps - NowSecure
Everything you need to know about mobile man-in-the-middle (MiTM) attacks including the development and security issues, tips for testing, and layers of network defense.
Analysis of Tushu SDK present in some HiddenAds Trojans
https://www.whiteops.com/blog/twoshu-electric-boogaloo
https://www.whiteops.com/blog/twoshu-electric-boogaloo
HUMAN
Twoshu, Electric Boogaloo
White Ops' Threat Intelligence team discovered that fraudsters we've caught before are at it again.
👍1
XSS spoofing vulnerability found in Microsoft's Outlook for Android | CVE-2019-1460
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1460
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1460
HackerOne is looking for Mobile Security Engineer
//I would never thought I would post job offere in here, but this might help someone to move further in Mobile infosec field
https://jobs.lever.co/hackerone/316d0fbd-cf24-41be-a3e2-5180f62f3658
//I would never thought I would post job offere in here, but this might help someone to move further in Mobile infosec field
https://jobs.lever.co/hackerone/316d0fbd-cf24-41be-a3e2-5180f62f3658
Frida/QBDI Android API Fuzzer
Experimetal fuzzer is meant to be used for API in-memory fuzzing on Android.
https://github.com/andreafioraldi/frida-qbdi-fuzzer
Experimetal fuzzer is meant to be used for API in-memory fuzzing on Android.
https://github.com/andreafioraldi/frida-qbdi-fuzzer
GitHub
GitHub - andreafioraldi/frida-fuzzer: This experimetal fuzzer is meant to be used for API in-memory fuzzing.
This experimetal fuzzer is meant to be used for API in-memory fuzzing. - andreafioraldi/frida-fuzzer
Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps
https://blog.trendmicro.com/trendlabs-security-intelligence/patched-gif-processing-vulnerability-cve-2019-11932-still-afflicts-multiple-mobile-apps/
https://blog.trendmicro.com/trendlabs-security-intelligence/patched-gif-processing-vulnerability-cve-2019-11932-still-afflicts-multiple-mobile-apps/
Trend Micro
Patched GIF Processing Vuln Still Affects Mobile Apps
CVE-2019-11932 - a vulnerability in WhatsApp for Android - allows remote code execution via specially crafted GIF files. Patches were released, but the problem in the android-gif-drawable package is continuously used by apps in older versions.
Compromise of Xiaomi Mi6 over WiFi to achieve RCE
Bug chaining:
MITM -> JavaScript Bridge (downloadAndInstallApk()) -> Contact Provider vulnerability (auto-start APK) -> RCE
https://labs.f-secure.com/advisories/xiaomi-wifi/
Bug chaining:
MITM -> JavaScript Bridge (downloadAndInstallApk()) -> Contact Provider vulnerability (auto-start APK) -> RCE
https://labs.f-secure.com/advisories/xiaomi-wifi/
Malicious Android SDKs - oneAudience and MobiBurn - accessed personal data, such as email addresses and user names.
These SDKs were embedded in Twitter and Facebook Android apps
https://help.twitter.com/en/sdk-issue
These SDKs were embedded in Twitter and Facebook Android apps
https://help.twitter.com/en/sdk-issue
X
Keeping your account safe from malicious activity
Analysis of Tencent Legu: a packer for Android applications
https://blog.quarkslab.com/a-glimpse-into-tencents-legu-packer.html
unpacking noscripts: https://github.com/quarkslab/legu_unpacker_2019
https://blog.quarkslab.com/a-glimpse-into-tencents-legu-packer.html
unpacking noscripts: https://github.com/quarkslab/legu_unpacker_2019
Quarkslab
A Glimpse Into Tencent's Legu Packer - Quarkslab's blog
Analysis of Tencent Legu: a packer for Android applications.
CVE-2019-11932 (double free in libpl_droidsonroids_gif) many apps vulnerable
https://seclists.org/fulldisclosure/2019/Nov/27
https://seclists.org/fulldisclosure/2019/Nov/27
seclists.org
Full Disclosure: CVE-2019-11932 (double free in libpl_droidsonroids_gif) many
apps vulnerable
apps vulnerable