Android malware threats of December, 2019
Full list - http://skptr.me/malware_timeline_2019.html
Download samples - https://github.com/sk3ptre/AndroidMalware_2019
Full list - http://skptr.me/malware_timeline_2019.html
Download samples - https://github.com/sk3ptre/AndroidMalware_2019
GitHub
GitHub - sk3ptre/AndroidMalware_2019: Popular Android threats in 2019
Popular Android threats in 2019. Contribute to sk3ptre/AndroidMalware_2019 development by creating an account on GitHub.
iOS Application Injection
https://arjunbrar.com/post/ios-application-injection
https://arjunbrar.com/post/ios-application-injection
You no longer have to manually package the Frida Gadget in your target app. As long as the app is debuggable, Frida does that for you
https://www.nowsecure.com/blog/2020/01/02/how-to-conduct-jailed-testing-with-frida/
https://www.nowsecure.com/blog/2020/01/02/how-to-conduct-jailed-testing-with-frida/
Nowsecure
How to Conduct Jailed Testing with Frida - NowSecure
Recent enhancements to the Frida open-source toolkit greatly ease the process of conducting jailed testing. Learn the process of using Frida on a jailed device.
The recent Android Brazilian Banking Trojan - COYBOT
https://www.buguroo.com/en/blog/banking-malware-in-android-continues-to-grow.-a-look-at-the-recent-brazilian-banking-trojan-basbanke-coybot
https://www.buguroo.com/en/blog/banking-malware-in-android-continues-to-grow.-a-look-at-the-recent-brazilian-banking-trojan-basbanke-coybot
CyberTruck Challenge 2019 — Android CTF
https://medium.com/bugbountywriteup/cybertruck-challenge-2019-android-ctf-e39c7f796530
https://medium.com/bugbountywriteup/cybertruck-challenge-2019-android-ctf-e39c7f796530
Medium
CyberTruck Challenge 2019 — Android CTF
CyberTruck Challenge 2019 is a premier event to bring together a community of interest related to heavy vehicle cybersecurity issued and…
AirDoS: Spam all nearby iOS devices with the AirDrop share popup
https://kishanbagaria.com/airdos/
PoC: https://github.com/KishanBagaria/AirDoS
https://kishanbagaria.com/airdos/
PoC: https://github.com/KishanBagaria/AirDoS
Kishan Bagaria
AirDoS: Remotely render any nearby iPhone or iPad unusable
What if you could walk into a room and make every* iPhone or iPad unusable while you're there? Wait, that sounds evil. What if you could get that one annoying person off their iPhone who's always...
First Attack Exploiting CVE-2019-2215 (use-after-free vulnerability) Found on Google Play #SideWinder
https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/
https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/
Trend Micro
First Binder Exploit Linked to SideWinder APT Group
We found malicious apps that work together to compromise devices and collect user data. One of the apps, called Camero, exploits CVE-2019-2215, a flaw that exists in Binder. This is the first instance in the wild that exploits said UAF vulnerability.
What a interesting vulnerability in HockeyApp platform #Android #iOS #BugBounty
Leaked API key allowed:
-fetch internal employee contacts
-distribute #malware directly to devices of organization employees as internal app update
+PoC Metasploit scenario
https://www.allysonomalley.com/2020/01/06/saying-goodbye-to-my-favorite-5-minute-p1/
Leaked API key allowed:
-fetch internal employee contacts
-distribute #malware directly to devices of organization employees as internal app update
+PoC Metasploit scenario
https://www.allysonomalley.com/2020/01/06/saying-goodbye-to-my-favorite-5-minute-p1/
allysonomalley.com
Saying Goodbye to my Favorite 5 Minute P1
In this post, I’m going to reveal the fastest, easiest P1 that I’ve ever reported – multiple times! It’s the sort of oversight that seems so simple to avoid, but surprisingl…
CSRF + XSS + SMS spoofing + Android deep link URL redirection
Great example of chaining low impact vulnerabilities in #TikTok to remotely manipulate account content
-delete user video
-upload user video
-make "private" videos "public"
https://research.checkpoint.com/2020/tik-or-tok-is-tiktok-secure-enough/
Great example of chaining low impact vulnerabilities in #TikTok to remotely manipulate account content
-delete user video
-upload user video
-make "private" videos "public"
https://research.checkpoint.com/2020/tik-or-tok-is-tiktok-secure-enough/
Check Point Research
Tik or Tok? Is TikTok secure enough? - Check Point Research
Researchers: Alon Boxiner, Eran Vaknin, Alexey Volodin, Dikla Barda, Roman Zaikin December 2019 Available in over 150 markets, used in 75 languages globally, and with over 1 billion users, TikTok has definitely cracked the code to the term “popularity”…
AdFraud malware found on Google Play with 100K installs
https://www.evina.fr/a-malware-rises-to-the-top-applications-in-google-play-store/
https://www.evina.fr/a-malware-rises-to-the-top-applications-in-google-play-store/
www.evina.fr
A MALWARE RISES TO THE TOP APPLICATIONS IN GOOGLE PLAY STORE – Evina
Android smartphone - UMX U686CL - comes with preinstalled and unremovable malware.
Selling of this phone is funded by US government for lower income people.
https://blog.malwarebytes.com/android/2020/01/united-states-government-funded-phones-come-pre-installed-with-unremovable-malware/
Selling of this phone is funded by US government for lower income people.
https://blog.malwarebytes.com/android/2020/01/united-states-government-funded-phones-come-pre-installed-with-unremovable-malware/
Malwarebytes
United States government-funded phones come pre-installed with unremovable malware
A US-funded government assistance program is selling budget-friendly mobile phones that come pre-installed with unremovable malicious apps.
Forwarded from The Bug Bounty Hunter
Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641
https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-1.html
https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-1.html
Blogspot
Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641
Posted by Samuel Groß, Project Zero Introduction This is the first blog post in a three-part series that will detail how a vulnerability...
Forwarded from The Bug Bounty Hunter
Remote iPhone Exploitation Part 2: Bringing Light into the Darkness -- a Remote ASLR Bypass https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-2.html
Blogspot
Remote iPhone Exploitation Part 2: Bringing Light into the Darkness -- a Remote ASLR Bypass
Posted by Samuel Groß, Project Zero This post is the second in a series about a remote, interactionless iPhone exploit over iMessage.The f...
Forwarded from The Bug Bounty Hunter
Remote iPhone Exploitation Part 3: From Memory Corruption to JavaScript and Back -- Gaining Code Execution https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-3.html
Blogspot
Remote iPhone Exploitation Part 3: From Memory Corruption to JavaScript and Back -- Gaining Code Execution
Posted by Samuel Groß, Project Zero This is the third and last post in a series about a remote, interactionless iPhone exploit over iMessa...
Joker Trojan Family history by Google
-tracked since 2017
-removed 1.7K unique apps before going public
-SMS fraud then WAP billing (as we know Joker now)
-at peak, 23 different Jokers submitted in one day to Google Play
https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html
-tracked since 2017
-removed 1.7K unique apps before going public
-SMS fraud then WAP billing (as we know Joker now)
-at peak, 23 different Jokers submitted in one day to Google Play
https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html
Google Online Security Blog
PHA Family Highlights: Bread (and Friends)
Posted by Alec Guertin and Vadim Kotov, Android Security & Privacy Team In this edition of our PHA Family Highlights series we introdu...
Memory corruption vulnerability in audio processing during a voice call in #WeChat app
Report includes PoC code + steps how to reproduce the bug
https://bugs.chromium.org/p/project-zero/issues/detail?id=1948
Report includes PoC code + steps how to reproduce the bug
https://bugs.chromium.org/p/project-zero/issues/detail?id=1948
Researchers find that 17 of 140 major online services are vulnerable to SIM swapping attacks
https://www.zdnet.com/article/academic-research-finds-five-us-telcos-vulnerable-to-sim-swapping-attacks/
https://www.zdnet.com/article/academic-research-finds-five-us-telcos-vulnerable-to-sim-swapping-attacks/
ZDNet
Academic research finds five US telcos vulnerable to SIM swapping attacks
Researchers find that 17 of 140 major online services are vulnerable to SIM swapping attacks.
Detect Frida for Android
https://darvincitech.wordpress.com/2019/12/23/detect-frida-for-android/
https://darvincitech.wordpress.com/2019/12/23/detect-frida-for-android/
Darvin's Blog
Detect Frida for Android
Frida is a dynamic instrumentation framework and has remained as the most popular reverse engineering tool among security researchers, pentesters and even the bad actors. Frida is more robust compa…
Security hardening of Android native code
https://darvincitech.wordpress.com/2020/01/07/security-hardening-of-android-native-code/
https://darvincitech.wordpress.com/2020/01/07/security-hardening-of-android-native-code/
Darvin's Blog
Security hardening of Android native code
This post is in-fact a continuation of my previous post on Frida detection. In this post, I will explain the mechanisms I have followed in hardening the native code written for Frida detection.Gene…
"Research shows that 91% of pre-installed apps do not appear in Google Play"
Privacy International and over 50 other organisations have submitted a letter asking Google to take action against exploitative pre-installed software on Android devices.
http://privacyinternational.org/advocacy/3320/open-letter-google
Privacy International and over 50 other organisations have submitted a letter asking Google to take action against exploitative pre-installed software on Android devices.
http://privacyinternational.org/advocacy/3320/open-letter-google
Privacy International
An open letter to Google
You can find the letter below. Add your voice to this campaign by signing our petition if you believe that its time Google stopped enabling exploitation.