Mobile malware evolution in 2019 by Kaspersky

-slightly more ransomware
-slightly less banking Trojans
-more adware
-more stalkerware
https://securelist.com/mobile-malware-evolution-2019/96280/

How to setup a proxy for security testing in iOS13
https://medium.com/@agu3rra/how-to-setup-a-proxy-for-security-testing-in-ios13-242892e1bf3f

KrØØk: Vulnerability affected encryption of billion+ Wi‑Fi devices (iPhone, iPad, Nexus, Samsung Galaxy, RedMi...)

CVE-2019-15126 causes vulnerable devices to use an all-zero encryption key to encrypt part of the user’s communication.
This allows an adversary to decrypt some wireless network packets transmitted by a vulnerable device.
https://www.welivesecurity.com/2020/02/26/krook-serious-vulnerability-affected-encryption-billion-wifi-devices/

2020 - Year of the RAT

-Cerberus
-Gustuff
-Hydra
-Ginp
-Anubis
https://www.threatfabric.com/blogs/2020_year_of_the_rat.html

LTE Network issue could allow attackers to imporsonate 4G mobile users
https://imp4gt-attacks.net/

What to Look for When Reverse Engineering Android Apps
https://www.nowsecure.com/blog/2020/02/26/what-to-look-for-when-reverse-engineering-android-apps/

How to emulate an Android ARM32 and/or ARM64 native library, and an experimental iOS ARM32 emulation
https://github.com/zhkl0228/unidbg

A mysterious bug in the firmware of Google's Titan M chip (CVE-2019-9465)
https://alexbakker.me/post/mysterious-google-titan-m-bug-cve-2019-9465.html

Detect static and dynamic tampering of native code
https://darvincitech.wordpress.com/2020/03/01/yet-another-tamper-detection-in-android/

Roaming Mantis, part V
SMiShing and enhanced anti-researcher techniques
https://securelist.com/roaming-mantis-part-v/96250/

Bug in Walgreens mobile app (pharmacy app) leaked users' personal data
The app has over 10M installs on Google Play
https://www.zdnet.com/article/walgreens-says-mobile-app-leaked-users-personal-data/

Android Malware Threats - February, 2020
http://skptr.me/malware_timeline_2020.html
samples: https://github.com/sk3ptre/AndroidMalware_2020

Temp root vulnerability that affects millions of devices with chipsets from MediaTek - CVE-2020-0069

Exploit has been available on XDA-Developers forums since April 2019.
The vulnerability is actively being exploited in the wild.
https://www.xda-developers.com/mediatek-su-rootkit-exploit/

Google Authenticator for Android Allows Screen Capture (FLAG_SECURE)
https://wwws.nightwatchcybersecurity.com/2020/03/03/google-authenticator-for-android-allows-screen-capture/

How to Jailbreak iPhone with rooted Android (checkra1n)
https://www.xda-developers.com/jailbreak-apple-iphone-using-checkra1n-rooted-android-phone/

Android app - CM Browser - records all users' web browsing and send it to server
The app is removed from Google Play store now
https://www.forbes.com/sites/thomasbrewster/2020/03/03/warning-an-android-security-app-with-1-billion-downloads-is-recording-users-web-browsing/#27797cf62149

Project Sandcastle: Android for the iPhone
https://projectsandcastle.org/

McAfee Mobile Threat Report - Q1 2020
https://www.mcafee.com/content/dam/consumer/en-us/docs/2020-Mobile-Threat-Report.pdf

Detailed analysis of Android banking trojan Geost
https://blog.trendmicro.com/trendlabs-security-intelligence/dissecting-geost-exposing-the-anatomy-of-the-android-trojan-targeting-russian-banks/

Android malware mimics click farms - fake review bussiness

This Trojan misuses Accessibility to perform:
- Download Apps from Google Play or APK Pure
- Deactivate Google Play Protect
- Create Fake Accounts with OAuth
- Post fake reviews on Google Play
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/android-leifaccess-a-is-the-silent-fake-reviewer-trojan/

Iran built a COVID-19 detection app that it urged citizens to install on their devices
https://www.zdnet.com/article/spying-concerns-raised-over-irans-official-covid-19-detection-app/