Commercial surveillance tools exploit COVID-19 to spread (MobiHok, SpyNote, SpyMax)
Source: https://blog.lookout.com/commercial-surveillanceware-operators-latest-to-take-advantage-of-covid-19
Source: https://blog.lookout.com/commercial-surveillanceware-operators-latest-to-take-advantage-of-covid-19
Lookout
Commercial Surveillanceware Operators Exploit COVID-19 | Threat Intel
Are cybercriminals and scammer's taking advantage of increased communication around COVID-19? Discovery shows new surveillanceware exploits the pandemic.
New malware protections for Advanced Protection users
https://blog.google/products/android/new-malware-protections-advanced-protection-users/amp/
https://blog.google/products/android/new-malware-protections-advanced-protection-users/amp/
Google
New malware protections for Advanced Protection users
Android is launching new features for Advanced Protection Program users to automatically protect them from malware.
Getting Started in Android apps Pen-testing (PART-1)
https://blog.securitybreached.org/2020/03/17/getting-started-in-android-apps-pentesting/
https://blog.securitybreached.org/2020/03/17/getting-started-in-android-apps-pentesting/
Security Breached Blog
Getting Started in Android Apps Pen-testing (Part-1)
Pen-testing android apps require different methodologies than web applications. The difference is that you have to figure out by different methods.
Over 50 apps found on Play Store contained ad-fraud functionality
https://thehackernews.com/2020/03/android-apps-ad-fraud.html
https://thehackernews.com/2020/03/android-apps-ad-fraud.html
👍1
TrickBot banking malware uses Android component to bypass 2FA
https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/
https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/
Security Intelligence
TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany
Our team is closely monitoring TrickBot's developing capabilities, including its new cross-channel attacks using the TrickMo component.
Autopsy of the Most Stable MediaTek Rootkit CVE-2020-0069
https://blog.quarkslab.com/cve-2020-0069-autopsy-of-the-most-stable-mediatek-rootkit.html
https://blog.quarkslab.com/cve-2020-0069-autopsy-of-the-most-stable-mediatek-rootkit.html
Quarkslab
CVE-2020-0069: Autopsy of the Most Stable MediaTek Rootkit - Quarkslab's blog
In March 2020, Google patched a critical vulnerability affecting many MediaTek based devices. This vulnerability had been known by MediaTek since April 2019, and later exploited in the wild! In this post, we give some details about this vulnerability and…
Android.Circle adware trojan found on Google Play is capable of executing BeanShell noscripts
https://news.drweb.com/show/?i=13740&lng=en
Samples: https://github.com/DoctorWebLtd/malware-iocs/blob/master/Android.Circle/README.adoc
https://news.drweb.com/show/?i=13740&lng=en
Samples: https://github.com/DoctorWebLtd/malware-iocs/blob/master/Android.Circle/README.adoc
Dr.Web
Android.Circle.1 adware trojan found on Google Play is capable of executing BeanShell noscripts
Analysis of new Android banking Trojan - Eventbot (chinese)
https://ti.qianxin.com/blog/articles/new-bank-trojan-eventbot-affects-234-financial-applications/
https://ti.qianxin.com/blog/articles/new-bank-trojan-eventbot-affects-234-financial-applications/
Qianxin
奇安信威胁情报中心
Nuxt.js project
Zoom iOS App Sends Data to Facebook Even if You Don’t Have a Facebook Account
https://www.vice.com/en_us/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account
https://www.vice.com/en_us/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account
VICE
Zoom iOS App Sends Data to Facebook Even if You Don’t Have a Facebook Account
Zoom's privacy policy isn't explicit about the data transfer to Facebook at all.
Operation Poisoned News
-exploit iOS vulns to install lightSpy malware
-Android dmsSpy
https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/
-exploit iOS vulns to install lightSpy malware
-Android dmsSpy
https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/
Trend Micro
Research, News, and Perspectives
Security vulnerability discovered in Apple’s iOS version 13.4 that prevents VPNs from encrypting all traffic
https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/
https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/
Proton VPN
VPN bypass vulnerability in Apple iOS
We discovered a security vulnerability in Apple’s iOS that causes connections to remain unencrypted even after connecting to VPN.
Patching a split APK to use Objection
https://nickbloor.co.uk/2020/03/29/patching-android-split-apks/
https://nickbloor.co.uk/2020/03/29/patching-android-split-apks/
NickstaDB
Patching Android Split APKs
I recently came up against my first split APK during an Android app security assessment. My usual toolkit doesn’t support split APKs, so I hacked together a solution to allow me to instrument…
Android 11 system images for QEMU emulator are capable of executing ARM binaries
How? When an app’s process requires an ARM binary, the binary is translated to x86 within that process exclusively
https://android-developers.googleblog.com/2020/03/run-arm-apps-on-android-emulator.html
How? When an app’s process requires an ARM binary, the binary is translated to x86 within that process exclusively
https://android-developers.googleblog.com/2020/03/run-arm-apps-on-android-emulator.html
Android Developers Blog
Run ARM apps on the Android Emulator
Posted by Michael Hazard As part of the Android 11 developer preview we’ve released Android 11 system images , which are capable of ex...
The 2019 Mobile Threat Landscape via Trendmicro
https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/review-refocus-and-recalibrate-the-2019-mobile-threat-landscape
https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/review-refocus-and-recalibrate-the-2019-mobile-threat-landscape
Trendmicro
Review, Refocus, and Recalibrate: The 2019 Mobile Threat Landscape
In 2019, cybercriminals looked at the malicious mobile routines that worked in the past and adjusted these to make them more sophisticated, persistent, and profitable online and offline.
Runtime Mobile Security - powered by FRIDA, is a powerful web interface that helps you to manipulate Android Java Classes and Methods at Runtime
https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security
https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security
GitHub
GitHub - m0bilesecurity/RMS-Runtime-Mobile-Security: Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps…
Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime - m0bilesecurity/RMS-Runtime-Mobile-Security
Semi-universal XSS found in iOS Firefox app
https://twitter.com/konarkmodi/status/1244714141421645826?s=20
Writeup: https://0x65.dev/blog/2020-03-30/cve-2019-17004-semi-universal-xss-affecting-firefox-for-ios.html
https://twitter.com/konarkmodi/status/1244714141421645826?s=20
Writeup: https://0x65.dev/blog/2020-03-30/cve-2019-17004-semi-universal-xss-affecting-firefox-for-ios.html
Twitter
Konark Modi
A writeup of our findings from last year on: Semi Universal-XSS affecting Firefox, Cliqz, Brave on iOS https://t.co/2Pjl2nWIEr #search #privacy #web #security via @cliqz https://t.co/f82c4h9wTi https://t.co/9mUj5bpxPe
Covid19 Tracker Apps
List of mobile apps created by government or police to track citizens
https://fs0c131y.com/covid19-tracker-apps/
List of mobile apps created by government or police to track citizens
https://fs0c131y.com/covid19-tracker-apps/
Fs0C131Y
Covid19 Tracker Apps
Apps made to track the population during the COVID19 crisis
Detailed analysis of how Accessibility services are misused by Android malware
+ to complete, there is missing info that such malware can also read and steal 2FA codes from e.g. Google Authenticator (via @reyammer)
https://labs.f-secure.com/blog/how-are-we-doing-with-androids-overlay-attacks-in-2020
2FA: https://reyammer.io/blog/2020/03/17/no-flag-secure-does-not-protect-you-from-a11y-malware-and-google-couldnt-have-protected-2fa-tokens-that-easily/
+ to complete, there is missing info that such malware can also read and steal 2FA codes from e.g. Google Authenticator (via @reyammer)
https://labs.f-secure.com/blog/how-are-we-doing-with-androids-overlay-attacks-in-2020
2FA: https://reyammer.io/blog/2020/03/17/no-flag-secure-does-not-protect-you-from-a11y-malware-and-google-couldnt-have-protected-2fa-tokens-that-easily/