Android WolfRAT analysis (new version of DenDroid)
https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html
https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html
Cisco Talos Blog
The wolf is back...
By Warren Mercer, Paul Rascagneres and Vitor Ventura.
News summary
* Thai Android devices and users are being targeted by a modified version of DenDroid we are calling "WolfRAT," now targeting messaging apps like WhatsApp, Facebook Messenger and Line.…
News summary
* Thai Android devices and users are being targeted by a modified version of DenDroid we are calling "WolfRAT," now targeting messaging apps like WhatsApp, Facebook Messenger and Line.…
Banking Trojan found on Google Play
Using Accessibility it steals all the displayed text from launched apps (banking apps, SMS, WhatsApp messages, Google Authenticator...)
It can also remotely launch apps, perform controlled clicks, input text...
https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/
Using Accessibility it steals all the displayed text from launched apps (banking apps, SMS, WhatsApp messages, Google Authenticator...)
It can also remotely launch apps, perform controlled clicks, input text...
https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/
WeLiveSecurity
Insidious Android malware gives up all malicious features but one to gain stealth
ESET researchers have analyzed an extremely dangerous Android app that can wipe out the victim’s bank account or cryptocurrency wallet and take over their email or social media accounts. Called "DEFENSOR ID", the banking trojan requires a single action from…
Modding a Unity C++ Android Game
https://www.areizen.fr/post/modding-unity-game/
https://www.areizen.fr/post/modding-unity-game/
The first public jailbreak for Apple's iOS operating system that should work at launch on all iOS devices
https://www.vice.com/en_us/article/dyz8nw/iphone-ios-ios13-jailbreak-uncover-unc0ver
https://www.vice.com/en_us/article/dyz8nw/iphone-ios-ios13-jailbreak-uncover-unc0ver
VICE
Hackers Just Dropped a Jailbreak They Say Works for All iPhones
The new unc0ver jailbreak relies on a vulnerability that the researcher who found it says Apple is unaware of.
👍2
StrandHogg 2.0 - The 'evil twin' vulnerability (CVE-2020-0096)
Vulnerability allows malware app to pose as legitimate apps
https://promon.co/strandhogg-2-0/
Vulnerability allows malware app to pose as legitimate apps
https://promon.co/strandhogg-2-0/
promon.io
StrandHogg 2.0 - Android Vulnerability | Promon
Promon researchers have discovered a new elevation of privilege vulnerability in Android that allows hackers to gain access to almost all apps.
Fraudsters spread a mobile trojan disguised as a Valorant game
https://news.drweb.com/show/?lng=en&i=13838
https://news.drweb.com/show/?lng=en&i=13838
Dr.Web
Fraudsters spread a mobile trojan disguised as a Valorant game
Doctor Web specialists have uncovered a fraudulent campaign targeting mobile device owners. Cybercriminals are publishing misleading videos on YouTube, promoting a mobile version of a new Valorant game and prompting unsuspecting users to install it on their…
This wallpaper triggers a rare bug causing Android devices to bootloop
https://www.xda-developers.com/wallpaper-triggers-rare-bug-causing-android-devices-bootloop/
https://www.xda-developers.com/wallpaper-triggers-rare-bug-causing-android-devices-bootloop/
XDA
[Update 2: Fixed] This wallpaper triggers a rare bug causing Android devices to bootloop
This wallpaper triggers a rare bug that causes Android devices to bootloop. Don't try the wallaper on your device or you may lose all your data.
Coldboot vulnerability affecting 7 years of LG Android devices CVE-2020-12753
https://douevenknow.us/post/619763074822520832/an-el1el3-coldboot-vulnerability
https://douevenknow.us/post/619763074822520832/an-el1el3-coldboot-vulnerability
Tumblr
🔋 📱❄️🥾🔓, an EL1/EL3 coldboot vulnerability affecting 7 years of LG Android devices
I should probably preface all of this by saying that I'm not really a security professional in the sense that I don't actually do security stuff for a living; I reported this vulnerability in March...
Popular Android malware threats in May, 2020
List: http://skptr.me/malware_timeline_2020.html
Samples: https://github.com/sk3ptre/AndroidMalware_2020
List: http://skptr.me/malware_timeline_2020.html
Samples: https://github.com/sk3ptre/AndroidMalware_2020
GitHub
GitHub - sk3ptre/AndroidMalware_2020: Popular Android malware seen in 2020
Popular Android malware seen in 2020. Contribute to sk3ptre/AndroidMalware_2020 development by creating an account on GitHub.
Barcode Reader Apps on Google Play Found Using New Ad Fraud Technique
https://blog.trendmicro.com/trendlabs-security-intelligence/barcode-reader-apps-on-google-play-found-using-new-ad-fraud-technique/
https://blog.trendmicro.com/trendlabs-security-intelligence/barcode-reader-apps-on-google-play-found-using-new-ad-fraud-technique/
New Tekya Ad Fraud Found on Google Play
https://blog.trendmicro.com/trendlabs-security-intelligence/new-tekya-ad-fraud-found-on-google-play/
https://blog.trendmicro.com/trendlabs-security-intelligence/new-tekya-ad-fraud-found-on-google-play/
Trend Micro
New Tekya Ad Fraud Found on Google Play
We observed a Tekya variant that had made its way onto Google Play via five malicious apps. Said apps were already removed from the Play Store.
AdFraud apps found on Google Play: 38 apps with 20M+ downloads
https://www.whiteops.com/blog/beauty-and-the-fraud-beast
https://www.whiteops.com/blog/beauty-and-the-fraud-beast
HUMAN Security
Beauty and the (Fraud) Beast - HUMAN Security
The White Ops Satori Threat Intelligence and Research Team identified and tracked an ad fraud operation of 38 applications. Discover what they all have in common.
This PIN Can Be Easily Guessed
Study of user-chosen 4- and 6-digit PINs collected on smartphones for device unlocking. Measuring the effects of blacklists, where a set of "easy to guess" PINs is disallowed during selection
https://this-pin-can-be-easily-guessed.github.io/
Study of user-chosen 4- and 6-digit PINs collected on smartphones for device unlocking. Measuring the effects of blacklists, where a set of "easy to guess" PINs is disallowed during selection
https://this-pin-can-be-easily-guessed.github.io/
this-pin-can-be-easily-guessed.github.io
This PIN Can Be Easily Guessed
A comprehensive study on the security and usability of user-chosen 4- and 6-digit smartphone unlock PINs.
Quark: Android Malware Scoring System
https://github.com/quark-engine/quark-engine
https://github.com/quark-engine/quark-engine
GitHub
GitHub - ev-flow/quark-engine: Quark Agent - Your AI-powered Android APK Analyst
Quark Agent - Your AI-powered Android APK Analyst. Contribute to ev-flow/quark-engine development by creating an account on GitHub.
Awesome Python Security resources
https://github.com/guardrailsio/awesome-python-security
https://github.com/guardrailsio/awesome-python-security
GitHub
GitHub - guardrailsio/awesome-python-security: Awesome Python Security resources 🕶🐍🔐
Awesome Python Security resources 🕶🐍🔐. Contribute to guardrailsio/awesome-python-security development by creating an account on GitHub.
Fake COVID-19 Contact Tracing Apps
https://www.anomali.com/blog/anomali-threat-research-identifies-fake-covid-19-contact-tracing-apps-used-to-monitor-devices-steal-personal-data
https://www.anomali.com/blog/anomali-threat-research-identifies-fake-covid-19-contact-tracing-apps-used-to-monitor-devices-steal-personal-data
Anomali
Anomali Threat Research Identifies Fake COVID-19 Contact Tracing Apps Used to Download Malware that Monitors Devices, Steals Personal…
New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa
https://blog.trendmicro.com/trendlabs-security-intelligence/new-android-spyware-actionspy-revealed-via-phishing-attacks-from-earth-empusa/
https://blog.trendmicro.com/trendlabs-security-intelligence/new-android-spyware-actionspy-revealed-via-phishing-attacks-from-earth-empusa/
Trend Micro
Phishing Attacks from Earth Empusa Reveal ActionSpy
We identified an undocumented Android spyware we have named ActionSpy while tracking Earth Empura, also known as POISON CARP/Evil Eye. The campaign is reportedly targeting Uyghurs by compromising their Android and iOS mobile devices.