Russian Android Stalkerware
-after launch it gathers device logs
-downloads additional app via HTTP
-logs credentials....
Here is demo of this #Stalkware being installed and hooked by Frida
https://youtu.be/IcVRwyJpmMw
-after launch it gathers device logs
-downloads additional app via HTTP
-logs credentials....
Here is demo of this #Stalkware being installed and hooked by Frida
https://youtu.be/IcVRwyJpmMw
YouTube
Android Stalkerware logs gathering | downloading additional app | Monitoring app
Demonstration of how Android Stalkerware app logs and gathers device details, downloads additional app via HTTP to by installed, stores temporarily login credentials in clear text etc.
To identify this behavior during installation process I used Frida noscript…
To identify this behavior during installation process I used Frida noscript…
How To Intercept Android Application HTTPS traffic in Android 10 (Q) with Burp Suite and Magisk
https://www.theburpsuite.com/2020/05/intercepting-android-application-https.html
https://www.theburpsuite.com/2020/05/intercepting-android-application-https.html
Theburpsuite
Intercepting Android Application HTTPS traffic in Burp Suite - Android 10 (Q) with Magisk
Unofficial Burp Suite blog for Pentesting with the burp suite tutorials.
AMDH - Android Mobile Device Hardening tool
This forensics tool helps you list installed apps on device and dump them all
Tool: https://github.com/SecTheTech/AMDH
Test of the tool: https://www.instagram.com/p/CCgipObAGBQ/
This forensics tool helps you list installed apps on device and dump them all
Tool: https://github.com/SecTheTech/AMDH
Test of the tool: https://www.instagram.com/p/CCgipObAGBQ/
GitHub
GitHub - A-YATTA/AMDH: Android Mobile Device Hardening
Android Mobile Device Hardening. Contribute to A-YATTA/AMDH development by creating an account on GitHub.
Slicer - A tool to automate the recon process on an APK file
https://github.com/mzfr/slicer
https://github.com/mzfr/slicer
GitHub
GitHub - mzfr/slicer: A tool to automate the boring process of APK recon
A tool to automate the boring process of APK recon - mzfr/slicer
How to hack and prevent getting hacked by Android on the same WiFi
Video explains three types of attack:
1) Spy on other user web browsing
2) Redirect visited websites to attacker web
3) Steal Facebook login credentials
https://youtu.be/MHxbv6oA3CA
Video explains three types of attack:
1) Spy on other user web browsing
2) Redirect visited websites to attacker web
3) Steal Facebook login credentials
https://youtu.be/MHxbv6oA3CA
Android cyber-espionage campaign discovered in the Middle East as Welcome Chat app
This operation appears to be linked to the Gaza Hacker threat group.
The uncovered malicious operation both spies on victims and leaks their data (MITM, open server database without authorization)
https://www.welivesecurity.com/2020/07/14/welcome-chat-secure-messaging-app-nothing-further-truth/
This operation appears to be linked to the Gaza Hacker threat group.
The uncovered malicious operation both spies on victims and leaks their data (MITM, open server database without authorization)
https://www.welivesecurity.com/2020/07/14/welcome-chat-secure-messaging-app-nothing-further-truth/
WeLiveSecurity
Welcome Chat as a secure messaging app? Nothing could be further from the truth
ESET research uncovers a malicious operation that spies on Android users via Welcome Chat, an app posing as a secure chat service available in Google Play.
Code analysis of CryCryptor Android ransomware and its discovered vulnerability.
By exploiting this vulnerability was successfully created a decryption tool - CryDecryptor
https://youtu.be/deyBbSKKGk8
By exploiting this vulnerability was successfully created a decryption tool - CryDecryptor
https://youtu.be/deyBbSKKGk8
YouTube
Analysis of CryCryptor Android Ransomware and how I created decryptor | fake COVID-19 tracing app
Code and vulnerability analysis of CryCryptor Android Ransomware that was distributed via malicious websites as COVID-19 Tracing app in Canada.
More information: https://www.welivesecurity.com/2020/06/24/new-ransomware-uses-covid19-tracing-guise-target-canada…
More information: https://www.welivesecurity.com/2020/06/24/new-ransomware-uses-covid19-tracing-guise-target-canada…
Android: arbitrary code execution via third-party package context
https://blog.oversecured.com/Android-arbitrary-code-execution-via-third-party-package-contexts/
https://blog.oversecured.com/Android-arbitrary-code-execution-via-third-party-package-contexts/
News, Techniques & Guides
Android: arbitrary code execution via third-party package contexts
Introduction There are apps for Android that have the ability to add extra functionality by using external modules. Some load native libraries or third-party dex or app files, but in this article we...
BlackRock - new Android banking Trojan
https://www.threatfabric.com/blogs/blackrock_the_trojan_that_wanted_to_get_them_all.html
https://www.threatfabric.com/blogs/blackrock_the_trojan_that_wanted_to_get_them_all.html
Android Hacking with NMAP
-Exploit open ports and vulnerabilities in Android apps
-Search for unpatched ES File Explorer app and exploit it (CVE-2019-6447)
https://youtu.be/HXTl_V8UwYs
-Exploit open ports and vulnerabilities in Android apps
-Search for unpatched ES File Explorer app and exploit it (CVE-2019-6447)
https://youtu.be/HXTl_V8UwYs
0-click RCE via MMS exploit for Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0) #Fuzzing CVE-2020-8899
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-1-introduction-to-qmage.html
Demo: https://youtu.be/ZQnb8kRMkHg
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-1-introduction-to-qmage.html
Demo: https://youtu.be/ZQnb8kRMkHg
Blogspot
MMS Exploit Part 1: Introduction to the Samsung Qmage Codec and Remote Attack Surface
Posted by Mateusz Jurczyk, Project Zero This post is the first of a multi-part series capturing my journey from discovering a vulnerable...
Demo of bug in Firefox for Android that allows camera and microphone to stream if device is locked
▪️ it will be fixed in October 2020
▪️ it might be misused as Stalkerware
▪️ tips how to prevent being spied on until October 2020
https://youtu.be/FlthUOKdoKw
▪️ it will be fixed in October 2020
▪️ it might be misused as Stalkerware
▪️ tips how to prevent being spied on until October 2020
https://youtu.be/FlthUOKdoKw
YouTube
Bug in Firefox for Android allows camera and microphone live stream if device is locked
I demonstrated a bug in Firefox for Android reported in 2019 that lets device camera and microphone active even though the app is not used (in the background) or device is locked.
In my test, when I killed running Firefox, the stream was disconnected after…
In my test, when I killed running Firefox, the stream was disconnected after…
ADMA v2.0 - Android Mobile Device Hardening tool
Now includes malwares detection based on permissions (more than 500 malwares analysis) with some new updates!
https://github.com/SecTheTech/AMDH
Now includes malwares detection based on permissions (more than 500 malwares analysis) with some new updates!
https://github.com/SecTheTech/AMDH
GitHub
GitHub - A-YATTA/AMDH: Android Mobile Device Hardening
Android Mobile Device Hardening. Contribute to A-YATTA/AMDH development by creating an account on GitHub.
iOS on QEMU
The goal of this project is to boot a fully functional iOS system on QEMU
https://github.com/alephsecurity/xnu-qemu-arm64
The goal of this project is to boot a fully functional iOS system on QEMU
https://github.com/alephsecurity/xnu-qemu-arm64
GitHub
GitHub - alephsecurity/xnu-qemu-arm64
Contribute to alephsecurity/xnu-qemu-arm64 development by creating an account on GitHub.
Writing an iOS Kernel Exploit from Scratch
https://secfault-security.com/blog/chain3.html
https://secfault-security.com/blog/chain3.html
How to identify if someone spies on your WhatsApp messages
https://youtu.be/qjoApedppbw
https://youtu.be/qjoApedppbw
MMS Exploit Part 2: Effective Fuzzing of the Qmage Codec
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-2-effective-fuzzing-qmage.html
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-2-effective-fuzzing-qmage.html
Blogspot
MMS Exploit Part 2: Effective Fuzzing of the Qmage Codec
Posted by Mateusz Jurczyk, Project Zero This post is the second of a multi-part series capturing my journey from discovering a vulnerabl...
DJI GO 4 Android application security analysis (app to control drones)
https://www.synacktiv.com/en/publications/dji-android-go-4-application-security-analysis.html
https://www.synacktiv.com/en/publications/dji-android-go-4-application-security-analysis.html
Synacktiv
DJI Android GO 4 application security analysis
Source code of Cerberus (Android Malware) is for sale - $100,000
https://www.bleepingcomputer.com/news/security/cerberus-android-malware-source-code-offered-for-sale-for-100-000/
https://www.bleepingcomputer.com/news/security/cerberus-android-malware-source-code-offered-for-sale-for-100-000/
BleepingComputer
Cerberus Android malware source code offered for sale for $100,000
The maintainer of Cerberus banking trojan for Android is auctioning the entire project for a price starting at $50,000 or close the deal for double the money.
AndroidProjectCreator: v1.4-stable has been released
You can now install precompiled versions of all dependencies, shortening the installation to mere seconds! The full patch notes are given here:
https://maxkersten.nl/2020/07/28/androidprojectcreator-1-4-stable-release/
You can now install precompiled versions of all dependencies, shortening the installation to mere seconds! The full patch notes are given here:
https://maxkersten.nl/2020/07/28/androidprojectcreator-1-4-stable-release/