BlackRock - new Android banking Trojan
https://www.threatfabric.com/blogs/blackrock_the_trojan_that_wanted_to_get_them_all.html
https://www.threatfabric.com/blogs/blackrock_the_trojan_that_wanted_to_get_them_all.html
Android Hacking with NMAP
-Exploit open ports and vulnerabilities in Android apps
-Search for unpatched ES File Explorer app and exploit it (CVE-2019-6447)
https://youtu.be/HXTl_V8UwYs
-Exploit open ports and vulnerabilities in Android apps
-Search for unpatched ES File Explorer app and exploit it (CVE-2019-6447)
https://youtu.be/HXTl_V8UwYs
0-click RCE via MMS exploit for Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0) #Fuzzing CVE-2020-8899
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-1-introduction-to-qmage.html
Demo: https://youtu.be/ZQnb8kRMkHg
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-1-introduction-to-qmage.html
Demo: https://youtu.be/ZQnb8kRMkHg
Blogspot
MMS Exploit Part 1: Introduction to the Samsung Qmage Codec and Remote Attack Surface
Posted by Mateusz Jurczyk, Project Zero This post is the first of a multi-part series capturing my journey from discovering a vulnerable...
Demo of bug in Firefox for Android that allows camera and microphone to stream if device is locked
▪️ it will be fixed in October 2020
▪️ it might be misused as Stalkerware
▪️ tips how to prevent being spied on until October 2020
https://youtu.be/FlthUOKdoKw
▪️ it will be fixed in October 2020
▪️ it might be misused as Stalkerware
▪️ tips how to prevent being spied on until October 2020
https://youtu.be/FlthUOKdoKw
YouTube
Bug in Firefox for Android allows camera and microphone live stream if device is locked
I demonstrated a bug in Firefox for Android reported in 2019 that lets device camera and microphone active even though the app is not used (in the background) or device is locked.
In my test, when I killed running Firefox, the stream was disconnected after…
In my test, when I killed running Firefox, the stream was disconnected after…
ADMA v2.0 - Android Mobile Device Hardening tool
Now includes malwares detection based on permissions (more than 500 malwares analysis) with some new updates!
https://github.com/SecTheTech/AMDH
Now includes malwares detection based on permissions (more than 500 malwares analysis) with some new updates!
https://github.com/SecTheTech/AMDH
GitHub
GitHub - A-YATTA/AMDH: Android Mobile Device Hardening
Android Mobile Device Hardening. Contribute to A-YATTA/AMDH development by creating an account on GitHub.
iOS on QEMU
The goal of this project is to boot a fully functional iOS system on QEMU
https://github.com/alephsecurity/xnu-qemu-arm64
The goal of this project is to boot a fully functional iOS system on QEMU
https://github.com/alephsecurity/xnu-qemu-arm64
GitHub
GitHub - alephsecurity/xnu-qemu-arm64
Contribute to alephsecurity/xnu-qemu-arm64 development by creating an account on GitHub.
Writing an iOS Kernel Exploit from Scratch
https://secfault-security.com/blog/chain3.html
https://secfault-security.com/blog/chain3.html
How to identify if someone spies on your WhatsApp messages
https://youtu.be/qjoApedppbw
https://youtu.be/qjoApedppbw
MMS Exploit Part 2: Effective Fuzzing of the Qmage Codec
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-2-effective-fuzzing-qmage.html
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-2-effective-fuzzing-qmage.html
Blogspot
MMS Exploit Part 2: Effective Fuzzing of the Qmage Codec
Posted by Mateusz Jurczyk, Project Zero This post is the second of a multi-part series capturing my journey from discovering a vulnerabl...
DJI GO 4 Android application security analysis (app to control drones)
https://www.synacktiv.com/en/publications/dji-android-go-4-application-security-analysis.html
https://www.synacktiv.com/en/publications/dji-android-go-4-application-security-analysis.html
Synacktiv
DJI Android GO 4 application security analysis
Source code of Cerberus (Android Malware) is for sale - $100,000
https://www.bleepingcomputer.com/news/security/cerberus-android-malware-source-code-offered-for-sale-for-100-000/
https://www.bleepingcomputer.com/news/security/cerberus-android-malware-source-code-offered-for-sale-for-100-000/
BleepingComputer
Cerberus Android malware source code offered for sale for $100,000
The maintainer of Cerberus banking trojan for Android is auctioning the entire project for a price starting at $50,000 or close the deal for double the money.
AndroidProjectCreator: v1.4-stable has been released
You can now install precompiled versions of all dependencies, shortening the installation to mere seconds! The full patch notes are given here:
https://maxkersten.nl/2020/07/28/androidprojectcreator-1-4-stable-release/
You can now install precompiled versions of all dependencies, shortening the installation to mere seconds! The full patch notes are given here:
https://maxkersten.nl/2020/07/28/androidprojectcreator-1-4-stable-release/
Medusa - new framework for dynamic analysis of Android apps
It offers different categories and modules to active during the dynamic analysis. It generates Frida noscripts based on the picked modules
https://github.com/Ch0pin/medusa
It offers different categories and modules to active during the dynamic analysis. It generates Frida noscripts based on the picked modules
https://github.com/Ch0pin/medusa
GitHub
GitHub - Ch0pin/medusa: Mobile Edge-Dynamic Unified Security Analysis
Mobile Edge-Dynamic Unified Security Analysis. Contribute to Ch0pin/medusa development by creating an account on GitHub.
Review of Medusa Framework
Tool for dynamic analysis of Android apps
In review is hooked database module in Instagram app #BugBounty #Pentest #MalwareAnalysis
https://www.facebook.com/AndroidInfoSec/posts/3285627958127349
Tool for dynamic analysis of Android apps
In review is hooked database module in Instagram app #BugBounty #Pentest #MalwareAnalysis
https://www.facebook.com/AndroidInfoSec/posts/3285627958127349
MMS Exploit Part 3: Constructing the Memory Corruption Primitives
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-3-constructing-primitives.html
https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-3-constructing-primitives.html
Blogspot
MMS Exploit Part 3: Constructing the Memory Corruption Primitives
Posted by Mateusz Jurczyk, Project Zero This post is the third of a multi-part series capturing my journey from discovering a vulnerable...
Android Worm Malware spreads via SMS in India as TikTok Pro [malware demo]
https://youtu.be/mzkDxBjshI4
https://youtu.be/mzkDxBjshI4
YouTube
Android worm malware spreads via SMS in India as TikTok Pro | Android Malware | Fake TikTok Pro
TikTok app was recently banned in India
Malware developers have promptly misused the situation to distribute Android SMS worm disguised as Tiktok Pro.
Once user installs the app, it send SMS to all the contacts with a link to the malicious app.
After the…
Malware developers have promptly misused the situation to distribute Android SMS worm disguised as Tiktok Pro.
Once user installs the app, it send SMS to all the contacts with a link to the malicious app.
After the…
Google has removed 29 apps from the Play Store which were found filled with adware. These Android apps had over 3.5 million downloads on the Play Store.
https://www.whiteops.com/blog/bringing-blur-apps-into-focus
https://www.whiteops.com/blog/bringing-blur-apps-into-focus
HUMAN
Bringing Blur Apps Into Focus
The White Ops Threat Intelligence and Research Team uncovered an operation dubbed 'ChartreuseBlur', a collection of blur apps committing ad fraud.
AppSec: How to NOT create a job Android app [analysis]
https://medium.com/@fs0c131y/appsec-how-to-not-create-a-job-app-5b2776d16464
https://medium.com/@fs0c131y/appsec-how-to-not-create-a-job-app-5b2776d16464
Medium
AppSec: How to NOT create a job app
Few days ago, I received this private message on Twitter.
Android InsecureBankv2 Walkthrough
Part 1: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-1-9e0788ba5552
Part 2: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-2-429b4ab4a60f
Part 3: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-3-2b3e5843fe91
Part 1: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-1-9e0788ba5552
Part 2: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-2-429b4ab4a60f
Part 3: https://medium.com/bugbountywriteup/android-insecurebankv2-walkthrough-part-3-2b3e5843fe91
Medium
Android InsecureBankv2 Walkthrough: Part 1
In this article, I will be taking a look at the InsecureBankv2 Android application created by the GitHub user dineshshetty. According to…