Mobile threat statistics for Q2 2020 by Kaspersky
https://securelist.com/it-threat-evolution-q2-2020-mobile-statistics/98337/
https://securelist.com/it-threat-evolution-q2-2020-mobile-statistics/98337/
Securelist
IT threat evolution Q2 2020. Mobile statistics
According to Kaspersky Security Network, during the second quarter 1,245,894 malicious installers were detected and a total of 14,204,345 attacks on mobile devices were blocked.
India yesterday banned 118 Chinese apps
List of app in the link
https://drive.google.com/file/d/1NRcC49uKIvwA4-sDmubC5aC2LmHggKoG/view
List of app in the link
https://drive.google.com/file/d/1NRcC49uKIvwA4-sDmubC5aC2LmHggKoG/view
Android Permission (Notification Permission) Can Be Lethal [Android Malware Series]
https://youtu.be/PzhDEV7rpP0
https://youtu.be/PzhDEV7rpP0
YouTube
This Android Permission Can Be Lethal. [Android Malware Series]
In this video, I talk about how this Android Permission (Notification Permission) can steal almost all private data from victim's device without asking for any extra permission.
Many Android Malware uses this permission to perform various tasks like stealing…
Many Android Malware uses this permission to perform various tasks like stealing…
WhatsApp discloses six previously undisclosed flaws
https://www.whatsapp.com/security/advisories/2020/
https://www.whatsapp.com/security/advisories/2020/
WhatsApp.com
WhatsApp Security Advisories 2020
WhatsApp Security Advisories 2020 - List of security fixes for WhatsApp products
ARM64 Reversing and Exploitation
Part 1: http://highaltitudehacks.com/2020/09/05/arm64-reversing-and-exploitation-part-1-arm-instruction-set-heap-overflow/
Part 2: http://highaltitudehacks.com/2020/09/06/arm64-reversing-and-exploitation-part-2-use-after-free/
Part 3: http://highaltitudehacks.com/2020/09/06/arm64-reversing-and-exploitation-part-3-a-simple-rop-chain/
Part 1: http://highaltitudehacks.com/2020/09/05/arm64-reversing-and-exploitation-part-1-arm-instruction-set-heap-overflow/
Part 2: http://highaltitudehacks.com/2020/09/06/arm64-reversing-and-exploitation-part-2-use-after-free/
Part 3: http://highaltitudehacks.com/2020/09/06/arm64-reversing-and-exploitation-part-3-a-simple-rop-chain/
Prateekg147
ARM64 Reversing and Exploitation Part 1 - ARM Instruction Set + Simple Heap Overflow
Hi Everyone ! In this blog series, we will be understanding the ARM instruction set and using that to reverse ARM Binaries followed by writing exploits for them. So let’s start with the basics of ARM64.
TikTok Spyware (SpyNote) Analysis
https://www.zscaler.com/blogs/research/tiktok-spyware
https://www.zscaler.com/blogs/research/tiktok-spyware
Zscaler
Detailed Analysis of TikTok Spyware | Zscaler Blog
Recently, Zscaler analyzed another variant of this app portraying itself as TikTok Pro, but its a spyware with premium features to spy on victim with ease.
Android bypass SSL pinning using Frida
https://www.docdroid.net/file/download/zokUC70/android-ssl-pinning-pdf.pdf
https://www.docdroid.net/file/download/zokUC70/android-ssl-pinning-pdf.pdf
Three persistent and one theft of arbitrary files vulnerabilities have been discovered in the TikTok Android app
https://blog.oversecured.com/Oversecured-detects-dangerous-vulnerabilities-in-the-TikTok-Android-app/
https://blog.oversecured.com/Oversecured-detects-dangerous-vulnerabilities-in-the-TikTok-Android-app/
News, Techniques & Guides
Oversecured detects dangerous vulnerabilities in the TikTok Android app
Oversecured has once again uncovered high-severity vulnerabilities, this time in the TikTok app. The app contained one vulnerability to theft of arbitrary files with user interaction and three to persistent arbitrary code execution.
Billions of devices vulnerable to new 'BLESA' Bluetooth security flaw
https://www.zdnet.com/google-amp/article/billions-of-devices-vulnerable-to-new-blesa-bluetooth-security-flaw/
https://www.zdnet.com/google-amp/article/billions-of-devices-vulnerable-to-new-blesa-bluetooth-security-flaw/
ZDNET
Billions of devices vulnerable to new 'BLESA' Bluetooth security flaw
New BLESA attack goes after the often ignored Bluetooth reconnection process, unlike previous vulnerabilities, most found in the pairing operation.
Vulnerability that allows to persistently launch Intent on every device on the same LAN that had vulnerable version of Firefox for Android (68.11.0 and below)
Report: https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/firefox-android-2020
PoC code: https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/blob/master/firefox-android-2020/ffssdp.py
Report: https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/firefox-android-2020
PoC code: https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/blob/master/firefox-android-2020/ffssdp.py
GitLab
firefox-android-2020 · master · GitLab.com / GitLab Security Division / Security Operations Department / Red Team / Red Team Public…
As we come across interesting things that we want to share with the community we will document them here as a tech note.
Rampant Kitten – An Iranian Espionage Campaign (including Android component)
https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/
https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/
Check Point Research
Rampant Kitten - An Iranian Espionage Campaign - Check Point Research
Introduction Check Point Research unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchers…
👍1
Locating the Trojan inside an infected COVID-19 contact tracing app
https://medium.com/@cryptax/locating-the-trojan-inside-an-infected-covid-19-contact-tracing-app-21e23f90fbfe
https://medium.com/@cryptax/locating-the-trojan-inside-an-infected-covid-19-contact-tracing-app-21e23f90fbfe
Medium
Locating the Trojan inside an infected COVID-19 contact tracing app
An italian company, SoftMining, developed an Android COVID-19 contact tracing application “SM-COVID-19”. Unfortunately, malware authors…
Exploitation of LAN vulnerability found in Firefox for Android [demo]
I tested this PoC exploit on 3 devices on same wifi network, it worked pretty well.
I was able to open custom URL on every smartphone using vulnerable Firefox (68.11.0 and below).
https://twitter.com/LukasStefanko/status/1307013106615418883
I tested this PoC exploit on 3 devices on same wifi network, it worked pretty well.
I was able to open custom URL on every smartphone using vulnerable Firefox (68.11.0 and below).
https://twitter.com/LukasStefanko/status/1307013106615418883
iOS and Android scam apps spreading via TikTok
https://blog.avast.com/scam-apps-spreading-via-tiktok-avast
https://blog.avast.com/scam-apps-spreading-via-tiktok-avast
Avast
iOS and Android scam apps spreading via TikTok
After a 12-year-old girl reported a rogue app circulating on TikTok to Avast, our team found a total of seven adware scam apps available on both the Google Play Store and the Apple App Store.
Vulnerabilities in ATM Milano's mobile app
https://blog.jacopojannone.com/en/post/atm-app-vulnerability/
https://blog.jacopojannone.com/en/post/atm-app-vulnerability/
Alien - the story of Cerberus' demise
https://www.threatfabric.com/blogs/alien_the_story_of_cerberus_demise.html
https://www.threatfabric.com/blogs/alien_the_story_of_cerberus_demise.html
ThreatFabric
Alien - the story of Cerberus' demise
The Alien banking Trojan expands 2020’s threat landscape alongside the demise of the infamous Cerberus Trojan. Learn more about its advanced capabilities and relation with Cerberus.