Vulnerability that allows to persistently launch Intent on every device on the same LAN that had vulnerable version of Firefox for Android (68.11.0 and below)
Report: https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/firefox-android-2020
PoC code: https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/blob/master/firefox-android-2020/ffssdp.py
Report: https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/firefox-android-2020
PoC code: https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/blob/master/firefox-android-2020/ffssdp.py
GitLab
firefox-android-2020 Β· master Β· GitLab.com / GitLab Security Division / Security Operations Department / Red Team / Red Team Publicβ¦
As we come across interesting things that we want to share with the community we will document them here as a tech note.
Rampant Kitten β An Iranian Espionage Campaign (including Android component)
https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/
https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/
Check Point Research
Rampant Kitten - An Iranian Espionage Campaign - Check Point Research
Introduction Check Point Research unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchersβ¦
π1
Locating the Trojan inside an infected COVID-19 contact tracing app
https://medium.com/@cryptax/locating-the-trojan-inside-an-infected-covid-19-contact-tracing-app-21e23f90fbfe
https://medium.com/@cryptax/locating-the-trojan-inside-an-infected-covid-19-contact-tracing-app-21e23f90fbfe
Medium
Locating the Trojan inside an infected COVID-19 contact tracing app
An italian company, SoftMining, developed an Android COVID-19 contact tracing application βSM-COVID-19β. Unfortunately, malware authorsβ¦
Exploitation of LAN vulnerability found in Firefox for Android [demo]
I tested this PoC exploit on 3 devices on same wifi network, it worked pretty well.
I was able to open custom URL on every smartphone using vulnerable Firefox (68.11.0 and below).
https://twitter.com/LukasStefanko/status/1307013106615418883
I tested this PoC exploit on 3 devices on same wifi network, it worked pretty well.
I was able to open custom URL on every smartphone using vulnerable Firefox (68.11.0 and below).
https://twitter.com/LukasStefanko/status/1307013106615418883
iOS and Android scam apps spreading via TikTok
https://blog.avast.com/scam-apps-spreading-via-tiktok-avast
https://blog.avast.com/scam-apps-spreading-via-tiktok-avast
Avast
iOS and Android scam apps spreading via TikTok
After a 12-year-old girl reported a rogue app circulating on TikTok to Avast, our team found a total of seven adware scam apps available on both the Google Play Store and the Apple App Store.
Vulnerabilities in ATM Milano's mobile app
https://blog.jacopojannone.com/en/post/atm-app-vulnerability/
https://blog.jacopojannone.com/en/post/atm-app-vulnerability/
Alien - the story of Cerberus' demise
https://www.threatfabric.com/blogs/alien_the_story_of_cerberus_demise.html
https://www.threatfabric.com/blogs/alien_the_story_of_cerberus_demise.html
ThreatFabric
Alien - the story of Cerberus' demise
The Alien banking Trojan expands 2020βs threat landscape alongside the demise of the infamous Cerberus Trojan. Learn more about its advanced capabilities and relation with Cerberus.
Code Execution Vulnerability in Instagram App for Android and iOS
https://research.checkpoint.com/2020/instagram_rce-code-execution-vulnerability-in-instagram-app-for-android-and-ios/
https://research.checkpoint.com/2020/instagram_rce-code-execution-vulnerability-in-instagram-app-for-android-and-ios/
Apps on Google Play Tainted with Cerberus Banker Malware
https://labs.bitdefender.com/2020/09/apps-on-google-play-tainted-with-cerberus-banker-malware/
https://labs.bitdefender.com/2020/09/apps-on-google-play-tainted-with-cerberus-banker-malware/
Bitdefender Labs
Daily source of cyber-threat information. Established 2001.
Into Android Meterpreter and how the malware launches it β part 2
https://medium.com/@cryptax/into-android-meterpreter-and-how-the-malware-launches-it-part-2-ef5aad2ebf12
https://medium.com/@cryptax/into-android-meterpreter-and-how-the-malware-launches-it-part-2-ef5aad2ebf12
Medium
Into Android Meterpreter and how the malware launches it β part 2
This is a part 2 of βLocating the Trojan inside an infected COVID-19 contact tracing appβ. We are going to explain how the malware works.
Latest disclosed campaign of Android FinFisher used in 2019
https://www.amnesty.org/en/latest/research/2020/09/german-made-finspy-spyware-found-in-egypt-and-mac-and-linux-versions-revealed/
https://www.amnesty.org/en/latest/research/2020/09/german-made-finspy-spyware-found-in-egypt-and-mac-and-linux-versions-revealed/
Amnesty International
German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed
β’ FinSpy is a commercial spyware suite produced by the Munich-based company FinFisher Gmbh. Since 2011 researchers have documented numerous cases of targeting of Human Rights Defenders (HRDs) - including activists, journalists, and dissidents with the useβ¦
Exploiting Android deep links and exported components
Slides: https://docs.google.com/presentation/d/1YnO_XF-iw2CvJa3rM-GdwYDV22SSzqVHQttXVedY3O4/edit#slide
PoCs: https://www.dropbox.com/sh/spwflkxxky37ruu/AAAf0KCItLdPr2lRp2vtQx2Aa?dl=0
Slides: https://docs.google.com/presentation/d/1YnO_XF-iw2CvJa3rM-GdwYDV22SSzqVHQttXVedY3O4/edit#slide
PoCs: https://www.dropbox.com/sh/spwflkxxky37ruu/AAAf0KCItLdPr2lRp2vtQx2Aa?dl=0
Google Docs
B3nac - Exploiting Android deep links and exported components
Exploiting Android deep links and exported components By Kyle B3nac @b3nac
MEDUZA - universal SSL unpinning tool for iOS
https://github.com/kov4l3nko/MEDUZA
https://github.com/kov4l3nko/MEDUZA
17 Joker Trojans found on Google Play caught stealing SMS messages, contact lists, and device information along with silently signing up the victim for premium wireless application protocol (WAP) services
https://www.zscaler.com/blogs/security-research/joker-playing-hide-and-seek-google-play
https://www.zscaler.com/blogs/security-research/joker-playing-hide-and-seek-google-play
Zscaler
Joker Playing Hide-and-Seek with Google Play | Zscaler
Joker is one of the most prominent types of malware targeting Android and keeps finding its way into Googleβs official application market.
Using AT commands (not ADB commands) to extract sensitive Android device info via USB cable
AT commands could be used for Android forensics to extract filesystem images and for some cases even unlocking smartphone
https://www.instagram.com/p/CFtkDgkgHTj/
AT commands could be used for Android forensics to extract filesystem images and for some cases even unlocking smartphone
https://www.instagram.com/p/CFtkDgkgHTj/
Android Hacking Primer
How to get started hacking Android applications
https://vickieli.dev/hacking/intro-android/
How to get started hacking Android applications
https://vickieli.dev/hacking/intro-android/
Vickie Li's Security Blog
An Android Hacking Primer
How to get started hacking Android applications.
Forwarded from The Bug Bounty Hunter
Jailbreaking iOS without a Mac (1/4): The Plan
https://medium.com/bugbountywriteup/jailbreaking-ios-without-a-mac-1-4-the-plan-b49c0edc1759
https://medium.com/bugbountywriteup/jailbreaking-ios-without-a-mac-1-4-the-plan-b49c0edc1759
Medium
Jailbreaking iOS without a Mac (1/4): The Plan
Installing an unsigned iOS app (what is the prerequisite of jailbreaking) using Linux with (semi-)legitimate tools.
APTβCβ23 group evolves its Android spyware
https://www.welivesecurity.com/2020/09/30/aptc23-group-evolves-its-android-spyware/
https://www.welivesecurity.com/2020/09/30/aptc23-group-evolves-its-android-spyware/
WeLiveSecurity
APTβCβ23 group evolves its Android spyware
ESET research uncovers a new version of Android spyware that the APT-C-23 aka Two-tailed Scorpion threat group has used against targets in the Middle East.
Video demo how Android Spyware steals WhatsApp messages from received notifications
https://www.instagram.com/reel/CFwz9wMAwuL/
https://www.instagram.com/reel/CFwz9wMAwuL/
Instagram
Android Security & Hacking
What happens if you "Allow notification" access to malicious app. Video demo how easy it is for such malicious spyware to steal WhatsApp messages from received notifications . . . . . #hackers #hacking #hacker #cybersecurity #ethicalhacking #hack #kalilinuxβ¦