Xenomorph - new Android Banker - here is a quick video how smoothly it creates malicious overlay once targeted app (PayPal, Binance, Coinbase etc.) are launched by victim
https://youtu.be/7-yT65lVBf8
https://youtu.be/7-yT65lVBf8
๐15
Writeup for an iOS 15 exploit that can achieve kernel
Impact: A malicious application may be able to execute arbitrary code with kernel privileges (CVE-2021-30955)
https://www.cyberkl.com/cvelist/cvedetail/24
Impact: A malicious application may be able to execute arbitrary code with kernel privileges (CVE-2021-30955)
https://www.cyberkl.com/cvelist/cvedetail/24
Cyberkl
ๆไปๅฎ้ชๅฎค
๐7๐ค5๐คฉ1
Directory traversal vulnerability discovered in Android Slack lead to disclosure of auth tokens https://hackerone.com/reports/1378889
HackerOne
Slack disclosed on HackerOne: [Android] Directory traversal leading...
Files uploaded to and opened in Slack with specially-crafted names could cause the Android operating system to overwrite configuration files on customer devices, potentially exposing Slack data to...
๐13๐ฅฐ2
Intercepting Android Emulator SSL traffic with burp using magisk
https://infosecwriteups.com/intercepting-android-emulator-ssl-traffic-with-burp-using-magisk-bc948dca68f9
https://infosecwriteups.com/intercepting-android-emulator-ssl-traffic-with-burp-using-magisk-bc948dca68f9
Medium
Intercepting Android Emulator SSL traffic with burp using magisk
In an android security testing intercepting SSL traffic from the apk is one of the basic requirement. Their are many ways in which it canโฆ
๐20๐คฉ5
How to execute running Java code directly on Android (without creating an APK)
Part 1: https://raccoon.onyxbits.de/blog/run-java-app-android/
Part 2: https://raccoon.onyxbits.de/blog/programmatically-talking-to-the-android-system-adb-shell/
Part 1: https://raccoon.onyxbits.de/blog/run-java-app-android/
Part 2: https://raccoon.onyxbits.de/blog/programmatically-talking-to-the-android-system-adb-shell/
raccoon.onyxbits.de
How to run Java programs directly on Android (without creating an APK)
A step by step instruction for compiling a Java program into an Android executable and using ADB to run it.
๐12
FireFox extension for generating Frida snippet scripts from official Android developer documentation
Right click on function names (public methods section) or fields and it will automatically copy generated Frida snippet
https://github.com/eybisi/android-developer-frida (no overload support for now)
Right click on function names (public methods section) or fields and it will automatically copy generated Frida snippet
https://github.com/eybisi/android-developer-frida (no overload support for now)
GitHub
GitHub - eybisi/android-developer-frida: frida snippet generator firefox extension for developer.android.com
frida snippet generator firefox extension for developer.android.com - eybisi/android-developer-frida
๐11
PoC for CVE-2021-30955 has been publicly released affecting iOS 15.2
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
https://gist.github.com/jakeajames/37f72c58c775bfbdda3aa9575149a8aa
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
https://gist.github.com/jakeajames/37f72c58c775bfbdda3aa9575149a8aa
Gist
CVE-2021-30955 PoC
CVE-2021-30955 PoC. GitHub Gist: instantly share code, notes, and snippets.
๐11
Bug found in Zenly - Social-Media App with 50M+ installs - Allowed Account Takeover
https://checkmarx.com/blog/zenly-fixes-user-data-exposure-and-account-takeover-risks/
https://checkmarx.com/blog/zenly-fixes-user-data-exposure-and-account-takeover-risks/
Checkmarx.com
Zenly Fixes User Data Exposure and Account Takeover Risks
The Checkmarx Security Research Team responsibly notified Zenly, providing detailed information of our research findings, instructions to reproduce the issues, and recommendations. Zenly has now fixed the issues we discovered.
๐11โค1
Smali2Frida - generate Frida Hooks from .smali files
https://github.com/apkunpacker/Smali2Frida
https://github.com/apkunpacker/Smali2Frida
GitHub
GitHub - apkunpacker/Smali2Frida
Contribute to apkunpacker/Smali2Frida development by creating an account on GitHub.
๐7๐ฅฐ3
Another iOS 15.1 kernel exploit PoC for CVE-2021-30955
https://github.com/b1n4r1b01/desc_race
https://github.com/b1n4r1b01/desc_race
GitHub
GitHub - b1n4r1b01/desc_race: iOS 15.1 kernel exploit POC for CVE-2021-30955
iOS 15.1 kernel exploit POC for CVE-2021-30955. Contribute to b1n4r1b01/desc_race development by creating an account on GitHub.
๐1
Android TeaBot banking malware with 10K+ installs is still available on Google Play Store
QR Code downloads main.apk that drops payload and targets over 400 apps
https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe
QR Code downloads main.apk that drops payload and targets over 400 apps
https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe
Cleafy
TeaBot is now spreading across the globe | Cleafy Labs
Since TeaBot first discovery in 2021, Cleafy's Threat Intelligence Team has been following this banking trojan's trails to understand how it acts against banks. To know more, read here our latest report.
๐3
Android banking malware TeaBot with 10,000+ installs is still available on Google Play Store
Double check which QR code app you are about to install or are using already
https://youtube.com/shorts/FvuqEhI9LjQ
Double check which QR code app you are about to install or are using already
https://youtube.com/shorts/FvuqEhI9LjQ
๐7๐ฅ3
SMS PVA: Underground Service for Cybercriminals
Part 1: https://www.trendmicro.com/en_us/research/22/b/sms-pva-cybercriminals-part-1.html
Part 2: https://www.trendmicro.com/en_us/research/22/b/sms-pva-cybercriminals-part-2.html
Part 1: https://www.trendmicro.com/en_us/research/22/b/sms-pva-cybercriminals-part-1.html
Part 2: https://www.trendmicro.com/en_us/research/22/b/sms-pva-cybercriminals-part-2.html
Trend Micro
SMS PVA Part 1: Underground Service for Cybercriminals
This is a 3-part blog entry about SMS PVA, a service that lets cybercriminals compromise smartphone cybersecurity.
๐15๐คฏ5
SharkBot - Two Android bankers discovered on Google Play ironically impersonate Antivirus apps
https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
Fox-IT International blog
SharkBot: a โnewโ generation Android banking Trojan being distributed on Google Play Store
Authors: Alberto Segura, Malware analystRolf Govers, Malware analyst & Forensic IT Expert NCC Group, as well as many other researchers noticed a rise in Android malware last year, especillay Anโฆ
๐3
New version of #AbereBot banking Trojan is rebranded as #Escobar and available for rent on underground market
https://twitter.com/LukasStefanko/status/1499659018066964481
https://twitter.com/LukasStefanko/status/1499659018066964481
Twitter
Lukas Stefanko
New version of #AbereBot is rebranded as #Escobar and available for rent -1 month rent/$3000 -doesn't use Telegram as c&c anymore -new features: audio recording, take photos, use VNC, make calls, get Google Authenticator 2FA codes, uninstall any app -targetsโฆ
๐8โค4๐ฅ4
Native2Frida - Give It Decompiled IDA Code and get Frida Script for All Functions which have Char as argument or return type as char
https://github.com/apkunpacker/Native2Frida
https://github.com/apkunpacker/Native2Frida
GitHub
GitHub - apkunpacker/Native2Frida
Contribute to apkunpacker/Native2Frida development by creating an account on GitHub.
๐11๐ฅ5
Jeb2Frida - JEB script to automatically generate a Frida hook for a given method
https://github.com/cryptax/misc-code/tree/master/jeb
https://github.com/cryptax/misc-code/tree/master/jeb
GitHub
misc-code/jeb at master ยท cryptax/misc-code
Miscellaneous code. Contribute to cryptax/misc-code development by creating an account on GitHub.
๐8
Dirty Pipe vulnerability affects Linux Kernel since 5.8 including Android (CVE-2022-0847)
This issue leads to LPE because unprivileged processes can inject code into root processes
Details and PoC exploit: https://dirtypipe.cm4all.com/
Demo of exploitation: https://www.instagram.com/p/Ca2JIOjgwF6/
This issue leads to LPE because unprivileged processes can inject code into root processes
Details and PoC exploit: https://dirtypipe.cm4all.com/
Demo of exploitation: https://www.instagram.com/p/Ca2JIOjgwF6/
๐13
Reverse engineering of a trojanized medical app โ Android/Joker
- 4 different stages of DEX & JARs https://cryptax.medium.com/live-reverse-engineering-of-a-trojanized-medical-app-android-joker-632d114073c1
- 4 different stages of DEX & JARs https://cryptax.medium.com/live-reverse-engineering-of-a-trojanized-medical-app-android-joker-632d114073c1
Medium
Live reverse engineering of a trojanized medical app โ Android/Joker
A few days ago, a tweet reporting an Android malware caught my attention, because it was apparently found inside a health-relatedโฆ
๐10
A attacker can open a malicious url or 3rd party app in NextCloud Talk app https://hackerone.com/reports/1337178
HackerOne
Nextcloud disclosed on HackerOne: objectId in share location can be...
## Summary:
The NextCloud Talk app allows a user to share their location in the Mobile App.
The objectId= in ```/ocs/v2.php/apps/spreed/api/v1/chat/$token/share``` Can be set to a URL or Deeplink,...
The NextCloud Talk app allows a user to share their location in the Mobile App.
The objectId= in ```/ocs/v2.php/apps/spreed/api/v1/chat/$token/share``` Can be set to a URL or Deeplink,...
๐7๐5
Exploring the archived APKs powering Androidโs new app archiving feature https://blog.esper.io/android-dessert-bites-16-app-archiving-857169/
www.esper.io
Exploring the Archived APKs Powering Androidโs New App Archiving Feature
Android's new app archiving feature can save loads of storage space thanks to a new archived APK file. Here's how it all works.
๐12๐3๐2