FaceStealers, Fleeceware and Adware discovered on Google Play posing as AI art apps
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/the-rise-and-risks-of-ai-art-apps/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/the-rise-and-risks-of-ai-art-apps/
McAfee Blog
The Rise and Risks of AI Art Apps | McAfee Blog
Authored by Fernando Ruiz The popularity of AI-based mobile applications that can create artistic images based on pictures, such as the βMagic Avatarsβ
π15β€1
Flipper Zero Controlling Traffic Lights
https://youtu.be/TrVLmTLHgew
https://youtu.be/TrVLmTLHgew
YouTube
Flipper Zero Controlling Traffic Lights
Flipper Zero using its onboard Signal Generator and interfaced through the GPIO's with a high power Infrared LED array can imitate a 3M OptiCom transmitter. This system is known as Traffic Signal Preemption and can cause the traffic light controller to giveβ¦
π30π₯5β€1
OyeTalk - Live Voice Chat Room app with 5M+ installs leaked private user conversations
It stored unencrypted user chats, names and IMEI numbers on a database unguarded by a password
https://cybernews.com/security/android-voice-chat-app-leaked-private-user-conversations/
It stored unencrypted user chats, names and IMEI numbers on a database unguarded by a password
https://cybernews.com/security/android-voice-chat-app-leaked-private-user-conversations/
Cybernews
Android voice chat app leaked private user conversations
A popular app for voice chats, OyeTalk, stored unencrypted user chats on a database unguarded by a password.
π15π₯°2
Vulnerabilities in NSPredicate were discovered in macOS 13.2 and iOS 16.3 (CVE-2023-23530, CVE-2023-23531)
App can achieve code execution inside of SpringBoard, a highly privileged app that can access location data, the camera and microphone, call history, photos, and other sensitive data, as well as wipe the device
https://www.trellix.com/en-us/about/newsroom/stories/research/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html
App can achieve code execution inside of SpringBoard, a highly privileged app that can access location data, the camera and microphone, call history, photos, and other sensitive data, as well as wipe the device
https://www.trellix.com/en-us/about/newsroom/stories/research/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html
Trellix
Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS
The Trellix Advanced Research Center vulnerability team has discovered a large new class of bugs that allow bypassing code signing to execute arbitrary code in the context of several platform applications, leading to escalation of privileges and sandbox escapeβ¦
π7π₯1
Hardening Firmware Across the Android Ecosystem
https://security.googleblog.com/2023/02/hardening-firmware-across-android.html
https://security.googleblog.com/2023/02/hardening-firmware-across-android.html
Google Online Security Blog
Hardening Firmware Across the Android Ecosystem
Posted by Roger Piqueras Jover, Ivan Lozano, Sudhi Herle, and Stephan Somogyi, Android Team A modern Android powered smartphone is a comp...
π7π₯2π₯°1
Android Banker Deep Dive Analysis - Part 2
https://youtu.be/cGxQ3WIv9nI
https://youtu.be/cGxQ3WIv9nI
YouTube
Android Banker Deep Dive (Part 2)
Part 2 of our Banker Deep Dive. We continue our analysis of the JSON objects and recognize indicators of packing. We then try to use the Medusa framework to unpack.
---
In this [RE]laxing new series, I fully reverse a difficult Android Banker trojan fromβ¦
---
In this [RE]laxing new series, I fully reverse a difficult Android Banker trojan fromβ¦
π8π7π2β€1
Google vulnerability Reward Program: 2022 Year in Review
- identified and fix over 2,900 security issues
- Google paid $12 million in bug bounties
- $4.8 million rewards for Android security issues
https://security.googleblog.com/2023/02/vulnerability-reward-program-2022-year.html
- identified and fix over 2,900 security issues
- Google paid $12 million in bug bounties
- $4.8 million rewards for Android security issues
https://security.googleblog.com/2023/02/vulnerability-reward-program-2022-year.html
Google Online Security Blog
Vulnerability Reward Program: 2022 Year in Review
Posted by Sarah Jacobus, Vulnerability Rewards Team It has been another incredible year for the Vulnerability Reward Programs (VRPs) at G...
π11π₯°3π±3β€2
Forwarded from The Bug Bounty Hunter
The code that wasnβt there: Reading memory on an Android device by accident
https://github.blog/2023-02-23-the-code-that-wasnt-there-reading-memory-on-an-android-device-by-accident/
https://github.blog/2023-02-23-the-code-that-wasnt-there-reading-memory-on-an-android-device-by-accident/
The GitHub Blog
The code that wasn't there: Reading memory on an Android device by accident
CVE-2022-25664, a vulnerability in the Qualcomm Adreno GPU, can be used to leak large amounts of information to a malicious Android application. Learn more about how the vulnerability can be used to leak information in both the user space and kernel spaceβ¦
π16π₯8
SameSite cookie bypass on Android by redirecting to to intent-picker with PoC code ($5,000 bounty)
https://bugs.chromium.org/p/chromium/issues/detail?id=1368230
https://bugs.chromium.org/p/chromium/issues/detail?id=1368230
π10
Mobile Threat Report by McAfee 2023
https://www.mcafee.com/content/dam/consumer/en-us/docs/reports/rp-mobile-threat-report-feb-2023.pdf
https://www.mcafee.com/content/dam/consumer/en-us/docs/reports/rp-mobile-threat-report-feb-2023.pdf
π10
Android Meterpreter commands
(UHD quality: https://github.com/Ignitetechnologies/Mindmap/tree/main/Metasploit)
(UHD quality: https://github.com/Ignitetechnologies/Mindmap/tree/main/Metasploit)
π27β€1
Android Malware Analysis: Malicious Australian Taxation Office app
https://n0psn0ps.github.io/2023/03/02/android-malware-analysis-series-ato.apk-part-3.1/
https://n0psn0ps.github.io/2023/03/02/android-malware-analysis-series-ato.apk-part-3.1/
n0ps
Android Malware Analysis Series - ATO.apk - Part 3.1
Permanent dark(er) theme for Poole
π11
Online shopping Android app - SHEIN - with 100M+ installs transmitted clipboard data to remote servers
https://www.microsoft.com/en-us/security/blog/2023/03/06/protecting-android-clipboard-content-from-unintended-exposure/
https://www.microsoft.com/en-us/security/blog/2023/03/06/protecting-android-clipboard-content-from-unintended-exposure/
Microsoft News
Protecting Android clipboard content from unintended exposure
An old version of the SHEIN Android app periodically read the contents of the Android device clipboard & sent the contents to a remote server.
π13π₯΄6π₯1
Android, Notify Me When It Is Time To Go Phishing
https://www.s3.eurecom.fr/post/2023/03/06/android-notify-me-when-it-is-time-to-go-phishing/
Paper: https://www.s3.eurecom.fr/docs/eurosp23_inotify.pdf
https://www.s3.eurecom.fr/post/2023/03/06/android-notify-me-when-it-is-time-to-go-phishing/
Paper: https://www.s3.eurecom.fr/docs/eurosp23_inotify.pdf
www.s3.eurecom.fr
Android, notify me when it is time to go phishing | S3
The S3 Software and System Security Group @ EURECOM website.
π8β€2π±2π₯1π1
Android espionage attributed to #TransparentTribe #APT36 hacking group impersonated secure messaging apps to target Indian and Pakistani officials
https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/
https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/
WeLiveSecurity
Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials
ESET researchers analyze a campaign that has been distributing CapraRAT backdoors through trojanized and supposedly secure Android messaging apps.
π10
Nexus: The Latest Android Banking Trojan with SOVA Connections
https://blog.cyble.com/2023/03/09/nexus-the-latest-android-banking-trojan-with-sova-connections/
https://blog.cyble.com/2023/03/09/nexus-the-latest-android-banking-trojan-with-sova-connections/
π11π1
Xenomorph Introduces ATS (Automated Transfer Systems) and over 400 targets
"Xenomorph v3 is capable of performing the whole fraud chain, from infection, to the automated transfer using ATS, passing by PII exfiltration using Keylogging and Overlay attacks"
https://www.threatfabric.com/blogs/xenomorph-v3-new-variant-with-ats.html
"Xenomorph v3 is capable of performing the whole fraud chain, from infection, to the automated transfer using ATS, passing by PII exfiltration using Keylogging and Overlay attacks"
https://www.threatfabric.com/blogs/xenomorph-v3-new-variant-with-ats.html
ThreatFabric
Xenomorph v3: a new variant with ATS targeting more than 400 institutions
A new variant of Xenomorph appears on the horizon: Hadoken Security group advertises the latest version of their product, complete with ATS modules and Cookie session stealer.
π14
Building an Evil USB-C dock station using Rapsberry Pi Zero W (P4wnP1 A.L.O.A.)
https://research.aurainfosec.io/pentest/threat-on-your-desk-evil-usbc-dock/
https://research.aurainfosec.io/pentest/threat-on-your-desk-evil-usbc-dock/
Aura Research Division
The Threat on Your Desk: Building an Evil USB-C Dock
BadUSB attacks have been a threat for years, but is the USB-C dock sitting on your desk the latest threat in disguise?
π18
13 vulnerabilities discovered in smart intercom Akuvox E11 device
The vulnerabilities could allow attackers to execute code remotely in order to activate and control the deviceβs camera and microphone, steal video and images, or gain a network foothold.
https://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms
The vulnerabilities could allow attackers to execute code remotely in order to activate and control the deviceβs camera and microphone, steal video and images, or gain a network foothold.
https://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms
Claroty
The Silent Spy Among Us: Smart Intercom Attacks
π9β€1