SameSite cookie bypass on Android by redirecting to to intent-picker with PoC code ($5,000 bounty)
https://bugs.chromium.org/p/chromium/issues/detail?id=1368230
https://bugs.chromium.org/p/chromium/issues/detail?id=1368230
π10
Mobile Threat Report by McAfee 2023
https://www.mcafee.com/content/dam/consumer/en-us/docs/reports/rp-mobile-threat-report-feb-2023.pdf
https://www.mcafee.com/content/dam/consumer/en-us/docs/reports/rp-mobile-threat-report-feb-2023.pdf
π10
Android Meterpreter commands
(UHD quality: https://github.com/Ignitetechnologies/Mindmap/tree/main/Metasploit)
(UHD quality: https://github.com/Ignitetechnologies/Mindmap/tree/main/Metasploit)
π27β€1
Android Malware Analysis: Malicious Australian Taxation Office app
https://n0psn0ps.github.io/2023/03/02/android-malware-analysis-series-ato.apk-part-3.1/
https://n0psn0ps.github.io/2023/03/02/android-malware-analysis-series-ato.apk-part-3.1/
n0ps
Android Malware Analysis Series - ATO.apk - Part 3.1
Permanent dark(er) theme for Poole
π11
Online shopping Android app - SHEIN - with 100M+ installs transmitted clipboard data to remote servers
https://www.microsoft.com/en-us/security/blog/2023/03/06/protecting-android-clipboard-content-from-unintended-exposure/
https://www.microsoft.com/en-us/security/blog/2023/03/06/protecting-android-clipboard-content-from-unintended-exposure/
Microsoft News
Protecting Android clipboard content from unintended exposure
An old version of the SHEIN Android app periodically read the contents of the Android device clipboard & sent the contents to a remote server.
π13π₯΄6π₯1
Android, Notify Me When It Is Time To Go Phishing
https://www.s3.eurecom.fr/post/2023/03/06/android-notify-me-when-it-is-time-to-go-phishing/
Paper: https://www.s3.eurecom.fr/docs/eurosp23_inotify.pdf
https://www.s3.eurecom.fr/post/2023/03/06/android-notify-me-when-it-is-time-to-go-phishing/
Paper: https://www.s3.eurecom.fr/docs/eurosp23_inotify.pdf
www.s3.eurecom.fr
Android, notify me when it is time to go phishing | S3
The S3 Software and System Security Group @ EURECOM website.
π8β€2π±2π₯1π1
Android espionage attributed to #TransparentTribe #APT36 hacking group impersonated secure messaging apps to target Indian and Pakistani officials
https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/
https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/
WeLiveSecurity
Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials
ESET researchers analyze a campaign that has been distributing CapraRAT backdoors through trojanized and supposedly secure Android messaging apps.
π10
Nexus: The Latest Android Banking Trojan with SOVA Connections
https://blog.cyble.com/2023/03/09/nexus-the-latest-android-banking-trojan-with-sova-connections/
https://blog.cyble.com/2023/03/09/nexus-the-latest-android-banking-trojan-with-sova-connections/
π11π1
Xenomorph Introduces ATS (Automated Transfer Systems) and over 400 targets
"Xenomorph v3 is capable of performing the whole fraud chain, from infection, to the automated transfer using ATS, passing by PII exfiltration using Keylogging and Overlay attacks"
https://www.threatfabric.com/blogs/xenomorph-v3-new-variant-with-ats.html
"Xenomorph v3 is capable of performing the whole fraud chain, from infection, to the automated transfer using ATS, passing by PII exfiltration using Keylogging and Overlay attacks"
https://www.threatfabric.com/blogs/xenomorph-v3-new-variant-with-ats.html
ThreatFabric
Xenomorph v3: a new variant with ATS targeting more than 400 institutions
A new variant of Xenomorph appears on the horizon: Hadoken Security group advertises the latest version of their product, complete with ATS modules and Cookie session stealer.
π14
Building an Evil USB-C dock station using Rapsberry Pi Zero W (P4wnP1 A.L.O.A.)
https://research.aurainfosec.io/pentest/threat-on-your-desk-evil-usbc-dock/
https://research.aurainfosec.io/pentest/threat-on-your-desk-evil-usbc-dock/
Aura Research Division
The Threat on Your Desk: Building an Evil USB-C Dock
BadUSB attacks have been a threat for years, but is the USB-C dock sitting on your desk the latest threat in disguise?
π18
13 vulnerabilities discovered in smart intercom Akuvox E11 device
The vulnerabilities could allow attackers to execute code remotely in order to activate and control the deviceβs camera and microphone, steal video and images, or gain a network foothold.
https://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms
The vulnerabilities could allow attackers to execute code remotely in order to activate and control the deviceβs camera and microphone, steal video and images, or gain a network foothold.
https://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms
Claroty
The Silent Spy Among Us: Smart Intercom Attacks
π9β€1
Exploring iOS Applications with Frida and Objection: Basic Commands for Pentesting
https://medium.com/@mk2011sharma/exploring-ios-applications-with-frida-and-objection-basic-commands-for-pentesting-4c637dbeb9fd
https://medium.com/@mk2011sharma/exploring-ios-applications-with-frida-and-objection-basic-commands-for-pentesting-4c637dbeb9fd
Medium
Exploring iOS Applications with Frida and Objection: Basic Commands for Pentesting
Mobile application Pentesting is an essential part of securing any organizationβs mobile assets. To perform thorough penetration testing, aβ¦
π17β€1
Android Application Security Testing Series Part β One
https://medium.com/@mk2011sharma/android-application-security-testing-series-part-one-5c346948fb27
https://medium.com/@mk2011sharma/android-application-security-testing-series-part-one-5c346948fb27
Medium
Android Application Security Testing Series Part β One
Android has become the most popular mobile operating system globally, with a market share of around 72%. With such widespread use, securityβ¦
π15
GoatRAT: Android Banking Trojan Variant Targeting Brazilian Banks
https://blog.cyble.com/2023/03/14/goatrat-android-banking-trojan-variant-targeting-brazilian-banks/
https://blog.cyble.com/2023/03/14/goatrat-android-banking-trojan-variant-targeting-brazilian-banks/
Cyble
GoatRAT: Banking Trojan Targeting Brazil
Read Cyble Research & Intelligence Labs' Analysis of GoatRat, a Banking Trojan targeting Brazilian banks via the ATS framework.
π14
South Korean Android Banking Menace β FakeCalls #VoicePhishing #AndroidMalware
https://research.checkpoint.com/2023/south-korean-android-banking-menace-fakecalls/
https://research.checkpoint.com/2023/south-korean-android-banking-menace-fakecalls/
Check Point Research
South Korean Android Banking Menace β FakeCalls - Check Point Research
Research by: Bohdan Melnykov, Raman Ladutska When malware actors want to enter the business, they can choose markets where their profit is almost guaranteed to be worth the effort β according to past results. The malware does not need to be high profile,β¦
π13
The state of stalkerware in 2022
https://securelist.com/the-state-of-stalkerware-in-2022/108985/
https://securelist.com/the-state-of-stalkerware-in-2022/108985/
Securelist
The state of stalkerware in 2022
In 2022, Kaspersky data shows that 29,312 unique individuals around the world were affected by stalkerware. We detected 182 different stalkerware apps, the most popular one was Reptilicus.
π13π₯°3β€1
Trojanized WhatsApp and Telegram apps replace cryptocurrency wallet addresses in messages
Some of them use OCR to recognize mnemonic phrase text from screenshots and photos stored on the devices to steal cryptocurrency funds
https://www.welivesecurity.com/2023/03/16/not-so-private-messaging-trojanized-whatsapp-telegram-cryptocurrency-wallets/
Some of them use OCR to recognize mnemonic phrase text from screenshots and photos stored on the devices to steal cryptocurrency funds
https://www.welivesecurity.com/2023/03/16/not-so-private-messaging-trojanized-whatsapp-telegram-cryptocurrency-wallets/
WeLiveSecurity
Notβsoβprivate messaging: Trojanized WhatsApp and Telegram apps go after cryptocurrency wallets
ESET researchers analyzed Android and Windows clippers that can tamper with instant messages and use OCR to steal cryptocurrency funds.
π20β€2
Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems affecting multiple Android devices
https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
projectzero.google
Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems - Project Zero
Posted by Tim Willis, Project Zero In late 2022 and early 2023, Project Zero reported eighteen 0-day vulnerabilities in Exynos Modems produced by Samsung S...
π19
Exploiting aCropalypse: Recovering Truncated PNGs (CVE-2023-21036)
Vulnerability in the Google Pixel's inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot.
https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html
Report: https://issuetracker.google.com/issues/180526528
Vulnerability online test: https://acropalypse.app/
Vulnerability in the Google Pixel's inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot.
https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html
Report: https://issuetracker.google.com/issues/180526528
Vulnerability online test: https://acropalypse.app/
π14