Nexus: The Latest Android Banking Trojan with SOVA Connections
https://blog.cyble.com/2023/03/09/nexus-the-latest-android-banking-trojan-with-sova-connections/
https://blog.cyble.com/2023/03/09/nexus-the-latest-android-banking-trojan-with-sova-connections/
π11π1
Xenomorph Introduces ATS (Automated Transfer Systems) and over 400 targets
"Xenomorph v3 is capable of performing the whole fraud chain, from infection, to the automated transfer using ATS, passing by PII exfiltration using Keylogging and Overlay attacks"
https://www.threatfabric.com/blogs/xenomorph-v3-new-variant-with-ats.html
"Xenomorph v3 is capable of performing the whole fraud chain, from infection, to the automated transfer using ATS, passing by PII exfiltration using Keylogging and Overlay attacks"
https://www.threatfabric.com/blogs/xenomorph-v3-new-variant-with-ats.html
ThreatFabric
Xenomorph v3: a new variant with ATS targeting more than 400 institutions
A new variant of Xenomorph appears on the horizon: Hadoken Security group advertises the latest version of their product, complete with ATS modules and Cookie session stealer.
π14
Building an Evil USB-C dock station using Rapsberry Pi Zero W (P4wnP1 A.L.O.A.)
https://research.aurainfosec.io/pentest/threat-on-your-desk-evil-usbc-dock/
https://research.aurainfosec.io/pentest/threat-on-your-desk-evil-usbc-dock/
Aura Research Division
The Threat on Your Desk: Building an Evil USB-C Dock
BadUSB attacks have been a threat for years, but is the USB-C dock sitting on your desk the latest threat in disguise?
π18
13 vulnerabilities discovered in smart intercom Akuvox E11 device
The vulnerabilities could allow attackers to execute code remotely in order to activate and control the deviceβs camera and microphone, steal video and images, or gain a network foothold.
https://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms
The vulnerabilities could allow attackers to execute code remotely in order to activate and control the deviceβs camera and microphone, steal video and images, or gain a network foothold.
https://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms
Claroty
The Silent Spy Among Us: Smart Intercom Attacks
π9β€1
Exploring iOS Applications with Frida and Objection: Basic Commands for Pentesting
https://medium.com/@mk2011sharma/exploring-ios-applications-with-frida-and-objection-basic-commands-for-pentesting-4c637dbeb9fd
https://medium.com/@mk2011sharma/exploring-ios-applications-with-frida-and-objection-basic-commands-for-pentesting-4c637dbeb9fd
Medium
Exploring iOS Applications with Frida and Objection: Basic Commands for Pentesting
Mobile application Pentesting is an essential part of securing any organizationβs mobile assets. To perform thorough penetration testing, aβ¦
π17β€1
Android Application Security Testing Series Part β One
https://medium.com/@mk2011sharma/android-application-security-testing-series-part-one-5c346948fb27
https://medium.com/@mk2011sharma/android-application-security-testing-series-part-one-5c346948fb27
Medium
Android Application Security Testing Series Part β One
Android has become the most popular mobile operating system globally, with a market share of around 72%. With such widespread use, securityβ¦
π15
GoatRAT: Android Banking Trojan Variant Targeting Brazilian Banks
https://blog.cyble.com/2023/03/14/goatrat-android-banking-trojan-variant-targeting-brazilian-banks/
https://blog.cyble.com/2023/03/14/goatrat-android-banking-trojan-variant-targeting-brazilian-banks/
Cyble
GoatRAT: Banking Trojan Targeting Brazil
Read Cyble Research & Intelligence Labs' Analysis of GoatRat, a Banking Trojan targeting Brazilian banks via the ATS framework.
π14
South Korean Android Banking Menace β FakeCalls #VoicePhishing #AndroidMalware
https://research.checkpoint.com/2023/south-korean-android-banking-menace-fakecalls/
https://research.checkpoint.com/2023/south-korean-android-banking-menace-fakecalls/
Check Point Research
South Korean Android Banking Menace β FakeCalls - Check Point Research
Research by: Bohdan Melnykov, Raman Ladutska When malware actors want to enter the business, they can choose markets where their profit is almost guaranteed to be worth the effort β according to past results. The malware does not need to be high profile,β¦
π13
The state of stalkerware in 2022
https://securelist.com/the-state-of-stalkerware-in-2022/108985/
https://securelist.com/the-state-of-stalkerware-in-2022/108985/
Securelist
The state of stalkerware in 2022
In 2022, Kaspersky data shows that 29,312 unique individuals around the world were affected by stalkerware. We detected 182 different stalkerware apps, the most popular one was Reptilicus.
π13π₯°3β€1
Trojanized WhatsApp and Telegram apps replace cryptocurrency wallet addresses in messages
Some of them use OCR to recognize mnemonic phrase text from screenshots and photos stored on the devices to steal cryptocurrency funds
https://www.welivesecurity.com/2023/03/16/not-so-private-messaging-trojanized-whatsapp-telegram-cryptocurrency-wallets/
Some of them use OCR to recognize mnemonic phrase text from screenshots and photos stored on the devices to steal cryptocurrency funds
https://www.welivesecurity.com/2023/03/16/not-so-private-messaging-trojanized-whatsapp-telegram-cryptocurrency-wallets/
WeLiveSecurity
Notβsoβprivate messaging: Trojanized WhatsApp and Telegram apps go after cryptocurrency wallets
ESET researchers analyzed Android and Windows clippers that can tamper with instant messages and use OCR to steal cryptocurrency funds.
π20β€2
Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems affecting multiple Android devices
https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
projectzero.google
Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems - Project Zero
Posted by Tim Willis, Project Zero In late 2022 and early 2023, Project Zero reported eighteen 0-day vulnerabilities in Exynos Modems produced by Samsung S...
π19
Exploiting aCropalypse: Recovering Truncated PNGs (CVE-2023-21036)
Vulnerability in the Google Pixel's inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot.
https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html
Report: https://issuetracker.google.com/issues/180526528
Vulnerability online test: https://acropalypse.app/
Vulnerability in the Google Pixel's inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot.
https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html
Report: https://issuetracker.google.com/issues/180526528
Vulnerability online test: https://acropalypse.app/
π14
Reverse engineering of Joker malware found on Google Play Store
https://medium.com/@themalwarebug/reverse-engineering-of-joker-malware-e97376db4810
https://medium.com/@themalwarebug/reverse-engineering-of-joker-malware-e97376db4810
Medium
Reverse engineering of Joker Malware
Hello guys,Hope you are doing good.Here is technical analysis of another android malware named Joker also known as bread toll_fraud,whichβ¦
π7π±4π3π€2π₯°1
Bluehat 2023: Android Malware Obfuscation
Overview of multiple Android Malware Obfuscation techniques, along with their implementations and disadvantages
https://youtu.be/Bf-49tgDXW0
Overview of multiple Android Malware Obfuscation techniques, along with their implementations and disadvantages
https://youtu.be/Bf-49tgDXW0
YouTube
Bluehat 2023: Android Malware Obfuscation
This is a recording of a quick talk I gave in early 2023 at the Bluehat Security conference. The presentation gives an overview of multiple Android Malware Obfuscation techniques, along with their implementations and disadvantages.
Timestamps:
00:00 Introβ¦
Timestamps:
00:00 Introβ¦
π15π₯3
JADXecute - plugin for JADX that adds Dynamic Code Execution abilities
With JADXecute, you can dynamically run Java code to modify or print components of the jadx-gui output
https://github.com/LaurieWired/JADXecute
With JADXecute, you can dynamically run Java code to modify or print components of the jadx-gui output
https://github.com/LaurieWired/JADXecute
GitHub
GitHub - LaurieWired/JADXecute: JADX-gui scripting plugin for dynamic decompiler manipulation
JADX-gui scripting plugin for dynamic decompiler manipulation - LaurieWired/JADXecute
π16π₯6β€1
Nexus: a new Android botnet based on SOVA banker
https://www.cleafy.com/cleafy-labs/nexus-a-new-android-botnet
https://www.cleafy.com/cleafy-labs/nexus-a-new-android-botnet
Cleafy
Nexus: a new Android botnet? | Cleafy Labs
A new Android banking trojan might be spreading under the name of Nexus. It is promoted via a MaaS subscription and it contains some relations with an already known SOVA banking trojan. Read the full article to know more about this new player in cybercrime.
π18β€1
Near-Ultrasound Inaudible Trojan (NUIT): Exploit smartphone speaker voice assistants with inaudible sound to perform commands
Paper: https://sites.google.com/view/nuitattack/home
Video demo: https://youtu.be/TUnPFR35AR4
Paper: https://sites.google.com/view/nuitattack/home
Video demo: https://youtu.be/TUnPFR35AR4
Google
NUIT Attack
NUIT-1
π15
iMessage and OpenGraph for Fun and Profit
Forge domain name in website preview shared in iMessage app
https://persist.tools/posts/imessage_og.html
Forge domain name in website preview shared in iMessage app
https://persist.tools/posts/imessage_og.html
π6β€1
XSS vulnerability discovered in Android and iOS WordPress app plugin WPMobile.App (CVE-2023-22702)
https://patchstack.com/database/vulnerability/wpappninja/wordpress-wpmobile-app-android-and-ios-mobile-application-plugin-11-13-cross-site-scripting-xss-vulnerability
https://patchstack.com/database/vulnerability/wpappninja/wordpress-wpmobile-app-android-and-ios-mobile-application-plugin-11-13-cross-site-scripting-xss-vulnerability
Patchstack
WordPress WPMobile.App β Android and iOS Mobile Application plugin <= 11.13 - Cross Site Scripting (XSS) vulnerability - Patchstack
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π16
For the first time Windows Ursnif banking trojan campaigns started to target Android users via DroidJack RAT received from email
https://cert--agid-gov-it.translate.goog/news/ursnif-approda-nel-mondo-delle-app-mobile-lapk-droidjack-viene-veicolato-come-comunicazione-agenzia-delle-entrate/?s=03&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en
https://cert--agid-gov-it.translate.goog/news/ursnif-approda-nel-mondo-delle-app-mobile-lapk-droidjack-viene-veicolato-come-comunicazione-agenzia-delle-entrate/?s=03&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en
CERT-AGID
Ursnif approda nel mondo delle app mobile: lβAPK DroidJack viene veicolato come comunicazione Agenzia delle Entrate
π6