Reverse engineering of Joker malware found on Google Play Store
https://medium.com/@themalwarebug/reverse-engineering-of-joker-malware-e97376db4810
https://medium.com/@themalwarebug/reverse-engineering-of-joker-malware-e97376db4810
Medium
Reverse engineering of Joker Malware
Hello guys,Hope you are doing good.Here is technical analysis of another android malware named Joker also known as bread toll_fraud,whichβ¦
π7π±4π3π€2π₯°1
Bluehat 2023: Android Malware Obfuscation
Overview of multiple Android Malware Obfuscation techniques, along with their implementations and disadvantages
https://youtu.be/Bf-49tgDXW0
Overview of multiple Android Malware Obfuscation techniques, along with their implementations and disadvantages
https://youtu.be/Bf-49tgDXW0
YouTube
Bluehat 2023: Android Malware Obfuscation
This is a recording of a quick talk I gave in early 2023 at the Bluehat Security conference. The presentation gives an overview of multiple Android Malware Obfuscation techniques, along with their implementations and disadvantages.
Timestamps:
00:00 Introβ¦
Timestamps:
00:00 Introβ¦
π15π₯3
JADXecute - plugin for JADX that adds Dynamic Code Execution abilities
With JADXecute, you can dynamically run Java code to modify or print components of the jadx-gui output
https://github.com/LaurieWired/JADXecute
With JADXecute, you can dynamically run Java code to modify or print components of the jadx-gui output
https://github.com/LaurieWired/JADXecute
GitHub
GitHub - LaurieWired/JADXecute: JADX-gui scripting plugin for dynamic decompiler manipulation
JADX-gui scripting plugin for dynamic decompiler manipulation - LaurieWired/JADXecute
π16π₯6β€1
Nexus: a new Android botnet based on SOVA banker
https://www.cleafy.com/cleafy-labs/nexus-a-new-android-botnet
https://www.cleafy.com/cleafy-labs/nexus-a-new-android-botnet
Cleafy
Nexus: a new Android botnet? | Cleafy Labs
A new Android banking trojan might be spreading under the name of Nexus. It is promoted via a MaaS subscription and it contains some relations with an already known SOVA banking trojan. Read the full article to know more about this new player in cybercrime.
π18β€1
Near-Ultrasound Inaudible Trojan (NUIT): Exploit smartphone speaker voice assistants with inaudible sound to perform commands
Paper: https://sites.google.com/view/nuitattack/home
Video demo: https://youtu.be/TUnPFR35AR4
Paper: https://sites.google.com/view/nuitattack/home
Video demo: https://youtu.be/TUnPFR35AR4
Google
NUIT Attack
NUIT-1
π15
iMessage and OpenGraph for Fun and Profit
Forge domain name in website preview shared in iMessage app
https://persist.tools/posts/imessage_og.html
Forge domain name in website preview shared in iMessage app
https://persist.tools/posts/imessage_og.html
π6β€1
XSS vulnerability discovered in Android and iOS WordPress app plugin WPMobile.App (CVE-2023-22702)
https://patchstack.com/database/vulnerability/wpappninja/wordpress-wpmobile-app-android-and-ios-mobile-application-plugin-11-13-cross-site-scripting-xss-vulnerability
https://patchstack.com/database/vulnerability/wpappninja/wordpress-wpmobile-app-android-and-ios-mobile-application-plugin-11-13-cross-site-scripting-xss-vulnerability
Patchstack
WordPress WPMobile.App β Android and iOS Mobile Application plugin <= 11.13 - Cross Site Scripting (XSS) vulnerability - Patchstack
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π16
For the first time Windows Ursnif banking trojan campaigns started to target Android users via DroidJack RAT received from email
https://cert--agid-gov-it.translate.goog/news/ursnif-approda-nel-mondo-delle-app-mobile-lapk-droidjack-viene-veicolato-come-comunicazione-agenzia-delle-entrate/?s=03&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en
https://cert--agid-gov-it.translate.goog/news/ursnif-approda-nel-mondo-delle-app-mobile-lapk-droidjack-viene-veicolato-come-comunicazione-agenzia-delle-entrate/?s=03&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en
CERT-AGID
Ursnif approda nel mondo delle app mobile: lβAPK DroidJack viene veicolato come comunicazione Agenzia delle Entrate
π6
Chinese Pinduoduo app exploited system vulnerabilities to escalate privileges to download and execute backdoors and gain unauthorized access to user data, notifications and files. The app was also removed from Google Play Store.
Original research: https://mp.weixin.qq.com/s/P_EYQxOEupqdU0BJMRqWsw
Context article: https://krebsonsecurity.com/2023/03/google-suspends-chinese-e-commerce-app-pinduoduo-over-malware/
New analysis report: https://github.com/davincifans101/pinduoduo_backdoor_detailed_report/blob/main/report_en.pdf
Original research: https://mp.weixin.qq.com/s/P_EYQxOEupqdU0BJMRqWsw
Context article: https://krebsonsecurity.com/2023/03/google-suspends-chinese-e-commerce-app-pinduoduo-over-malware/
New analysis report: https://github.com/davincifans101/pinduoduo_backdoor_detailed_report/blob/main/report_en.pdf
π5β€1
ARM TrustZone: pivoting to the secure world
https://thalium.github.io/blog/posts/pivoting_to_the_secure_world/
https://thalium.github.io/blog/posts/pivoting_to_the_secure_world/
π8
Spyware vendors use 0-days and n-days against Android and iOS
https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/
https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/
Google
Spyware vendors use 0-days and n-days against popular platforms
Googleβs Threat Analysis Group (TAG) tracks actors involved in information operations (IO), government backed attacks and financially motivated abuse. For years, TAG hasβ¦
π8π€2π1
Android GoatRAT Banker Attacks Automated Payment Systems
https://labs.k7computing.com/index.php/goatrat-attacks-automated-payment-systems/
https://labs.k7computing.com/index.php/goatrat-attacks-automated-payment-systems/
K7 Labs
GoatRAT Attacks Automated Payment Systems
Recently, we came across a detection in our telemetry report named βcom.goatmwβ which gained our attention. We decided to investigate [β¦]
π9β€2π2
MacStealer: Wi-Fi Client Isolation Bypass
MacStealer can test Wi-Fi networks for client isolation bypasses (CVE-2022-47522) to intercept (steal) traffic toward other clients at the MAC layer
https://github.com/vanhoefm/macstealer
MacStealer can test Wi-Fi networks for client isolation bypasses (CVE-2022-47522) to intercept (steal) traffic toward other clients at the MAC layer
https://github.com/vanhoefm/macstealer
GitHub
GitHub - vanhoefm/macstealer: MacStealer: Wi-Fi Client Isolation Bypass
MacStealer: Wi-Fi Client Isolation Bypass. Contribute to vanhoefm/macstealer development by creating an account on GitHub.
π12β€3π₯2
Mobile Pentesting 101 β How to set up your Android Environment
https://securitycafe.ro/2023/04/03/mobile-pentesting-101-how-to-set-up-your-android-environment/
https://securitycafe.ro/2023/04/03/mobile-pentesting-101-how-to-set-up-your-android-environment/
Security CafΓ©
Mobile Pentesting 101 β How to set up your Android Environment
This article gives an idea about how your Android pentesting environment should look like. What tools should I use? Do I really need a physical device? Do I need a rooted device to pentest an appliβ¦
π16β€1π1
Android Parcels: Introducing Android's Safer Parcel
https://youtu.be/qIzMKfOmIAA
https://youtu.be/qIzMKfOmIAA
YouTube
Android Parcels: The Bad, the Good and the Better - Introducing Android's Safer Parcel
Parcel is the serialization mechanism in Android and is behind almost every OS cross-process interaction. Parcelable implementations have been the source of vulnerabilities in Android for ~8 years, often rated high severity and weaponized by malware authorsβ¦
π13β€1
Set Up an Android Hacking Lab for $0
https://www.trustedsec.com/blog/set-up-an-android-hacking-lab-for-0/
https://www.trustedsec.com/blog/set-up-an-android-hacking-lab-for-0/
TrustedSec
Set Up an Android Hacking Lab for $0
Prerequisites: Python3 - https://www.python.org/downloads/ Android Studio - https://developer.android.com/studio Android Platform-Tools -β¦
π22
Moqhao (Shaoye aka XLoader) malware operated by Yanbian group can bypass text-based CAPTCHAs #RoamingMantis
This feature is used in combination with brute-force attacks on wireless routerβs web interfaces to compromise routers and perform DNS hijacking attacks.
https://www.telekom.com/en/blog/group/article/moqhao-masters-new-tricks-1031484
This feature is used in combination with brute-force attacks on wireless routerβs web interfaces to compromise routers and perform DNS hijacking attacks.
https://www.telekom.com/en/blog/group/article/moqhao-masters-new-tricks-1031484
Telekom
Moqhao masters new tricks
News from the Moqhao malware family. It attacks Android smartphones and has now even learned to overcome CAPTCHA.
π12π¨2π€1
How to intercept network trafic on Android
https://github.com/LabCIF-Tutorials/Tutorial-AndroidNetworkInterception
https://github.com/LabCIF-Tutorials/Tutorial-AndroidNetworkInterception
GitHub
GitHub - LabCIF-Tutorials/Tutorial-AndroidNetworkInterception: How to intercept network trafic on Android
How to intercept network trafic on Android. Contribute to LabCIF-Tutorials/Tutorial-AndroidNetworkInterception development by creating an account on GitHub.
π19
Configuring an Android Phone for Pentesting
https://www.blackhillsinfosec.com/start-to-finish-configuring-an-android-phone-for-pentesting/
https://www.blackhillsinfosec.com/start-to-finish-configuring-an-android-phone-for-pentesting/
Black Hills Information Security, Inc.
Start to Finish: Configuring an Android Phone for Pentesting - Black Hills Information Security, Inc.
Jeff Barbi // *Guest Post Background Unless youβre pentesting mobile apps consistently, itβs easy for your methodologies to fall out of date. Each new version of Android brings with it [β¦]
π16
Pwning Pixel 6 with a leftover patch
https://github.blog/2023-04-06-pwning-pixel-6-with-a-leftover-patch/
https://github.blog/2023-04-06-pwning-pixel-6-with-a-leftover-patch/
The GitHub Blog
Pwning Pixel 6 with a leftover patch
In this post, Iβll look at a security-related change in version r40p0 of the Arm Mali driver that was AWOL in the January update of the Pixel bulletin, where other patches from r40p0 was applied, and how these two lines of changes can be exploited to gainβ¦
π7π3β€1
iOS Penetration Testing Cheat Sheet
https://github.com/ivan-sincek/ios-penetration-testing-cheat-sheet
https://github.com/ivan-sincek/ios-penetration-testing-cheat-sheet
GitHub
GitHub - ivan-sincek/ios-penetration-testing-cheat-sheet: Work in progress...
Work in progress... Contribute to ivan-sincek/ios-penetration-testing-cheat-sheet development by creating an account on GitHub.
π13β€4