DAAM Android Botnet being distributed through Trojanized Applications
https://blog.cyble.com/2023/04/20/daam-android-botnet-being-distributed-through-trojanized-applications/
https://blog.cyble.com/2023/04/20/daam-android-botnet-being-distributed-through-trojanized-applications/
Cyble
DAAM Botnet Spread Via Trojanized Android Apps
Discover how Cyble Research & Intelligence Labs analyzes Trojanized Android apps distributing the DAAM botnet, including a malicious Psiphon variant.
๐9โค2
The Fuzzing Guide to the Galaxy: An Attempt with Android System Services
https://blog.thalium.re/posts/fuzzing-samsung-system-services/
https://blog.thalium.re/posts/fuzzing-samsung-system-services/
THALIUM
The Fuzzing Guide to the Galaxy: An Attempt with Android System Services
Although the Android base is open source, many different constructors customize it with their own UIs and APIs. All these additions represent an extra attack surface that can change from one phone model to another. We tried to automatically fuzz the closedโฆ
๐9
Fakecalls Android Malware Abuses Legitimate Signing Key
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fakecalls-android-malware-abusing-legitimate-signing-key/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fakecalls-android-malware-abusing-legitimate-signing-key/
McAfee Blog
Fakecalls Android Malware Abuses Legitimate Signing Key | McAfee Blog
Authored by Dexter Shin McAfee Mobile Research Team found an Android banking trojan signed with a key used by legitimate apps in South Korea last year.
๐19โค2
HiddenAds Spread via Android Gaming Apps on Google Play
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/hiddenads-spread-via-android-gaming-apps-on-google-play/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/hiddenads-spread-via-android-gaming-apps-on-google-play/
McAfee Blog
HiddenAds Spread via Android Gaming Apps on Google Play | McAfee Blog
Authored by Dexter Shin Minecraft is a popular video game that can be played on a desktop or mobile. This is a sandbox game developed by Mojang Studios.
๐13๐ฅฑ1
Mobile Hacking Cheatsheets
Android and iOS pentesting, forensics, debugging and fuzzing cheatsheets
https://github.com/randorisec/MobileHackingCheatSheet/tree/master/pdf
Android and iOS pentesting, forensics, debugging and fuzzing cheatsheets
https://github.com/randorisec/MobileHackingCheatSheet/tree/master/pdf
๐41๐ฅ3โค2๐ค1
Google Play Store bad apps and developers review in 2022
-blocked 1.43 million apps to be available on the Store
-banned 173K bad accounts
-prevented 500K submitted apps from unnecessarily accessing sensitive permissions over the past 3 years
-expanded the App Defense Alliance (McAfee, Trend Micro, ESET, Lookout, Zimperium)
https://security.googleblog.com/2023/04/how-we-fought-bad-apps-and-bad-actors.html
-blocked 1.43 million apps to be available on the Store
-banned 173K bad accounts
-prevented 500K submitted apps from unnecessarily accessing sensitive permissions over the past 3 years
-expanded the App Defense Alliance (McAfee, Trend Micro, ESET, Lookout, Zimperium)
https://security.googleblog.com/2023/04/how-we-fought-bad-apps-and-bad-actors.html
Google Online Security Blog
How we fought bad apps and bad actors in 2022
Posted by Anu Yamunan and Khawaja Shams (Android Security and Privacy Team), and Mohet Saxena (Compute Trust and Safety) Keeping Google P...
๐10๐ค4โค1
Android Deep Link Issues And WebView Exploitation
https://8ksec.io/android-deeplink-and-webview-exploitation-8ksec-blogs/
https://8ksec.io/android-deeplink-and-webview-exploitation-8ksec-blogs/
๐16โค4๐ฅ1
Android Java code translation into native code to thwart AV detection
Video: https://youtu.be/UcdMx-te2NE
Slides and materials: https://github.com/LaurieWired/AndroidNativeObfuscation_defcon615
Video: https://youtu.be/UcdMx-te2NE
Slides and materials: https://github.com/LaurieWired/AndroidNativeObfuscation_defcon615
YouTube
Android Undercover: Native Code Translation for AV Stealth - DC615/DEF CON Nashville
This is a live recording of a talk I gave at DEFCON (DC615) Nashville. The presentation explores how translating Java code into Native code thwarts many AV detections.
First, I go over a live example of translating Android Java code into Native code, andโฆ
First, I go over a live example of translating Android Java code into Native code, andโฆ
๐15๐3
BouldSpy (DAAM) - Android Spyware Tied to Iranian Police Targeting Minorities
https://www.lookout.com/blog/iranian-spyware-bouldspy
https://www.lookout.com/blog/iranian-spyware-bouldspy
Lookout
BouldSpy: Android Spyware Tied to Iranian Police Targets Minorities | Threat Intel
Researchers at the Lookout Threat Lab have discovered a new Android surveillance tied to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA).
๐12
Smartphones With Qualcomm Chip Secretly Share Private Information With US Chip-Maker
"Smart phones with Qualcomm chip secretly send personal data to Qualcomm. This data is sent without user consent, unencrypted, and even when using a Google-free Android distribution."
https://www.nitrokey.com/news/2023/smartphones-popular-qualcomm-chip-secretly-share-private-information-us-chip-maker
"Smart phones with Qualcomm chip secretly send personal data to Qualcomm. This data is sent without user consent, unencrypted, and even when using a Google-free Android distribution."
https://www.nitrokey.com/news/2023/smartphones-popular-qualcomm-chip-secretly-share-private-information-us-chip-maker
Nitrokey
Smartphones With Popular Qualcomm Chip Secretly Share Private Information With US Chip-Maker
๐11๐2๐ค2โค1๐ฅ1
Androset: Automated script to convert and push Burp Suite certificate in Android, and modify Android's IP table to redirect all traffic to Burp Suite
https://github.com/Anof-cyber/Androset
https://github.com/Anof-cyber/Androset
GitHub
GitHub - Anof-cyber/Androset: Automated script to convert and push Burp Suite certificate in Android, and modify Android's IP tableโฆ
Automated script to convert and push Burp Suite certificate in Android, and modify Android's IP table to redirect all traffic to Burp Suite. - Anof-cyber/Androset
๐11
Android TV Boxes: AllWinner H616/H618 & RockChip 3328 Android Malware Analysis & Cleanup
https://github.com/DesktopECHO/T95-H616-Malware
https://github.com/DesktopECHO/T95-H616-Malware
GitHub
GitHub - DesktopECHO/T95-H616-Malware: "Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes
"Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes - DesktopECHO/T95-H616-Malware
๐9๐ฅ1
Android greybox fuzzing with AFL++ Frida mode
https://blog.quarkslab.com/android-greybox-fuzzing-with-afl-frida-mode.html
https://blog.quarkslab.com/android-greybox-fuzzing-with-afl-frida-mode.html
Quarkslab
Android greybox fuzzing with AFL++ Frida mode - Quarkslab's blog
This article is about greybox fuzzing of userland targets that can be encountered in Android using AFL++ and its Frida mode. We also discuss how to target JNI functions, to test the native features invoked by Java code.
๐13
Vulnerabilities identified in Amazon Fire TV Stick
1) Local network PIN brute forcing (CVE-2023-1385)
2) Arbitrary Javascript code to execution (CVE-2023-1384)
3) Register services that are only locally accessible (CVE-2023-1383)
https://www.bitdefender.com/files/News/CaseStudies/study/430/Bitdefender-PR-Whitepaper-AMZFr-creat6696-en-EN.pdf
1) Local network PIN brute forcing (CVE-2023-1385)
2) Arbitrary Javascript code to execution (CVE-2023-1384)
3) Register services that are only locally accessible (CVE-2023-1383)
https://www.bitdefender.com/files/News/CaseStudies/study/430/Bitdefender-PR-Whitepaper-AMZFr-creat6696-en-EN.pdf
๐7๐ฅ7โค1๐ค1
Flutter Hackers: Understand and reverse engineere Flutter APK Release Mode with Frida
Part 1: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-1-6c316be56b13
Part 2: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-2-598a44942b5e
Part 1: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-1-6c316be56b13
Part 2: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-2-598a44942b5e
Medium
Flutter Hackers: Uncovering the Devโs Myopia (Part 1)
Life hack for understanding Flutter Application through source code leaks
๐11๐3
Arbitrary code execution discoverd in Android imo-International Calls & Chat with 1B installs up to version 2022.11.1051 (CVE-2022-47757)
A path traversal vulnerability delivered using a deeplink can force the IMO app to write files into its data directory. This allows an attacker to write a library file that the app uses to dynamically load modules
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47757
A path traversal vulnerability delivered using a deeplink can force the IMO app to write files into its data directory. This allows an attacker to write a library file that the app uses to dynamically load modules
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47757
cve.mitre.org
CVE -
CVE-2022-47757
CVE-2022-47757
The mission of the CVEยฎ Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
๐11โค1
FluHorse โ Newly Discovered Android Malware Disguised as Popular Android Apps Targeting East Asia to steal victim credentials and 2FA codes
https://research.checkpoint.com/2023/eastern-asian-android-assault-fluhorse/
https://research.checkpoint.com/2023/eastern-asian-android-assault-fluhorse/
Check Point Research
Eastern Asian Android Assault - FluHorse - Check Point Research
Research by: Alex Shamshur, Sam Handelman, Raman Ladutska, Ohad Mana Introduction In the latest research conducted by Check Point Research, we describe a newly discovered malware called FluHorse. The malware features several malicious Android applicationsโฆ
๐13๐ค2โค1
Mobile Threats Report for Q1/2023 by Avast
https://decoded.avast.io/threatresearch/avast-q1-2023-threat-report/#mobile
https://decoded.avast.io/threatresearch/avast-q1-2023-threat-report/#mobile
Avast Threat Labs
Avast Q1/2023 Threat Report - Avast Threat Labs
Social Engineering Dominance, Rising Tide of Information-Stealers, and OneNote Abused by Malware Groups
๐10๐ค1