Google Play Store bad apps and developers review in 2022
-blocked 1.43 million apps to be available on the Store
-banned 173K bad accounts
-prevented 500K submitted apps from unnecessarily accessing sensitive permissions over the past 3 years
-expanded the App Defense Alliance (McAfee, Trend Micro, ESET, Lookout, Zimperium)
https://security.googleblog.com/2023/04/how-we-fought-bad-apps-and-bad-actors.html
-blocked 1.43 million apps to be available on the Store
-banned 173K bad accounts
-prevented 500K submitted apps from unnecessarily accessing sensitive permissions over the past 3 years
-expanded the App Defense Alliance (McAfee, Trend Micro, ESET, Lookout, Zimperium)
https://security.googleblog.com/2023/04/how-we-fought-bad-apps-and-bad-actors.html
Google Online Security Blog
How we fought bad apps and bad actors in 2022
Posted by Anu Yamunan and Khawaja Shams (Android Security and Privacy Team), and Mohet Saxena (Compute Trust and Safety) Keeping Google P...
๐10๐ค4โค1
Android Deep Link Issues And WebView Exploitation
https://8ksec.io/android-deeplink-and-webview-exploitation-8ksec-blogs/
https://8ksec.io/android-deeplink-and-webview-exploitation-8ksec-blogs/
๐16โค4๐ฅ1
Android Java code translation into native code to thwart AV detection
Video: https://youtu.be/UcdMx-te2NE
Slides and materials: https://github.com/LaurieWired/AndroidNativeObfuscation_defcon615
Video: https://youtu.be/UcdMx-te2NE
Slides and materials: https://github.com/LaurieWired/AndroidNativeObfuscation_defcon615
YouTube
Android Undercover: Native Code Translation for AV Stealth - DC615/DEF CON Nashville
This is a live recording of a talk I gave at DEFCON (DC615) Nashville. The presentation explores how translating Java code into Native code thwarts many AV detections.
First, I go over a live example of translating Android Java code into Native code, andโฆ
First, I go over a live example of translating Android Java code into Native code, andโฆ
๐15๐3
BouldSpy (DAAM) - Android Spyware Tied to Iranian Police Targeting Minorities
https://www.lookout.com/blog/iranian-spyware-bouldspy
https://www.lookout.com/blog/iranian-spyware-bouldspy
Lookout
BouldSpy: Android Spyware Tied to Iranian Police Targets Minorities | Threat Intel
Researchers at the Lookout Threat Lab have discovered a new Android surveillance tied to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA).
๐12
Smartphones With Qualcomm Chip Secretly Share Private Information With US Chip-Maker
"Smart phones with Qualcomm chip secretly send personal data to Qualcomm. This data is sent without user consent, unencrypted, and even when using a Google-free Android distribution."
https://www.nitrokey.com/news/2023/smartphones-popular-qualcomm-chip-secretly-share-private-information-us-chip-maker
"Smart phones with Qualcomm chip secretly send personal data to Qualcomm. This data is sent without user consent, unencrypted, and even when using a Google-free Android distribution."
https://www.nitrokey.com/news/2023/smartphones-popular-qualcomm-chip-secretly-share-private-information-us-chip-maker
Nitrokey
Smartphones With Popular Qualcomm Chip Secretly Share Private Information With US Chip-Maker
๐11๐2๐ค2โค1๐ฅ1
Androset: Automated script to convert and push Burp Suite certificate in Android, and modify Android's IP table to redirect all traffic to Burp Suite
https://github.com/Anof-cyber/Androset
https://github.com/Anof-cyber/Androset
GitHub
GitHub - Anof-cyber/Androset: Automated script to convert and push Burp Suite certificate in Android, and modify Android's IP tableโฆ
Automated script to convert and push Burp Suite certificate in Android, and modify Android's IP table to redirect all traffic to Burp Suite. - Anof-cyber/Androset
๐11
Android TV Boxes: AllWinner H616/H618 & RockChip 3328 Android Malware Analysis & Cleanup
https://github.com/DesktopECHO/T95-H616-Malware
https://github.com/DesktopECHO/T95-H616-Malware
GitHub
GitHub - DesktopECHO/T95-H616-Malware: "Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes
"Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes - DesktopECHO/T95-H616-Malware
๐9๐ฅ1
Android greybox fuzzing with AFL++ Frida mode
https://blog.quarkslab.com/android-greybox-fuzzing-with-afl-frida-mode.html
https://blog.quarkslab.com/android-greybox-fuzzing-with-afl-frida-mode.html
Quarkslab
Android greybox fuzzing with AFL++ Frida mode - Quarkslab's blog
This article is about greybox fuzzing of userland targets that can be encountered in Android using AFL++ and its Frida mode. We also discuss how to target JNI functions, to test the native features invoked by Java code.
๐13
Vulnerabilities identified in Amazon Fire TV Stick
1) Local network PIN brute forcing (CVE-2023-1385)
2) Arbitrary Javascript code to execution (CVE-2023-1384)
3) Register services that are only locally accessible (CVE-2023-1383)
https://www.bitdefender.com/files/News/CaseStudies/study/430/Bitdefender-PR-Whitepaper-AMZFr-creat6696-en-EN.pdf
1) Local network PIN brute forcing (CVE-2023-1385)
2) Arbitrary Javascript code to execution (CVE-2023-1384)
3) Register services that are only locally accessible (CVE-2023-1383)
https://www.bitdefender.com/files/News/CaseStudies/study/430/Bitdefender-PR-Whitepaper-AMZFr-creat6696-en-EN.pdf
๐7๐ฅ7โค1๐ค1
Flutter Hackers: Understand and reverse engineere Flutter APK Release Mode with Frida
Part 1: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-1-6c316be56b13
Part 2: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-2-598a44942b5e
Part 1: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-1-6c316be56b13
Part 2: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-2-598a44942b5e
Medium
Flutter Hackers: Uncovering the Devโs Myopia (Part 1)
Life hack for understanding Flutter Application through source code leaks
๐11๐3
Arbitrary code execution discoverd in Android imo-International Calls & Chat with 1B installs up to version 2022.11.1051 (CVE-2022-47757)
A path traversal vulnerability delivered using a deeplink can force the IMO app to write files into its data directory. This allows an attacker to write a library file that the app uses to dynamically load modules
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47757
A path traversal vulnerability delivered using a deeplink can force the IMO app to write files into its data directory. This allows an attacker to write a library file that the app uses to dynamically load modules
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47757
cve.mitre.org
CVE -
CVE-2022-47757
CVE-2022-47757
The mission of the CVEยฎ Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
๐11โค1
FluHorse โ Newly Discovered Android Malware Disguised as Popular Android Apps Targeting East Asia to steal victim credentials and 2FA codes
https://research.checkpoint.com/2023/eastern-asian-android-assault-fluhorse/
https://research.checkpoint.com/2023/eastern-asian-android-assault-fluhorse/
Check Point Research
Eastern Asian Android Assault - FluHorse - Check Point Research
Research by: Alex Shamshur, Sam Handelman, Raman Ladutska, Ohad Mana Introduction In the latest research conducted by Check Point Research, we describe a newly discovered malware called FluHorse. The malware features several malicious Android applicationsโฆ
๐13๐ค2โค1
Mobile Threats Report for Q1/2023 by Avast
https://decoded.avast.io/threatresearch/avast-q1-2023-threat-report/#mobile
https://decoded.avast.io/threatresearch/avast-q1-2023-threat-report/#mobile
Avast Threat Labs
Avast Q1/2023 Threat Report - Avast Threat Labs
Social Engineering Dominance, Rising Tide of Information-Stealers, and OneNote Abused by Malware Groups
๐10๐ค1
Fleckpe - A new family of Trojan subscribers discovered on Google Play #Jocker #Harly
https://securelist.com/fleckpe-a-new-family-of-trojan-subscribers-on-google-play/109643/
https://securelist.com/fleckpe-a-new-family-of-trojan-subscribers-on-google-play/109643/
Securelist
Subscription Trojans on Google Play
The new Trojan family, Fleckpe, spreads via Google Play inside photo editors and wallpapers, subscribing the unaware user to paid services.
๐13
Bypass Tiktok SSL pinning on Android devices
https://github.com/Eltion/Tiktok-SSL-Pinning-Bypass
https://github.com/Eltion/Tiktok-SSL-Pinning-Bypass
GitHub
Eltion/Tiktok-SSL-Pinning-Bypass
Bypass Tiktok SSL pinning on Android devices. Contribute to Eltion/Tiktok-SSL-Pinning-Bypass development by creating an account on GitHub.
๐20๐ค2
Meta (Facebook) Adversarial Threat Report for Q1 2023 (Android threats included)
https://about.fb.com/wp-content/uploads/2023/05/Meta-Quarterly-Adversarial-Threat-Report-Q1-2023.pdf
https://about.fb.com/wp-content/uploads/2023/05/Meta-Quarterly-Adversarial-Threat-Report-Q1-2023.pdf
๐8โค1
Analysis of Android SpyNote spyware targeting Indian Railway Catering and Tourism Corporation (IRCTC) users
https://labs.k7computing.com/index.php/spynote-targets-irctc-users/
https://labs.k7computing.com/index.php/spynote-targets-irctc-users/
K7 Labs
SpyNote targets IRCTC users
We at K7 Labs, recently came across an email message as shown in Figure 1, from Indian Railway Catering and [โฆ]
๐9
GSMA Mobile Telecommunications Security Landscape in 2022
(ransomware, malware, smsishing, spyware, SIM swap, eSIM fraud, supply chain attacks, critical national infrastructure attacks, human threat...)
https://www.gsma.com/security/wp-content/uploads/2023/02/GSMA-Mobile-Telecommunications-Security-Landscape-2023_v1_for-website.pdf
(ransomware, malware, smsishing, spyware, SIM swap, eSIM fraud, supply chain attacks, critical national infrastructure attacks, human threat...)
https://www.gsma.com/security/wp-content/uploads/2023/02/GSMA-Mobile-Telecommunications-Security-Landscape-2023_v1_for-website.pdf
๐8โค2
Three ways how to dynamically load code into an Android application at runtime
https://erev0s.com/blog/3-ways-for-dynamic-code-loading-in-android/
https://erev0s.com/blog/3-ways-for-dynamic-code-loading-in-android/
Erev0S
3 ways for Dynamic Code Loading in Android
erev0s blog for cyber security and more
๐12๐1
DroidFrida: Android app for executing frida scripts directly on your android device
https://github.com/ac3ss0r/DroidFrida/
https://github.com/ac3ss0r/DroidFrida/
GitHub
GitHub - ac3ss0r/DroidFrida: Portable frida injector for rooted android devices.
Portable frida injector for rooted android devices. - ac3ss0r/DroidFrida
๐27๐คฎ4
JAMBOREE: Portable all in one tool to install essential Android tools (Java, Android tools, Magisk, BurpSuit, Objection, Root Emulator, Frida etc.)
https://github.com/freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy
https://github.com/freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy
GitHub
GitHub - freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy: Java Android Magisk Burp Objection Root Emulator Easyโฆ
Java Android Magisk Burp Objection Root Emulator Easy (JAMBOREE) - freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy
๐14โค1