A technical analysis of Intellexa's PREDATOR mobile spyware
https://blog.talosintelligence.com/mercenary-intellexa-predator/
https://blog.talosintelligence.com/mercenary-intellexa-predator/
Cisco Talos Blog
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexaβ¦
π10π₯°1
βFleeceGPTβ mobile apps target AI-curious to rake in cash
https://news-sophos-com.cdn.ampproject.org/c/s/news.sophos.com/en-us/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash/
https://news-sophos-com.cdn.ampproject.org/c/s/news.sophos.com/en-us/2023/05/17/fleecegpt-mobile-apps-target-ai-curious-to-rake-in-cash/
Sophos News
βFleeceGPTβ mobile apps target AI-curious to rake in cash
Interest in OpenAIβs latest version of its interactive language model has spurred a new wave of scam apps looking to cash in on the hype
π12
Daam (BouldSpy) Android Botnet recommendations from India CERT
https://www.csk.gov.in/alerts/Daam_android_botnet.html
https://www.csk.gov.in/alerts/Daam_android_botnet.html
www.csk.gov.in
Cyber Swachhta Kendra: Daam Android Botnet
Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre), information on Daam Android Botnet - CERT-In
π9
Flipper zero can root Xiaomi vaccum robot using usb uart app
https://www.reddit.com/r/flipperzero/comments/13sabij/flipper_zero_can_be_used_for_xiaomi_vaccum_robot/
Tutorial: https://builder.dontvacuum.me/dreame/
https://www.reddit.com/r/flipperzero/comments/13sabij/flipper_zero_can_be_used_for_xiaomi_vaccum_robot/
Tutorial: https://builder.dontvacuum.me/dreame/
π€£17π12π₯4π2
Permhash: The permhash framework can be used to identify previously unknown APK, CRX, AXML samples through pivoting and clustering
Tool: https://github.com/google/permhash
Research: https://www.mandiant.com/resources/blog/permhash-no-curls-necessary
Tool: https://github.com/google/permhash
Research: https://www.mandiant.com/resources/blog/permhash-no-curls-necessary
GitHub
GitHub - google/permhash
Contribute to google/permhash development by creating an account on GitHub.
π5π’1
Android apps containing spyware SpinOk module was discovered in 101 apps on Google Play Store with alltogether 421,000,000+ install
It can exfiltrate:
- list of files in specified directories,
- verify the presence of a specified file or a directory on the device,
- file from the device, and
- copy or substitute the clipboard contents
https://news.drweb.com/show/?lng=en&i=14705
It can exfiltrate:
- list of files in specified directories,
- verify the presence of a specified file or a directory on the device,
- file from the device, and
- copy or substitute the clipboard contents
https://news.drweb.com/show/?lng=en&i=14705
Dr.Web
Android apps containing SpinOk module with spyware features installed over 421,000,000 times
Doctor Web discovered an Android software module with spyware functionality. It collects information on files stored on devices and is capable of transferring them to malicious actors. It can also substitute and upload clipboard contents to a remote server.β¦
π10β€2π2π€2
Android DogeRAT: Technical analysis of open-source Android Remote Access Trojan (RAT)
https://cloudsek.com/blog/dogerat-the-android-malware-campaign-targeting-users-across-multiple-industries
https://cloudsek.com/blog/dogerat-the-android-malware-campaign-targeting-users-across-multiple-industries
Cloudsek
DogeRAT: The Android Malware Campaign Targeting Users Across Multiple Industries | CloudSEK
CloudSEKβs TRIAD team discovered yet another open-source Android malware called DogeRAT (Remote Access Trojan), targeting a large customer base across multiple industries, especially Banking and Entertainment. Although the majority of this campaign targetedβ¦
π₯°8π4π₯2
Crash WhatsApp using one message
Video demo how it is possible to crash group chat using one message. If you open the chat, WhatsApp will always crash.
β οΈTo temporarily fix the issue, you have to remove the crash message using WhatsApp web
https://www.instagram.com/reel/Cs3iGe3ORuw/?igshid=MzRlODBiNWFlZA==
Video demo how it is possible to crash group chat using one message. If you open the chat, WhatsApp will always crash.
β οΈTo temporarily fix the issue, you have to remove the crash message using WhatsApp web
https://www.instagram.com/reel/Cs3iGe3ORuw/?igshid=MzRlODBiNWFlZA==
π21π4π4β€3π2π€1π’1
Beautifying Native Android Code in Ghidra!
We partially native APK, extract the native binaries, and analyze the native ELF binary
https://youtu.be/sK_jsQ5bJUk
We partially native APK, extract the native binaries, and analyze the native ELF binary
https://youtu.be/sK_jsQ5bJUk
YouTube
Beautifying Native Android Code in Ghidra
In this video, we take our partially native APK, extract the native binaries, and analyze the native ELF binary in Ghidra.
---
Timestamps:
00:00 Intro
00:47 Opening up Previous Application
02:51 Defining Methods Natively
05:45 Ghidra Time!
07:10 ELF Headerβ¦
---
Timestamps:
00:00 Intro
00:47 Opening up Previous Application
02:51 Defining Methods Natively
05:45 Ghidra Time!
07:10 ELF Headerβ¦
π9β€5π₯1
Operation Triangulation: iOS devices targeted with previously unknown malware
This malware compromised several Kaspersky employees: The target iOS device receives a message via the iMessage service, with an attachment containing an exploit. Without any user interaction, the message triggers a vulnerability that leads to code execution.
https://securelist.com/operation-triangulation/109842/
This malware compromised several Kaspersky employees: The target iOS device receives a message via the iMessage service, with an attachment containing an exploit. Without any user interaction, the message triggers a vulnerability that leads to code execution.
https://securelist.com/operation-triangulation/109842/
Securelist
Operation Triangulation: iOS devices targeted with previously unknown malware
While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS devices from the inside, we created offline backups of the devicesβ¦
π15π€5πΎ3π2
CVE-2023-20963: 0-day in Android's Parcel serialization/deserialization which was used in-the-wild by the Pinduoduo app
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-20963.html
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-20963.html
β€18π4πΎ1
Binder Trace: Tool for intercepting and parsing Android Binder messages Think of it as "Wireshark for Binder"
https://github.com/foundryzero/binder-trace
https://github.com/foundryzero/binder-trace
GitHub
GitHub - foundryzero/binder-trace: Binder Trace is a tool for intercepting and parsing Android Binder messages. Think of it asβ¦
Binder Trace is a tool for intercepting and parsing Android Binder messages. Think of it as "Wireshark for Binder". - foundryzero/binder-trace
π15β€2
HelloTeacher: New Android Malware Targeting Banking Users In Vietnam
https://blog.cyble.com/2023/06/05/helloteacher-new-android-malware-targeting-banking-users-in-vietnam/
https://blog.cyble.com/2023/06/05/helloteacher-new-android-malware-targeting-banking-users-in-vietnam/
Cyble
HelloTeacher: New Android Malware Targeting Banking Users In Vietnam
Cyble analyzes a new malware "HelloTeacher" masquerading as popular messaging app to target banking users from Vietnam and steals sensitive data.
π9β€2
iOS Deep Link attacks Part 2 β Exploitation
https://8ksec.io/ios-deep-link-attacks-part-2-exploitation-8ksec-blogs/
https://8ksec.io/ios-deep-link-attacks-part-2-exploitation-8ksec-blogs/
π12
An active Android campaign pushes adware to Android devices with the purpose of driving revenue
https://www.bitdefender.com/blog/labs/tens-of-thousands-of-compromised-android-apps-found-by-bitdefender-anomaly-detection-technology/
https://www.bitdefender.com/blog/labs/tens-of-thousands-of-compromised-android-apps-found-by-bitdefender-anomaly-detection-technology/
Bitdefender Labs
Tens of Thousands of Compromised Android Apps Found by Bitdefender Anomaly Detection Technology
Bitdefender researchers used a recently announced industry-first app anomaly detection technology incorporated into Bitdefender Mobile Security to uncover a hidden malware campaign living undetected on mobile devices worldwide for more than six months.
π13π€2π1
iOS pentesting 101
How to setup iOS environment
https://securitycafe.ro/2023/06/12/mobile-pentesting-101-how-to-set-up-your-ios-environment/
How to setup iOS environment
https://securitycafe.ro/2023/06/12/mobile-pentesting-101-how-to-set-up-your-ios-environment/
Security CafΓ©
Mobile Pentesting 101 β How to Set Up Your iOS Environment
As mentioned in the Mobile Pentesting 101 β How to set up your Android Environment article, I am now offering you valuable information regarding the iOS pentesting environment. This will be mβ¦
π21β€1
Android Security & Malware
Android Malware Analysis of Chameleon banking trojan Part 1: https://n0psn0ps.github.io/2023/03/02/android-malware-analysis-series-ato.apk-part-3.1/ Part 2: https://n0psn0ps.github.io/2023/04/13/android-malware-analysis-series-ato.apk-part-3.2/
Cloud Mining Scam Distributes Roamer Android Banking Trojan
https://blog.cyble.com/2023/06/14/cloud-mining-scam-distributes-roamer-banking-trojan/
https://blog.cyble.com/2023/06/14/cloud-mining-scam-distributes-roamer-banking-trojan/
π7
Discovered Android GravityRAT malware being distributed as the BingeChat and Chatico messaging apps
https://www.welivesecurity.com/2023/06/15/android-gravityrat-goes-after-whatsapp-backups/
https://www.welivesecurity.com/2023/06/15/android-gravityrat-goes-after-whatsapp-backups/
WeLiveSecurity
Android GravityRAT goes after WhatsApp backups
ESET researchers analyzed an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can receive commands to delete files.
π9β€3π€3π₯1
Android Malware Impersonates ChatGPT-Themed Applications
https://unit42.paloaltonetworks.com/android-malware-poses-as-chatgpt/
https://unit42.paloaltonetworks.com/android-malware-poses-as-chatgpt/
Unit 42
Android Malware Impersonates ChatGPT-Themed Applications
Android malware posing as ChatGPT-themed apps targets mobile users. We report on instances of this attack vector, identifying two distinct types.
π12
DoNot APT Elevates its Tactics by Deploying Malicious Android Apps on Google Play Store impersonating VPN apps (iKHfaa VPN and nSure Chat)
https://www.cyfirma.com/outofband/donot-apt-elevates-its-tactics-by-deploying-malicious-android-apps-on-google-play-store/
https://www.cyfirma.com/outofband/donot-apt-elevates-its-tactics-by-deploying-malicious-android-apps-on-google-play-store/
CYFIRMA
DoNot APT Elevates its Tactics by Deploying Malicious Android Apps on Google Play Store - CYFIRMA
EXECUTIVE SUMMARY The team at CYFIRMA recently obtained suspicious Android apps hosted on the Google Play Store under the account...
π11β€2π€1
Leveraging Android Permissions: A Solver Approach (CVE-2023-20947)
https://blog.thalium.re/posts/leveraging-android-permissions/
https://blog.thalium.re/posts/leveraging-android-permissions/
blog.thalium.re
Leveraging Android Permissions: A Solver Approach
The Android permission management system has already suffered from several vulnerabilities in the past. Such weaknesses can grant dangerous permissions to a malevolent application, an example being CALL_LOG, which gives access to all incoming and outgoingβ¦
π10β€1