The complexity of reversing Flutter applications
https://www.fortiguard.com/events/5403/nullcon-berlin-2024-the-complexity-of-reversing-flutter-applications
[slides] https://filestore.fortinet.com/fortiguard/research/nullcon.pdf
https://www.fortiguard.com/events/5403/nullcon-berlin-2024-the-complexity-of-reversing-flutter-applications
[slides] https://filestore.fortinet.com/fortiguard/research/nullcon.pdf
FortiGuard Labs
Publications | FortiGuard Labs
Flutter is a cross-platform application development platform. With the same codebase, developers write and compile native applications for Android,...
π9
[Questionnaire] We are writing here to get some insights from dedicated malware analysis experts. We are a group of experienced researchers, and we developed a state-of-the-art sandbox for Android malware. We are absolutely convinced that it makes sense to bring this technology to the market, but we need to picture your biggest sandbox needs in your daily work. The idea is to grasp what are, in your eyes, the must-haves of a sandbox. Our goal is to shape the product accordingly and make it available in the forthcoming months/next few months. To this end, we prepared a quick (approximately 15-minutes) questionnaire, and it would really mean a lot to us if you could share your valuable feedback. Thanks to this, we hope to offer you soon a gain of efficiency, time and energy in your job.
Questionnaire: https://forms.gle/qJ9ck8UH5WQK6jAZ8
Questionnaire: https://forms.gle/qJ9ck8UH5WQK6jAZ8
Google Docs
Android Sandboxes: Malware Analysts' Expectations & Needs
Hello!
Thank you very much for taking the time to answer this survey. We really appreciate it!
We are a group of security researchers developing a new Android malware sandbox.
Our objective is to understand what you, as a security professional, expect fromβ¦
Thank you very much for taking the time to answer this survey. We really appreciate it!
We are a group of security researchers developing a new Android malware sandbox.
Our objective is to understand what you, as a security professional, expect fromβ¦
π₯13π4β€3π₯°2π1
Android crimeware reports on Tambir, Dwphon and Gigabud malware families
https://securelist.com/crimeware-report-android-malware/112121/
https://securelist.com/crimeware-report-android-malware/112121/
Securelist
Kaspersky crimeware report: Android malware
In this report, we share our latest Android malware findings: the Tambir spyware, Dwphon downloader and Gigabud banking Trojan.
π12π€1
Oversecured published vulnerability scan reports for 225 Google-owned apps
https://blog.oversecured.com/Oversecured-Apps-Care-Part-1-Vulnerability-disclosure-of-225-Google-apps/
https://blog.oversecured.com/Oversecured-Apps-Care-Part-1-Vulnerability-disclosure-of-225-Google-apps/
News, Techniques & Guides
Oversecured Apps Care. Part 1: Vulnerability disclosure of 225 Google apps
β€16π2
Bluetooth vulnerability allows unauthorized user to record & play audio on Bluetooth speaker via #BlueSpy
Prevention section explains how you can check if your Bluetooth LE speakers/headsets are vulnerable to this attack using nRF Connect app
https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/
Prevention section explains how you can check if your Bluetooth LE speakers/headsets are vulnerable to this attack using nRF Connect app
https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/
Mobile Hacker
Bluetooth vulnerability allows unauthorized user to record and play audio on Bluetooth speakers
This critical security issue allows third party user to record audio from Bluetooth speaker with built-in microphone in vicinity, even when it is already paired and connected with another device. This can result in eavesdropping on private conversations usingβ¦
π16π8β€2
SSRF in Mobile Security Framework (MobSF) version 3.9.5 Beta and prior (CVE-2024-29190)
MobSF does not perform any input validation when extracting the hostnames in
https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wfgj-wrgh-h3r3
MobSF does not perform any input validation when extracting the hostnames in
android:host, so requests can also be sent to local hostnames. This can lead to server-side request forgery (SSRF). An attacker can cause the server to make a connection to internal-only services within the organization's infrastructurehttps://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wfgj-wrgh-h3r3
GitHub
SSRF Vulnerability on assetlinks_check(act_name, well_knowns)
### Summary
While examining the "App Link assetlinks.json file could not be found" vulnerability detected by MobSF, we, as the Trendyol Application Security team, noticed that a GET requ...
While examining the "App Link assetlinks.json file could not be found" vulnerability detected by MobSF, we, as the Trendyol Application Security team, noticed that a GET requ...
π9β€1
BlueDucky automates exploitation of Bluetooth pairing vulnerability that leads to 0-click code execution
βͺοΈautomatically scans for devices
βͺοΈstore MAC addresses of devices that are no longer visible but have enabled Bluetooth
βͺοΈuses Rubber Ducky payloads
https://www.mobile-hacker.com/2024/03/26/blueducky-automates-exploitation-of-bluetooth-pairing-vulnerability-that-leads-to-0-click-code-execution/
βͺοΈautomatically scans for devices
βͺοΈstore MAC addresses of devices that are no longer visible but have enabled Bluetooth
βͺοΈuses Rubber Ducky payloads
https://www.mobile-hacker.com/2024/03/26/blueducky-automates-exploitation-of-bluetooth-pairing-vulnerability-that-leads-to-0-click-code-execution/
Mobile Hacker
BlueDucky automates exploitation of Bluetooth pairing vulnerability that leads to 0-click code execution
BlueDucky solves the problem of auto device discovery, locally stores found Bluetooth devices and utilized Rubber Ducky scripts that are injected from separated
π14π₯5β€3
Detecting Banker Malware Installed on Android Devices
https://itnext.io/detecting-banker-malware-installed-on-android-devices-4c96287138e2
https://itnext.io/detecting-banker-malware-installed-on-android-devices-4c96287138e2
Medium
Detecting Banker Malware Installed on Android Devices
This article presents mechanisms and ideas for detecting malicious applications installed on Android devices that abuse theβ¦
π13
Address Sanitizer for Bare-metal Firmware
This led to early discovery of memory corruption issues that were easily remediated due to the actionable reports produced by KASan. These builds can be used with fuzzers to detect edge case bugs
https://security.googleblog.com/2024/03/address-sanitizer-for-bare-metal.html
This led to early discovery of memory corruption issues that were easily remediated due to the actionable reports produced by KASan. These builds can be used with fuzzers to detect edge case bugs
https://security.googleblog.com/2024/03/address-sanitizer-for-bare-metal.html
Google Online Security Blog
Address Sanitizer for Bare-metal Firmware
Posted by Eugene Rodionov and Ivan Lozano, Android Team With steady improvements to Android userspace and kernel security, we have notice...
π8
Malicious proxy malware was found in 28 apps available on Google Play Store. These trojanized apps were overall installed over 3,240,000 times
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-proxylib-and-lumiapps-transform-mobile-devices-into-proxy-nodes
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-proxylib-and-lumiapps-transform-mobile-devices-into-proxy-nodes
HUMAN Security
Satori Threat Intelligence Alert: PROXYLIB and LumiApps Transform Mobile Devices into Proxy Nodes - HUMAN Security
HUMAN's Satori Threat Intelligence team uncovered a group of 28 apps that turned user devices into residential proxy nodes.
π4π±3π₯±3π2π₯2β€1π1
A Year in Review of Zero-Days Exploited In-the-Wild in 2023
-In 2023, there were 97 zero-day vulnerabilities exploited, a significant rise of over 50% compared to 2022 (62 vulnerabilities)
-Espionage was the primary motive behind 48 out of 58 zero-day vulnerabilities analyzed
-Most of the zero-day vulnerabilities found last year were in phones, operating systems, and web browsers
https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf
-In 2023, there were 97 zero-day vulnerabilities exploited, a significant rise of over 50% compared to 2022 (62 vulnerabilities)
-Espionage was the primary motive behind 48 out of 58 zero-day vulnerabilities analyzed
-Most of the zero-day vulnerabilities found last year were in phones, operating systems, and web browsers
https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf
π8β€1
Demonstration of using BlueDucky to exploit 0-click Bluetooth vulnerability of unpatched Android smartphone (CVE-2023-45866)
Exploit was triggered by Raspberry Pi 4 and then by Android running NetHunter
https://youtu.be/GOGW7U1f2RA
Exploit was triggered by Raspberry Pi 4 and then by Android running NetHunter
https://youtu.be/GOGW7U1f2RA
YouTube
Using BlueDucky to test 0-click Bluetooth vulnerability
#nethunter #kali #kalilinux #smartphone #tech #howto #bluetooth #blueducky #CVE-2023-45866
π12β€1
After almost 7 years, new version of drozer compatible with Python 3 and modern Java was released.
If you don't know, drozer was a very popular security testing framework for Android
https://github.com/WithSecureLabs/drozer
If you don't know, drozer was a very popular security testing framework for Android
https://github.com/WithSecureLabs/drozer
π21
Technical analysis of Android malware Vultur
https://research.nccgroup.com/2024/03/28/android-malware-vultur-expands-its-wingspan/
https://research.nccgroup.com/2024/03/28/android-malware-vultur-expands-its-wingspan/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
π8π6β€2π₯±2
Google fixed 2 Pixel vulnerabilities which are being actively exploited in the wild by forensic companies
CVE-2024-29745 refers to a vulnerability in the fastboot firmware used to support unlocking/flashing/locking. Forensic companies are rebooting devices in After First Unlock state into fastboot mode on Pixels and other devices to exploit vulnerabilities there and then dump memory.
CVE-2024-29748 refers to a vulnerability providing the ability to interrupt a factory reset triggered by a device admin app. It appears they've implemented a partial solution in firmware.
https://discuss.grapheneos.org/d/11860-vulnerabilities-exploited-in-the-wild-fixed-based-on-grapheneos-reports
CVE-2024-29745 refers to a vulnerability in the fastboot firmware used to support unlocking/flashing/locking. Forensic companies are rebooting devices in After First Unlock state into fastboot mode on Pixels and other devices to exploit vulnerabilities there and then dump memory.
CVE-2024-29748 refers to a vulnerability providing the ability to interrupt a factory reset triggered by a device admin app. It appears they've implemented a partial solution in firmware.
https://discuss.grapheneos.org/d/11860-vulnerabilities-exploited-in-the-wild-fixed-based-on-grapheneos-reports
GrapheneOS Discussion Forum
Vulnerabilities exploited in the wild fixed based on GrapheneOS reports - GrapheneOS Discussion Forum
β€17π1
How charging your phone can compromise your data using three types of Juice Jacking attack
https://www.mobile-hacker.com/2024/04/04/how-charging-your-phone-can-compromise-your-data-using-juice-jacking-attack/
https://www.mobile-hacker.com/2024/04/04/how-charging-your-phone-can-compromise-your-data-using-juice-jacking-attack/
Mobile Hacker
How charging your phone can compromise your data using Juice Jacking attack
This is a third time I have seen FBI posting warnings on X about risks of using free public charging stations in airports, hotels, or shopping centers.
π19π¨4β‘2
Hornet dating app with over 10 million installs had vulnerabilities, allowing precise location determination of their users, even with distance display being disabled
https://research.checkpoint.com/2024/the-illusion-of-privacy-geolocation-risks-in-modern-dating-apps/
https://research.checkpoint.com/2024/the-illusion-of-privacy-geolocation-risks-in-modern-dating-apps/
Check Point Research
The Illusion of Privacy: Geolocation Risks in Modern Dating Apps - Check Point Research
Key takeaways Introduction Dating apps traditionally utilize location data, offering the opportunity to connect with people nearby, and enhancing the chances of real-life meetings. Some apps can also display the distance of the user to other users. This featureβ¦
π16β€2π€·ββ1π€1
Bypassing anti-reversing defences in iOS applications
https://twelvesec.com/2023/10/10/bypassing-anti-reversing-defences-in-ios-applications/
https://twelvesec.com/2023/10/10/bypassing-anti-reversing-defences-in-ios-applications/
Twelvesec
Bypassing anti-reversing defences in iOS applications - Twelvesec
A walktrough on dynamically bypassing anti-debugging and anti-reversing defences in iOS applications.
π9β€3
Threat actor "Starry Addax" targets human rights defenders in North Africa with new Android malware
https://blog.talosintelligence.com/starry-addax/
https://blog.talosintelligence.com/starry-addax/
Cisco Talos Blog
Starry Addax targets human rights defenders in North Africa with new malware
Cisco Talos is disclosing a new threat actor we deemed βStarry Addaxβ targeting mostly human rights activists, associated with the Sahrawi Arab Democratic Republic (SADR) cause with a novel mobile malware.
π11
Active Android espionage campaign targeting users mainly in India and Pakistan with apps bundled with the XploitSPY malware posing mostly as messaging services - even available on Google Play Store
https://www.welivesecurity.com/en/eset-research/exotic-visit-campaign-tracing-footprints-virtual-invaders/
https://www.welivesecurity.com/en/eset-research/exotic-visit-campaign-tracing-footprints-virtual-invaders/
π₯7π5β‘1
ANDROID SUPPLY CHAIN VALIDATION CHEAT SHEET
This cheat sheet is based on the work performed on Android TV devices (we documented our steps in the post Android TV Devices: Pre-0wned Supply Chain Security Threats)
https://eclypsium.com/blog/android-supply-chain-validation-cheat-sheet/
This cheat sheet is based on the work performed on Android TV devices (we documented our steps in the post Android TV Devices: Pre-0wned Supply Chain Security Threats)
https://eclypsium.com/blog/android-supply-chain-validation-cheat-sheet/
Eclypsium | Supply Chain Security for the Modern Enterprise
Android Supply Chain Validation Cheat Sheet - Eclypsium | Supply Chain Security for the Modern Enterprise
Several different tools and techniques are available for Android to enumerate software and configurations, allowing you to begin to validate the software on devices. This cheat sheet is based on the work performed on Android TV devices (we documented ourβ¦
π14β€2