iOS LightSpy Returns: Renewed Espionage Campaign Targets Southern Asia, Possibly India
https://blogs.blackberry.com/en/2024/04/lightspy-returns-renewed-espionage-campaign-targets-southern-asia-possibly-india
https://blogs.blackberry.com/en/2024/04/lightspy-returns-renewed-espionage-campaign-targets-southern-asia-possibly-india
Blackberry
Secure Communications Blog
Explore expert insights on secure communications from BlackBerryโcovering government, critical infrastructure, resilience, compliance, and trusted communications at scale.
๐8๐ฅ2
SoumniBot: the new Android bankerโs unique techniques
https://securelist.com/soumnibot-android-banker-obfuscates-app-manifest/112334/
https://securelist.com/soumnibot-android-banker-obfuscates-app-manifest/112334/
Securelist
Analysis of the SoumniBot Android banker
We review the new mobile Trojan banker SoumniBot, which exploits bugs in the Android manifest parser to dodge analysis and detection.
๐8โค2
Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers
https://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers/
https://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers/
Shielder
Shielder - Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers
A writeup about two intent-based Android vulnerabilities CVE-2024-26131 and CVE-2024-26132 in Element (Matrix).
๐ฅ11๐2๐ฏ2
XAgent Spyware Targeting iOS Devices in Western Europe: Analysis of Capabilities
https://www.linkedin.com/pulse/xagent-spyware-targeting-ios-devices-western-europe-dmitry-bestuzhev-xunle
https://www.linkedin.com/pulse/xagent-spyware-targeting-ios-devices-western-europe-dmitry-bestuzhev-xunle
Linkedin
XAgent Spyware Targeting iOS Devices in Western Europe: Analysis of Capabilities
Executive Summary: During a recent discussion between "Isabelle Quinn" and myself regarding the latest findings of iOS malware, we encountered new samples of interest. Following observations of activity from the Triangulation group a few days ago by Dmitryโฆ
๐ฅ12โค1๐1
[BlackHat Asia 2024] Analysing a NSO iOS Spyware Sample
https://www.blackhat.com/asia-24/briefings/schedule/?s=03#you-shall-not-pass---analysing-a-nso-ios-spyware-sample-37980
[slides] https://i.blackhat.com/Asia-24/Asia-24-Frielingsdorf-YouShallNotPassAnalysing.pdf
https://www.blackhat.com/asia-24/briefings/schedule/?s=03#you-shall-not-pass---analysing-a-nso-ios-spyware-sample-37980
[slides] https://i.blackhat.com/Asia-24/Asia-24-Frielingsdorf-YouShallNotPassAnalysing.pdf
Blackhat
Black Hat Asia 2024
๐16โค2
[BlackHat Asia 2024] Privacy Detective: Sniffing Out Your Data Leaks for Android
https://www.blackhat.com/asia-24/briefings/schedule/?s=03#privacy-detective-sniffing-out-your-data-leaks-for-android-37301
[slides] https://i.blackhat.com/Asia-24/Presentations/Asia-24-Zhou-PrivacyDetective.pdf
https://www.blackhat.com/asia-24/briefings/schedule/?s=03#privacy-detective-sniffing-out-your-data-leaks-for-android-37301
[slides] https://i.blackhat.com/Asia-24/Presentations/Asia-24-Zhou-PrivacyDetective.pdf
Blackhat
Black Hat Asia 2024
๐6โค3
[BlackHat Asia 2024] SystemUI As EvilPiP: The Hijacking Attacks on Modern Mobile Devices
https://www.blackhat.com/asia-24/briefings/schedule/?s=03#systemui-as-evilpip-the-hijacking-attacks-on-modern-mobile-devices-36260
[slides] https://i.blackhat.com/Asia-24/Presentations/Asia-24-WeiMinCheng-systemui-as-evilpip-the-hijacking-attacks-on-modern-mobile-devices.pdf
https://www.blackhat.com/asia-24/briefings/schedule/?s=03#systemui-as-evilpip-the-hijacking-attacks-on-modern-mobile-devices-36260
[slides] https://i.blackhat.com/Asia-24/Presentations/Asia-24-WeiMinCheng-systemui-as-evilpip-the-hijacking-attacks-on-modern-mobile-devices.pdf
Blackhat
Black Hat Asia 2024
๐7
Security analysis of system apps of prepaid Android carrier devices
[slides] https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ryan%20Johnson%20Mohamed%20Elsabagh%20Angelos%20Stavrou%20-%20Still%20Vulnerable%20Out%20of%20the%20Box%20Revisiting%20the%20Security%20of%20Prepaid%20Android%20Carrier%20Devices.pdf
[slides] https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ryan%20Johnson%20Mohamed%20Elsabagh%20Angelos%20Stavrou%20-%20Still%20Vulnerable%20Out%20of%20the%20Box%20Revisiting%20the%20Security%20of%20Prepaid%20Android%20Carrier%20Devices.pdf
๐ฅ9๐2โค1
Vulnerabilities across cloud keyboard apps reveal keystrokes to network eavesdroppers (Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi that could be exploited to reveal what a user types)
https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/
https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/
The Citizen Lab
The not-so-silent type
In this report, we examine cloud-based pinyin keyboard apps from nine vendors (Baidu, Honor, Huawei, iFlyTek, OPPO, Samsung, Tencent, Vivo, and Xiaomi) for vulnerabilities in how the apps transmit user keystrokes. Our analysis found that eight of the nineโฆ
๐13๐ฅ5
Brokewell: A New Android Banking Trojan Targeting Users In Germany
https://cyble.com/blog/brokewell-a-new-android-banking-trojan-targeting-users-in-germany/
https://cyble.com/blog/brokewell-a-new-android-banking-trojan-targeting-users-in-germany/
Cyble
Brokewell: New Android Trojan Targeting Germany Users
Cybel uncovers the 'Brokewell' Android Banking Trojan targeting German users with overlay attacks, keylogging, and screen recording. Stay updated on threats.
๐10โค2๐1
Security issues in phone-tracking app iSharing exposed users locations
https://www.ericdaigle.ca/isharing-data-leak-writeup/
https://www.ericdaigle.ca/isharing-data-leak-writeup/
๐6โค2
Brokewell: do not go broke from new banking malware
https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware
https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware
ThreatFabric
Brokewell: do not go broke from new banking malware!
Explore the new malware family, Brokewell, with Device Takeover capabilities. Understand the risks it poses to financial institutions and how to stay protected.
๐ฅ9๐4
Advanced Frida Usage Part 9 โ Memory Scanning in Android
https://8ksec.io/advanced-frida-usage-part-9-memory-scanning-in-android/
https://8ksec.io/advanced-frida-usage-part-9-memory-scanning-in-android/
๐ฅ9๐3โค2
In 2023, Google prevented 2.28 million policy-violating apps from being published on Google Play
https://security.googleblog.com/2024/04/how-we-fought-bad-apps-and-bad-actors-in-2023.html
https://security.googleblog.com/2024/04/how-we-fought-bad-apps-and-bad-actors-in-2023.html
Google Online Security Blog
How we fought bad apps and bad actors in 2023
Posted by Steve Kafka and Khawaja Shams (Android Security and Privacy Team), and Mohet Saxena (Play Trust and Safety) A safe and trusted ...
โค8๐1
New Android malware called Wpeeper hides behind hacked WordPress sites
https://blog.xlab.qianxin.com/playing-possum-whats-the-wpeeper-backdoor-up-to/
https://blog.xlab.qianxin.com/playing-possum-whats-the-wpeeper-backdoor-up-to/
ๅฅๅฎไฟก X ๅฎ้ชๅฎค
Playing Possum: What's the Wpeeper Backdoor Up To?
Summary
On April 18, 2024, XLab's threat hunting system detected an ELF file with zero detections on VirusTotal being distributed through two different domains. One of the domains was marked as malicious by three security firms, while the other was recentlyโฆ
On April 18, 2024, XLab's threat hunting system detected an ELF file with zero detections on VirusTotal being distributed through two different domains. One of the domains was marked as malicious by three security firms, while the other was recentlyโฆ
โค6๐ฅ4๐1
โDirty streamโ attack: Discovering and mitigating a common vulnerability pattern in Android apps
https://www.microsoft.com/en-us/security/blog/2024/05/01/dirty-stream-attack-discovering-and-mitigating-a-common-vulnerability-pattern-in-android-apps/
https://www.microsoft.com/en-us/security/blog/2024/05/01/dirty-stream-attack-discovering-and-mitigating-a-common-vulnerability-pattern-in-android-apps/
Microsoft News
โDirty streamโ attack: Discovering and mitigating a common vulnerability pattern in Android apps
Microsoft discovered a vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable applicationโs internal data storage directory, which could lead to arbitrary code executionโฆ
๐ฅ10๐2
20 Security Issues Found in Xiaomi Devices
https://blog.oversecured.com/20-Security-Issues-Found-in-Xiaomi-Devices/
https://blog.oversecured.com/20-Security-Issues-Found-in-Xiaomi-Devices/
News, Techniques & Guides
20 Security Issues Found in Xiaomi Devices
๐15๐6๐คฏ4๐3๐3
How to Improve Your Android & iOS Static Analysis with Nuclei!
https://medium.com/@justmobilesec/how-to-improve-your-android-ios-static-analysis-with-nuclei-d44f3daa9cee
https://medium.com/@justmobilesec/how-to-improve-your-android-ios-static-analysis-with-nuclei-d44f3daa9cee
Medium
How to Improve Your Android & iOS Static Analysis with Nuclei!
TL;DR: In this post, we will cover how to statically analyze Android and iOS applications using Nuclei. Weโll start:
๐12โค3
Smart-sex-toy users targeted by Android trojan clicker
https://news.drweb.com/show/?i=14860&lng=en
https://news.drweb.com/show/?i=14860&lng=en
Dr.Web
Smart-sex-toy users targeted by clicker trojan
Virus analysts at Doctor Web uncovered an Android application containing a clicker trojan that silently opens advertising sites and clicks on webpages. Such trojans can be used to stealthily display ads, generate click fraud, sign up unsuspecting victimsโฆ
๐ฉ21๐คก11๐5๐5๐ฟ3๐จ2
DNS traffic can leak outside the VPN tunnel on Android
https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android
https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android
Mullvad VPN
DNS traffic can leak outside the VPN tunnel on Android | Mullvad VPN
We were recently made aware of multiple potential DNS leaks on Android. They stem from bugs in Android itself, and only affect certain apps.
๐18๐ฑ5