Open Redirect in Login Redirect in MobSF (CVE-2024-41955)
Update to MobSF v4.0.5.
https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-8m9j-2f32-2vx4
Update to MobSF v4.0.5.
https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-8m9j-2f32-2vx4
GitHub
Open Redirect in Login Redirect
### Impact
_What kind of vulnerability is it? Who is impacted?_
An open redirect vulnerability exist in MobSF authentication view.
PoC
1. Go to https://127.0.0.1:8000/login/?next=//afine.co...
_What kind of vulnerability is it? Who is impacted?_
An open redirect vulnerability exist in MobSF authentication view.
PoC
1. Go to https://127.0.0.1:8000/login/?next=//afine.co...
๐ฅ8
BingoMod: The new android RAT that steals money and wipes data
https://www.cleafy.com/cleafy-labs/bingomod-the-new-android-rat-that-steals-money-and-wipes-data
https://www.cleafy.com/cleafy-labs/bingomod-the-new-android-rat-that-steals-money-and-wipes-data
Cleafy
BingoMod: The new android RAT that steals money and wipes data | Cleafy Labs
Discover the new android RAT BingoMod, identified by the Cleafy TIR team in May 2024. BingoMod targets money transfers via Account Takeover and On-Device Fraud, bypassing bank security measures. It exploits permissions to steal credentials, conduct overlayโฆ
๐คฉ9๐3
Introducing the new Mobile App Security Weakness Enumeration (MASWE).
This brand new OWASP MAS resource bridges the gap between MASVS high-level controls and MASTG low-level testing, using a similar approach to CWEs.
https://mas.owasp.org/news/2024/07/30/new-maswe/
This brand new OWASP MAS resource bridges the gap between MASVS high-level controls and MASTG low-level testing, using a similar approach to CWEs.
https://mas.owasp.org/news/2024/07/30/new-maswe/
๐5๐3
New Fileless Malware Framework "GhostHook" Targets Android Devices
https://iverify.io/post/new-fileless-malware-framework-ghosthook-targets-android-devices
https://iverify.io/post/new-fileless-malware-framework-ghosthook-targets-android-devices
iverify.io
New Fileless Malware Framework "GhostHook" Targets Android Devices
iVerify have detected a new fileless malware spreading framework, GhostHook, being shared across cybercrime forums and networks.
๐8๐3๐ป3๐ฅ2โค1
BlankBot - a new Android banking trojan with screen recording, keylogging and remote control capabilities
https://intel471.com/blog/blankbot-a-new-android-banking-trojan-with-screen-recording-keylogging-and-remote-control-capabilities
https://intel471.com/blog/blankbot-a-new-android-banking-trojan-with-screen-recording-keylogging-and-remote-control-capabilities
๐10โค3๐3
Heap overflow in JPEG loading in Samsung's Little Kernel in bootloader allows a privileged attacker to execute persistent arbitrary code (it survives reboots and factory reset) CVE-2024-20832
Paper: https://www.sstic.org/media/SSTIC2024/SSTIC-actes/when_vendor1_meets_vendor2_the_story_of_a_small_bu/SSTIC2024-Article-when_vendor1_meets_vendor2_the_story_of_a_small_bug_chain-rossi-bellom_neveu.pdf
Slides: https://www.sstic.org/media/SSTIC2024/SSTIC-actes/when_vendor1_meets_vendor2_the_story_of_a_small_bu/SSTIC2024-Slides-when_vendor1_meets_vendor2_the_story_of_a_small_bug_chain-rossi-bellom_neveu.pdf
Paper: https://www.sstic.org/media/SSTIC2024/SSTIC-actes/when_vendor1_meets_vendor2_the_story_of_a_small_bu/SSTIC2024-Article-when_vendor1_meets_vendor2_the_story_of_a_small_bug_chain-rossi-bellom_neveu.pdf
Slides: https://www.sstic.org/media/SSTIC2024/SSTIC-actes/when_vendor1_meets_vendor2_the_story_of_a_small_bu/SSTIC2024-Slides-when_vendor1_meets_vendor2_the_story_of_a_small_bug_chain-rossi-bellom_neveu.pdf
๐ฟ9๐3๐2โค1
LianSpy: new Android spyware targeting Russian users
https://securelist.com/lianspy-android-spyware/113253/
https://securelist.com/lianspy-android-spyware/113253/
Securelist
LianSpy: Android spyware leveraging Yandex Disk as C2
Previously unknown spyware LianSpy targets Android devices by exploiting root privileges to steal data and leveraging Yandex Disk cloud service as C2.
๐ฉ8๐5๐3๐ฅฑ3
Google fixed Kernel RCE vulnerability in Android (CVE-2024-36971) that was most-likely used for targeted exploitation
https://source.android.com/docs/security/bulletin/2024-08-01
https://source.android.com/docs/security/bulletin/2024-08-01
๐คก13๐4โค1
5GBaseChecker: a security analysis framework that helps to hunt for 5G vulnerabilities
https://github.com/SyNSec-den/5GBaseChecker
https://github.com/SyNSec-den/5GBaseChecker
GitHub
GitHub - SyNSec-den/5GBaseChecker
Contribute to SyNSec-den/5GBaseChecker development by creating an account on GitHub.
๐10๐3โค2๐2๐1
The Way to Android Root: Exploiting Your GPU On Smartphone (CVE-2024-23380)
[slides] https://i.blackhat.com/BH-US-24/Presentations/REVISED_US24-Gong-The-Way-to-Android-Root-Wednesday.pdf
[slides] https://i.blackhat.com/BH-US-24/Presentations/REVISED_US24-Gong-The-Way-to-Android-Root-Wednesday.pdf
๐11๐ฑ2๐ฅ1๐1๐1
Dynamic Analysis Technique of Android Malware by Injecting Smali Gadgets
Patch APK with logcat output as alternative to using Frida
https://blogs.jpcert.or.jp/en/2024/08/smaligadget.html
Patch APK with logcat output as alternative to using Frida
https://blogs.jpcert.or.jp/en/2024/08/smaligadget.html
JPCERT/CC Eyes
Dynamic Analysis Technique of Android Malware by Injecting Smali Gadgets - JPCERT/CC Eyes
When dynamically analyzing Android malware, it is currently difficult to follow its code using debuggers unlike Windows malware. Although there is a technique [1] to hook a method dynamically by Frida [2], obtaining the in-progress state of the method is...
๐คก11๐คฃ9โค8๐6๐ฉ6๐2
Android Game Hacking: Increase money in Dude Theft Wars Shooting
https://8ksec.io/hacking-android-games/
https://8ksec.io/hacking-android-games/
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Hacking Android Games - 8kSec
Learn the process involved in hacking Android games and learn how to distinguish between app hacking and game hacking within the Android ecosystem.
๐ฅ17๐2
Android Vulnerability Impacting Millions of Pixel Devices Around the World
https://iverify.io/blog/iverify-discovers-android-vulnerability-impacting-millions-of-pixel-devices-around-the-world
https://iverify.io/blog/iverify-discovers-android-vulnerability-impacting-millions-of-pixel-devices-around-the-world
iverify.io
iVerify Discovers Android Vulnerability Impacting Millions of Pixel Devices Around the World
iVerify discovered an Android package, with excessive system privileges on a very large percentage of Pixel devices shipped worldwide.
๐คฎ7๐3๐1
Exploiting Androidโs Hardened Memory Allocator
PoC: https://github.com/HexHive/scudo-exploitation
Paper: https://nebelwelt.net/publications/files/24WOOT.pdf
PoC: https://github.com/HexHive/scudo-exploitation
Paper: https://nebelwelt.net/publications/files/24WOOT.pdf
GitHub
GitHub - HexHive/scudo-exploitation
Contribute to HexHive/scudo-exploitation development by creating an account on GitHub.
๐8๐ฅ5
Media is too big
VIEW IN TELEGRAM
RCE on Xiaomi 13 Pro (CVE-2023-26324)
๐Exploitation:
1) Open URL in WebView
2) Inject JavaScript
3) Execute JavaScript Interface functions from vulnerable GetApps to install & launch payload
4) Get shell
๐Slides with PoC: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Ken%20Gannon%20Ilyes%20Beghdadi%20-%20Xiaomi%20The%20Money%20Our%20Toronto%20Pwn2Own%20Exploit%20and%20Behind%20The%20Scenes%20Story.pdf
๐Exploitation:
1) Open URL in WebView
2) Inject JavaScript
3) Execute JavaScript Interface functions from vulnerable GetApps to install & launch payload
4) Get shell
๐Slides with PoC: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Ken%20Gannon%20Ilyes%20Beghdadi%20-%20Xiaomi%20The%20Money%20Our%20Toronto%20Pwn2Own%20Exploit%20and%20Behind%20The%20Scenes%20Story.pdf
๐ฅ28๐7๐2
Exploiting Bluetooth: From your car to the bank account
Defcon slides: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Vladyslav%20Zubkov%20Martin%20Strohmeier%20-%20Exploiting%20Bluetooth%20-%20from%20your%20car%20to%20the%20bank%20account%24%24.pdf
Defcon slides: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/DEF%20CON%2032%20-%20Vladyslav%20Zubkov%20Martin%20Strohmeier%20-%20Exploiting%20Bluetooth%20-%20from%20your%20car%20to%20the%20bank%20account%24%24.pdf
๐ฅ14๐5โค2๐1
The ColorOS Internet Browser (com.heytap.browser) app for Android allows a remote attacker to execute arbitrary JavaScript code
PoC: https://github.com/actuator/com.heytap.browser
PoC: https://github.com/actuator/com.heytap.browser
GitHub
GitHub - actuator/com.heytap.browser: CVE-2024-23729
CVE-2024-23729. Contribute to actuator/com.heytap.browser development by creating an account on GitHub.
๐12๐ฅ3
Sophisticated phishing method targeted mobile users via Progressive Web Apps (iOS, Android) and WebAPKs (Android) to mimic banking apps. Installing WebAPK apps doesn't warn the victim about installing a third-party application and they even appear to have been installed from the Google Play store
https://www.welivesecurity.com/en/eset-research/be-careful-what-you-pwish-for-phishing-in-pwa-applications/
https://www.welivesecurity.com/en/eset-research/be-careful-what-you-pwish-for-phishing-in-pwa-applications/
Welivesecurity
Be careful what you pwish for โ Phishing in PWA applications
ESET Research uncovers a novel method of phishing; targeting Android and iOS users via PWAs, and on Android also WebAPKs, without warning the user about installing a third-party app.
๐8๐5
New Android malware - NGate - relays NFC data from victimsโ payment cards, via victimsโ compromised mobile phones, to attacker's device waiting at an ATM to withdraw cash
https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/
https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/
Welivesecurity
NGate Android malware relays NFC traffic to steal cash
ESET Research uncovers Android malware that relays NFC data from victimsโ payment cards, via victimsโ mobile phones, to the device of a perpetrator waiting at an ATM.
๐13๐6๐ฅ4โค1
Technical Analysis of Copybara
https://threatlabz.zscaler.com/blogs/security-research/technical-analysis-copybara
https://threatlabz.zscaler.com/blogs/security-research/technical-analysis-copybara
๐7
How to root an Android device for analysis and vulnerability assessment
https://www.pentestpartners.com/security-blog/how-to-root-an-android-device-for-analysis-and-vulnerability-assessment/
https://www.pentestpartners.com/security-blog/how-to-root-an-android-device-for-analysis-and-vulnerability-assessment/
Pen Test Partners
How to root an Android device for analysis and vulnerability assessment | Pen Test Partners
TL;DR Introduction For mobile testing, be it for apps or hardware, having complete control over the device is essential for analysis and vulnerability assessment. Rooting an Android device allows us to gain root privileges, giving us full access to the OSโฆ
๐ฅ13๐8๐คก4