Android banking trojan - Ajina - attacks Central Asia: Story of an Uzbek Android Pandemic
https://www.group-ib.com/blog/ajina-malware
https://www.group-ib.com/blog/ajina-malware
Group-IB
Story of an Uzbek Android Pandemic | Group-IB Blog
Discovered by Group-IB in May 2024, the Ajina.Banker malware is a major cyber threat in the Central Asia region, disguising itself as legitimate apps to steal banking information and intercept 2FA messages.
๐ฅ6๐คฏ2โค1๐ฅด1
Android Vo1d malware infected over a million Android TV boxes
It is a backdoor that puts its components in the system storage and, when commanded by attackers, is capable of secretly downloading and installing third-party software
https://news.drweb.com/show/?i=14900&lng=en
It is a backdoor that puts its components in the system storage and, when commanded by attackers, is capable of secretly downloading and installing third-party software
https://news.drweb.com/show/?i=14900&lng=en
Dr.Web
Void captures over a million Android TV boxes
Doctor Web experts have uncovered yet another case of an Android-based TV box infection. The malware, dubbed <a href="https://vms.drweb.com/search/?q=Android.Vo1d&lng=en"><b>Android.Vo1d</b></a>, has infected nearly 1.3 million devices belonging to usersโฆ
๐8๐3๐1
Diving into ADB protocol internals (1/2)
https://www.synacktiv.com/publications/diving-into-adb-protocol-internals-12
https://www.synacktiv.com/publications/diving-into-adb-protocol-internals-12
Synacktiv
Diving into ADB protocol internals (1/2)
๐ฅ11๐3๐1๐คก1๐ฅฑ1
Wild vulnerabilities discovered in mobile dating app - Feeld with 1 Million installs on Google Play
-Disclosure of profile information to non-premium users
-Read other peopleโs messages
-access to other peopleโs photos & videos from their chats
-delete, recover and edit other peopleโs messages
-Update someone elseโs profile information
-Send messages in other peopleโs chat
-Get a โLikeโ from any user profile
https://fortbridge.co.uk/research/feeld-dating-app-nudes-data-publicly-available/
-Disclosure of profile information to non-premium users
-Read other peopleโs messages
-access to other peopleโs photos & videos from their chats
-delete, recover and edit other peopleโs messages
-Update someone elseโs profile information
-Send messages in other peopleโs chat
-Get a โLikeโ from any user profile
https://fortbridge.co.uk/research/feeld-dating-app-nudes-data-publicly-available/
Cyber Security Services - London
Feeld dating app - Your nudes and data were publicly available
Discover critical Feeld app vulnerabilities from our pentest. See how flaws in security controls expose personal data and learn key fixes.
๐ฅ9๐5๐คฃ5๐4โค1๐คฎ1
Android Bytecode Exploitation
Introduction (Part 1): https://lolcads.github.io/posts/2024/09/bytecode_exploitation_0/
Fundamentals (Part 2): https://lolcads.github.io/posts/2024/09/bytecode_exploitation_1/
Bytecode Injection (Part 3): https://lolcads.github.io/posts/2024/09/bytecode_exploitation_2/
Bytecode Reuse Attack (Part 4): https://lolcads.github.io/posts/2024/09/bytecode_exploitation_3/
Introduction (Part 1): https://lolcads.github.io/posts/2024/09/bytecode_exploitation_0/
Fundamentals (Part 2): https://lolcads.github.io/posts/2024/09/bytecode_exploitation_1/
Bytecode Injection (Part 3): https://lolcads.github.io/posts/2024/09/bytecode_exploitation_2/
Bytecode Reuse Attack (Part 4): https://lolcads.github.io/posts/2024/09/bytecode_exploitation_3/
lolcads tech blog
Introduction to Android Bytecode Exploitation (Part 1)
Introduction to Android Bytecode Exploitation (Part 1) Android resides among the most popular operating systems for mobile devices, which causes Android to also be among the most popular targets for exploitation. While Android is frequently updated to fixโฆ
๐ฅ21๐2๐2
Jailbreak your Enemies with a Link: Remote Execution on iOS
The Trident Exploit Chain deep-dive (Part I)
https://jacobbartlett.substack.com/p/jailbreak-enemies-with-a-link-remote-execution
The Trident Exploit Chain deep-dive (Part I)
https://jacobbartlett.substack.com/p/jailbreak-enemies-with-a-link-remote-execution
Jacobstechtavern
Jailbreak your Enemies with a Link: Remote Execution on iOS
The Trident Exploit Chain deep-dive (Part I)
๐ฅ26โค1๐1
Advanced Frida Usage Part 10 โ Instruction Tracing using Frida Stalker
https://8ksec.io/advanced-frida-usage-part-10-instruction-tracing-using-frida-stalker/
https://8ksec.io/advanced-frida-usage-part-10-instruction-tracing-using-frida-stalker/
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Advanced Frida Usage Part 10 โ Instruction Tracing using Frida Stalker - 8kSec
Welcome to another blog in the series of Advance Frida Usage. This blog post demonstrates how to use Fridaโs Stalker APIs to trace instructions as they execute in a app in real time.
๐16๐2
Exploiting Android Client WebViews with Help from HSTS
1-click account takeover vulnerability discovered in a popular Indonesian Android Tokopedia app
https://seanpesce.blogspot.com/2024/09/exploiting-android-client-webviews-with.html
1-click account takeover vulnerability discovered in a popular Indonesian Android Tokopedia app
https://seanpesce.blogspot.com/2024/09/exploiting-android-client-webviews-with.html
Blogspot
Exploiting Android Client WebViews with Help from HSTS
TL;DR I discovered a one-click account takeover vulnerability in a popular Indonesian Android app called Tokopedia . Th...
๐จ13๐ฅ3๐2๐1
0-Click exploit discovered in MediaTek Wi-Fi chipsets affects routers and smartphones (CVE-2024-20017).
Published PoC can be tested even from a smartphone
Technical details: https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html
PoC: https://github.com/mellow-hype/cve-2024-20017
Published PoC can be tested even from a smartphone
Technical details: https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html
PoC: https://github.com/mellow-hype/cve-2024-20017
๐11๐คฃ4โค2๐ฉ2๐คฎ1
Undetected Android Spyware Targeting Individuals In South Korea
https://cyble.com/blog/undetected-android-spyware-targeting-individuals-in-south-korea/
https://cyble.com/blog/undetected-android-spyware-targeting-individuals-in-south-korea/
๐ฅ12๐ฅฑ4๐ค3๐ด2๐1๐1
How the Necro Trojan infiltrated Google Play, again
https://securelist.com/necro-trojan-is-back-on-google-play/113881/
https://securelist.com/necro-trojan-is-back-on-google-play/113881/
Securelist
Necro Trojan infiltrates Google Play and Spotify and WhatsApp mods
Kaspersky experts have discovered a new version of the Necro Trojan, which has infected tens of thousands of Android devices through Google Play and Spotify and WhatsApp mods.
๐12โค4โก2๐1
Octo2: European Banks Already Under Attack by New Malware Variant
https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant
https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant
ThreatFabric
Octo2: European Banks Already Under Attack by New Malware Variant
ThreatFabric unveils the evolution of Octo2 malware, enhancing mobile banking security with sophisticated techniques and remote access capabilities.
๐ฅ9๐2๐2
A step-by-step guide to writing an iOS kernel exploit
https://alfiecg.uk/2024/09/24/Kernel-exploit.html
https://alfiecg.uk/2024/09/24/Kernel-exploit.html
Alfie CG
A step-by-step guide to writing an iOS kernel exploit
Introduction Memory management in XNU Page tables Physical use-after-free Exploitation strategy Heap spray Kernel memory read/write Conclusion Bonus: arm64e, PPL and SPTM
๐ฅ19๐2๐1
SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites
https://blog.sekoia.io/silentselfie-uncovering-a-major-watering-hole-campaign-against-kurdish-websites/
https://blog.sekoia.io/silentselfie-uncovering-a-major-watering-hole-campaign-against-kurdish-websites/
Sekoia.io Blog
SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites
Learn about the sophisticated campaign compromising Kurdish websites. Gain insights into the scale and variants used by malicious actors.
๐8๐ฅ1
WalletConnect Scam: A Case Study in Crypto Drainer Tactics
https://research.checkpoint.com/2024/walletconnect-scam-a-case-study-in-crypto-drainer-tactics/
https://research.checkpoint.com/2024/walletconnect-scam-a-case-study-in-crypto-drainer-tactics/
Check Point Research
Wallet Scam: A Case Study in Crypto Drainer Tactics - Check Point Research
Key takeaways Introduction Crypto drainers are malicious tools that steal digital assets like NFTs, and tokens from cryptocurrency wallets. They often use phishing techniques and leverage smart contracts to enhance their impact. Typically, users are trickedโฆ
๐8โค1๐คฉ1๐1๐พ1
This media is not supported in your browser
VIEW IN TELEGRAM
Hacking Kia: Remotely Controlling Cars With Just a License Plate
The vulnerability would've allowed an attacker to remotely control almost all vehicles made after 2013 using only the license plate
https://samcurry.net/hacking-kia
The vulnerability would've allowed an attacker to remotely control almost all vehicles made after 2013 using only the license plate
https://samcurry.net/hacking-kia
๐ฅ25๐ฑ6๐3๐2
How hackers can exploit Wi-Fi Captive Portals to distribute Android malware all from a smartphone using WifiPumpkin on NetHunter
https://www.mobile-hacker.com/2024/09/27/wifipumpkin3-integrated-into-nethunter-powerful-duo-allows-malware-distribution-via-captive-portal/
https://www.mobile-hacker.com/2024/09/27/wifipumpkin3-integrated-into-nethunter-powerful-duo-allows-malware-distribution-via-captive-portal/
Mobile Hacker
WiFiPumpkin3 integrated into NetHunter: Powerful Duo allows malware distribution via Captive Portal Mobile Hacker
WiFiPumpkin3 is a powerful framework designed for rogue access point attacks and network security testing. It allows security researchers, and red teamers to create fake Wi-Fi networks, custom captive portals, intercept traffic, and deploy phishing attacks.โฆ
๐19๐2
Examining Mobile Threats from Russia
https://blog.bushidotoken.net/2024/09/examining-mobile-threats-from-russia.html
https://blog.bushidotoken.net/2024/09/examining-mobile-threats-from-russia.html
blog.bushidotoken.net
Examining Mobile Threats from Russia
CTI, threat intelligence, OSINT, malware, APT, threat hunting, threat analysis, CTF, cybersecurity, security
๐16๐ฅ4๐2โค1๐1๐1
Analysis and PoC for CVE-2024-7965 vulnerability that allows to execute arbitrary code in the Google Chrome
It affects mostly Android smartphones and Apple laptops released after November 2020.
If hackers have an exploit to escape from the browser sandbox, they can gain full control over the browser application: read passwords and hijack user sessions.
Info: https://bi.zone/eng/expertise/blog/analiz-uyazvimosti-cve-2024-7965/
PoC: https://github.com/bi-zone/CVE-2024-7965
It affects mostly Android smartphones and Apple laptops released after November 2020.
If hackers have an exploit to escape from the browser sandbox, they can gain full control over the browser application: read passwords and hijack user sessions.
Info: https://bi.zone/eng/expertise/blog/analiz-uyazvimosti-cve-2024-7965/
PoC: https://github.com/bi-zone/CVE-2024-7965
BI.ZONE
Zooming in on CVE-2024-7965
We have analyzed the CVE-2024-7965 vulnerability that allows adversaries to execute arbitrary code in the Google Chrome renderer
๐ฅ11๐3โคโ๐ฅ2๐ฑ2
Forwarded from The Bug Bounty Hunter
Modern iOS Pentesting: No Jailbreak Needed - My Framer Site
https://dvuln.com/blog/modern-ios-pentesting-no-jailbreak-needed
https://dvuln.com/blog/modern-ios-pentesting-no-jailbreak-needed
Dvuln
Modern iOS Pentesting: No Jailbreak Needed - Dvuln
Dvuln is a specialist information security company founded by Australian cyber security specialists based out of Sydney, Melbourne and Brisbane
๐ฅ22๐5๐3๐ฅฑ2
The Dark Knight Returns: Android Joker Malware Analysis
https://cert.pl/posts/2024/10/analiza-joker/
https://cert.pl/posts/2024/10/analiza-joker/
cert.pl
Mroczny rycerz powraca: Analiza zลoลliwego oprogramowania Joker
Zespรณล CERT Polska zaobserwowaล w ostatnich tygodniach nowe prรณbki zลoลliwego oprogramowania na urzฤ
dzenia mobilne
๐ฅ9๐ด3๐ฅฑ2๐1