Police in India warns about 'wedding card scam' Android malware being distributed via WhatsApp
[Does anyone here has this malware sample to share? If so, please post a comment or send me a message. Thanks!]
https://www.msn.com/en-in/money/news/police-of-the-four-biggest-states-in-india-warn-about-this-wedding-card-scam-on-whatsapp-that-people-have-lost-lakhs-to/ar-AA1uLCma
[Does anyone here has this malware sample to share? If so, please post a comment or send me a message. Thanks!]
https://www.msn.com/en-in/money/news/police-of-the-four-biggest-states-in-india-warn-about-this-wedding-card-scam-on-whatsapp-that-people-have-lost-lakhs-to/ar-AA1uLCma
π13β€1π©1
Introduction to Fuzzing Android Native Components using tools like AFL++ and QEMU
https://blog.convisoappsec.com/en/introduction-to-fuzzing-android-native-components/
https://blog.convisoappsec.com/en/introduction-to-fuzzing-android-native-components/
Conviso AppSec
Introduction to Fuzzing Android Native Components
Discover how fuzzing can identify critical vulnerabilities in native Android components, strengthening device security.
π₯14π2π1π©1
Forwarded from The Bug Bounty Hunter
( Ν‘ββ―_ Ν‘β)π
Android's CVE-2020-0238 (AccountTypePreferenceLoader)
Note: This is part of my @vr_progress journal. Also, subscribe to my new @SideQuest_256 channel and I might post videos about the Android journey too :D This is a story about how I wasted my weekend over a bug that was categorized as a High/EoP but then couldnβtβ¦
π12π2β€1
The Ultimate Handheld Hacking Device - My Experience with NetHunter
https://andy.codes/blog/security_articles/2024-11-27-the-ultimate-handheld-hacking-device.html
https://andy.codes/blog/security_articles/2024-11-27-the-ultimate-handheld-hacking-device.html
andy.codes
2024-11-27 - The Ultimate Handheld Hacking Device - My Experience with NetHunter - Andy's Cave
This page is a collection of my security research, and other infosec-related activities.
π8β€4π2
This media is not supported in your browser
VIEW IN TELEGRAM
How to build portable hacking lab and control it with a smartphone
https://www.mobile-hacker.com/2024/10/04/portable-hacking-lab-control-the-smallest-kali-linux-with-a-smartphone/
https://www.mobile-hacker.com/2024/10/04/portable-hacking-lab-control-the-smallest-kali-linux-with-a-smartphone/
π18β€5
Cybercriminals Use NFC Relay to Turn Stolen Credit Cards into Cash without a PIN
https://www.mobile-hacker.com/2024/12/02/cybercriminals-use-nfc-relay-to-turn-stolen-credit-cards-into-cash-without-a-pin/
https://www.mobile-hacker.com/2024/12/02/cybercriminals-use-nfc-relay-to-turn-stolen-credit-cards-into-cash-without-a-pin/
Mobile Hacker
Cybercriminals Use NFC Relay to Turn Stolen Credit Cards into Cash without a PIN Mobile Hacker
ThreatFabric has identified a new cash-out tactic that wasnβt seen before called βGhost Tapβ, which cybercriminals use to exploit stolen credit card details linked to mobile payment services like Google Pay and Apple Pay. This method involves relaying NFCβ¦
π14π₯2β€1
Android Flutter malware analysis by Axelle Apvrille (Fortinet)
Presentation: https://youtu.be/K9Ekxo-K_QY?si=W-QhYvcVEYxTCKwz
Slides: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/slides/Slides-Android-Flutter-malware.pdf
Paper: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/papers/Android-Flutter-malware.pdf
Presentation: https://youtu.be/K9Ekxo-K_QY?si=W-QhYvcVEYxTCKwz
Slides: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/slides/Slides-Android-Flutter-malware.pdf
Paper: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/papers/Android-Flutter-malware.pdf
YouTube
Android Flutter malware - Axelle Apvrille (Fortinet)
Presented at the VB2024 conference in Dublin, 2 - 4 October 2024.
β Slides: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/slides/Slides-Android-Flutter-malware.pdf
β Paper: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/papers/Androidβ¦
β Slides: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/slides/Slides-Android-Flutter-malware.pdf
β Paper: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/papers/Androidβ¦
π17β2π₯1
DroidBot: Insights from a new Turkish MaaS fraud operation
https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation?s=03
https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation?s=03
Cleafy
DroidBot: Insights from a new Turkish MaaS fraud operation | Cleafy Labs
Cleafy Labs reveals DroidBot, a new Android Remote Access Trojan targeting banks, crypto exchanges, and national organisations in Europe and beyond. Learn how it operates with dual-channel communication and evolving tactics. Read here the full report.
π13β€3
Automatically decode Android apps and searche for secrets
https://trufflesecurity.com/blog/cracking-open-apk-files-at-scale
https://trufflesecurity.com/blog/cracking-open-apk-files-at-scale
Trufflesecurity
Cracking Open APK Files at Scale β Truffle Security Co.
TruffleHog now automatically decodes Android Package Kit (APK) files and searches them for secrets. It runs ~9x faster than using an external decompiler before calling TruffleHog.
π19β€7π₯3
Trying to exploit my old Android using CVE-2020-0401 (PackageManagerService)
https://pwner.gg/blog/Android's-CVE-2020-0401
https://pwner.gg/blog/Android's-CVE-2020-0401
( Ν‘ββ―_ Ν‘β)π
Android's CVE-2020-0401 (PackageManagerService)
Note This is another attempt in my Android Side Quest (the previous one was Androidβs CVE-2020-0238). Intro While digging around through my old gadgets, I found my ancient OnePlus phone that had been gathering dust in a drawer.
π20
Malimite: iOS decompiler designed to analyze and decode IPA files
Built on top of Ghidra to offer direct support for Swift, Objective-C, and iOS resources
https://github.com/LaurieWired/Malimite
Built on top of Ghidra to offer direct support for Swift, Objective-C, and iOS resources
https://github.com/LaurieWired/Malimite
GitHub
GitHub - LaurieWired/Malimite: iOS and macOS Decompiler
iOS and macOS Decompiler. Contribute to LaurieWired/Malimite development by creating an account on GitHub.
π₯22π₯°4β€3
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaurβs Multi-Platform Attacks
https://www.trendmicro.com/en_us/research/24/l/earth-minotaur.html
https://www.trendmicro.com/en_us/research/24/l/earth-minotaur.html
Trend Micro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaurβs Multi-Platform Attacks
π14
Android smartphone Confiscated by Russian Authorities Returned with Monokle-Type Spyware Installed
https://citizenlab.ca/2024/12/device-confiscated-by-russian-authorities-returned-with-monokle-type-spyware-installed/
https://citizenlab.ca/2024/12/device-confiscated-by-russian-authorities-returned-with-monokle-type-spyware-installed/
The Citizen Lab
Something to Remember Us By
In a joint investigation with The First Department, The Citizen Lab uncovered spyware covertly implanted on the phone of a Russian programmer following his release from Russian custody. The Monokle-like spyware allows an operator to track the deviceβs locationβ¦
π13π₯2
Deobfuscate Android App: LLM tool to find any potential security vulnerabilities in Android apps and deobfuscate Android app code
https://github.com/In3tinct/deobfuscate-android-app
https://github.com/In3tinct/deobfuscate-android-app
GitHub
GitHub - In3tinct/Androidmeda: LLM tool to deobfuscate android app and find any potential vulnerabilities in android apps and β¦
LLM tool to deobfuscate android app and find any potential vulnerabilities in android apps and code. - In3tinct/Androidmeda
π₯25
OWApp Benchmark Suite: A comprehensive framework designed to automate and enhance the benchmarking process for mobile applications, particularly within the context of security analysis
https://github.com/Mobile-IoT-Security-Lab/OWApp-Benchmarking-Suite
https://github.com/Mobile-IoT-Security-Lab/OWApp-Benchmarking-Suite
GitHub
GitHub - Mobile-IoT-Security-Lab/OWApp-Benchmarking-Suite: The OWApp Benchmark: an OWASP-compliant Vulnerable Android App Dataset
The OWApp Benchmark: an OWASP-compliant Vulnerable Android App Dataset - Mobile-IoT-Security-Lab/OWApp-Benchmarking-Suite
π₯12π4
AppLite: A New AntiDot Variant Targeting Mobile Employee Devices
https://www.zimperium.com/blog/applite-a-new-antidot-variant-targeting-mobile-employee-devices/
https://www.zimperium.com/blog/applite-a-new-antidot-variant-targeting-mobile-employee-devices/
Zimperium
AppLite: A New AntiDot Variant Targeting Mobile Employee Devices
true
π₯17
EagleMsgSpy: New Chinese Android Surveillance Tool Used by Public Security Bureaus
https://www.lookout.com/threat-intelligence/article/eaglemsgspy-chinese-android-surveillanceware
https://www.lookout.com/threat-intelligence/article/eaglemsgspy-chinese-android-surveillanceware
Lookout
Lookout Discovers New Chinese Surveillance Tool Used by Public Security | Threat Intel
Lookout researchers have discovered a new Chinese surveillance family used by Chinese law enforcement to collect extensive information from mobile devices.
π12
Mobile Threat Landscape Report by Lookout in Q3 2024
-10 Most Common Mobile Browser Vulnerabilities
-5 Most Common Mobile App Vulnerabilities
-10 Most Encountered Malware Families in Q3 2024
https://www.lookout.com/threat-intelligence/report/q3-2024-mobile-landscape-threat-report-copy
-10 Most Common Mobile Browser Vulnerabilities
-5 Most Common Mobile App Vulnerabilities
-10 Most Encountered Malware Families in Q3 2024
https://www.lookout.com/threat-intelligence/report/q3-2024-mobile-landscape-threat-report-copy
Lookout
2024 Q3 Mobile Landscape Threat Report Copy
Learn about new Russian and Chinese mobile surveillanceware, how iOS is at significantly higher risk than Android, and why mobile phishing is the biggest problem right now.
π11β€6
Bluetooth and Wi-Fi Jamming using Flipper Zero
https://www.mobile-hacker.com/2024/12/12/bluetooth-and-wi-fi-jamming-using-flipper-zero/
https://www.mobile-hacker.com/2024/12/12/bluetooth-and-wi-fi-jamming-using-flipper-zero/
Mobile Hacker
Bluetooth and Wi-Fi Jamming using Flipper Zero
Jamming is a technique used to disrupt wireless communications by overwhelming the signal with interference. This blog post explores the concept of jamming using Flipper Zero, how it works, its applications, and the legal considerations surrounding its use.β¦
π₯19β€3π3
BoneSpy and PlainGnome: Two Russian Android Spyware Families Discovered and Connected to Gamaredon APT
https://www.lookout.com/threat-intelligence/article/gamaredon-russian-android-surveillanceware
https://www.lookout.com/threat-intelligence/article/gamaredon-russian-android-surveillanceware
Lookout
Lookout Discovers PlainGnome and Bonespy Uzbek Android spyware | Threat Intel
Researchers at the Lookout Threat Lab have discovered two Android surveillance families dubbed BoneSpy and PlainGnome attributed to Uzbekistan's State Security Service
π10
A New Android Banking Trojan Masquerades as Utility and Banking Apps in India
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india/
McAfee Blog
A New Android Banking Trojan Masquerades as Utility and Banking Apps in India | McAfee Blog
Authored by Dexter Shin Over the years, cyber threats targeting Android devices have become more sophisticated and persistent. Recently, McAfee Mobile
π10π€2π₯±2