PixRevolution: The Agent-Operated Android Trojan Hijacking Brazilβs PIX Payments in Real Time
https://zimperium.com/blog/pixrevolution-the-agent-operated-android-trojan-hijacking-brazils-pix-payments-in-real-time
https://zimperium.com/blog/pixrevolution-the-agent-operated-android-trojan-hijacking-brazils-pix-payments-in-real-time
Zimperium
PixRevolution: The Agent-Operated Android Trojan Hijacking Brazilβs PIX Payments in Real Time
true
π₯8β€4π2
Using the GBL exploit to bootloader unlock the Xiaomi 17 series
https://www.androidauthority.com/qualcomm-snapdragon-8-elite-gbl-exploit-bootloader-unlock-3648651/
https://www.androidauthority.com/qualcomm-snapdragon-8-elite-gbl-exploit-bootloader-unlock-3648651/
Android Authority
New Qualcomm exploit chain brings bootloader unlocking freedom to Android flagships
A new exploit, dubbed "Qualcomm GBL exploit," is being chained with other exploits to bring bootloader unlocking to several flagship phones.
π15π₯8β€5
PulseAPK: Cross-Platform GUI for APK Decompilation, Analysis, and Recompilation
https://github.com/deemoun/PulseAPK-Core
https://github.com/deemoun/PulseAPK-Core
GitHub
GitHub - deemoun/PulseAPK-Core: PulseAPK Core: Cross-Platform tool for working with APK files
PulseAPK Core: Cross-Platform tool for working with APK files - deemoun/PulseAPK-Core
β€16π₯6π4π2π€‘1π1
This media is not supported in your browser
VIEW IN TELEGRAM
Analysis of RCE of Xiaomi C400 camera by exploiting Vulnerability #1 and #3 combined together. Vulnerabilities are not patched!
Vulnerability #1: Xiaomi - miIO Protocol Authentication Bypass
Vulnerability #2: Xiaomi - miIO client cryptographically weak PRNG
Vulnerability #3: miIO client heap buffer overflow
Analysis: https://labs.taszk.io/articles/post/nowyouseemi/
Exploits and jailbreak for Xiaomi Smart Cameras: https://github.com/TaszkSecLabs/xiaomi-c400-pwn
Vulnerability #1: Xiaomi - miIO Protocol Authentication Bypass
Vulnerability #2: Xiaomi - miIO client cryptographically weak PRNG
Vulnerability #3: miIO client heap buffer overflow
Analysis: https://labs.taszk.io/articles/post/nowyouseemi/
Exploits and jailbreak for Xiaomi Smart Cameras: https://github.com/TaszkSecLabs/xiaomi-c400-pwn
π18
Taking Apart iOS Apps: Anti-Debugging and Anti-Tampering in the Wild
https://blog.calif.io/p/taking-apart-ios-apps-anti-debugging
https://blog.calif.io/p/taking-apart-ios-apps-anti-debugging
blog.calif.io
Taking Apart iOS Apps: Anti-Debugging and Anti-Tampering in the Wild
Table Of Contents
β€12π3
Weaponizing LSPosed: Remote SMS Injection and Identity Spoofing in Modern Payment Ecosystems
https://www.cloudsek.com/blog/weaponizing-lsposed-remote-sms-injection-and-identity-spoofing-in-modern-payment-ecosystems-2
https://www.cloudsek.com/blog/weaponizing-lsposed-remote-sms-injection-and-identity-spoofing-in-modern-payment-ecosystems-2
Cloudsek
Weaponizing LSPosed: Remote SMS Injection and Identity Spoofing in Modern Payment Ecosystems | CloudSEK
LSPosed, a powerful framework for rooted Android devices, has been weaponized by attackers to remotely inject fraudulent SMS messages and spoof user identities in modern payment ecosystems. This report exposes a critical vulnerability: the exploitation ofβ¦
π9π€3π2π₯1
Oblivion RAT - An Android Spyware Platform With a Built-In APK Factory
https://iverify.io/blog/oblivion-rat-android-spyware-analysis
https://iverify.io/blog/oblivion-rat-android-spyware-analysis
iverify.io
Oblivion RAT - An Android Spyware Platform With a Built-In APK Factory
Technical analysis of Oblivion RAT Android malware: $300/month MaaS platform with APK builder, AccessibilityService hijacking, and fake ZIP encryption.
β€10π2π₯1
The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/
Google Cloud Blog
The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors | Google Cloud Blog
DarkSword is a new iOS exploit chain that leverages multiple zero-day vulnerabilities to fully compromise iOS devices.
π8β€3π₯2
Perseus: DTO malware that takes notes
https://www.threatfabric.com/blogs/perseus-dto-malware-that-takes-notes
https://www.threatfabric.com/blogs/perseus-dto-malware-that-takes-notes
ThreatFabric
Perseus: DTO malware that takes notes
Perseus is a new Device Takeover (DTO) malware family that specifically looks for user-generated content stored in note taking applications.
π₯10β€3
Decompiling an Android Application Written in .NET MAUI 9 (Xamarin)
https://mwalkowski.com/post/decompiling-an-android-application-written-in-net-maui-9-xamarin/
https://mwalkowski.com/post/decompiling-an-android-application-written-in-net-maui-9-xamarin/
MichaΕ Walkowski
Decompiling an Android Application Written in .NET MAUI 9 (Xamarin) | MichaΕ Walkowski
.NET MAUI, as the successor to Xamarin, enables the development of cross-platform applications, including Android, using C#. In previous versions (up to .NET MAUI 8), applications stored their DLL libraries in assemblies.blob and assemblies.manifest filesβ¦
π11π1
SSL pinning bypass setup for iOS (No Jailbreak) using OpenVPN + iptables traffic redirection to proxy (Burp Suite / mitmproxy)
https://github.com/SahilH4ck4you/iOS-SSL-pinning-bypass-without-jalibreak
https://github.com/SahilH4ck4you/iOS-SSL-pinning-bypass-without-jalibreak
GitHub
GitHub - SahilH4ck4you/iOS-SSL-pinning-bypass-without-jalibreak: SSL pinning bypass setup for iOS (No Jailbreak) using OpenVPNβ¦
SSL pinning bypass setup for iOS (No Jailbreak) using OpenVPN + iptables traffic redirection to proxy (Burp Suite / mitmproxy) - SahilH4ck4you/iOS-SSL-pinning-bypass-without-jalibreak
π€‘7π4π2π©2β‘1π₯±1