ThiefBot: A New Android Banking Trojan Targeting Turkish Banking Users
https://business.xunison.com/thiefbot-a-new-android-banking-trojan-targeting-turkish-banking-users/
https://business.xunison.com/thiefbot-a-new-android-banking-trojan-targeting-turkish-banking-users/
Google removes Android app that was used to spy on Belarusian protesters
https://www.zdnet.com/article/google-removes-android-app-that-was-used-to-spy-on-belarusian-protesters/
https://www.zdnet.com/article/google-removes-android-app-that-was-used-to-spy-on-belarusian-protesters/
ZDNet
Google removes Android app that was used to spy on Belarusian protesters
App mimicked a popular anti-government news site and collected location and device owner details.
Mobile threat statistics for Q2 2020 by Kaspersky
https://securelist.com/it-threat-evolution-q2-2020-mobile-statistics/98337/
https://securelist.com/it-threat-evolution-q2-2020-mobile-statistics/98337/
Securelist
IT threat evolution Q2 2020. Mobile statistics
According to Kaspersky Security Network, during the second quarter 1,245,894 malicious installers were detected and a total of 14,204,345 attacks on mobile devices were blocked.
India yesterday banned 118 Chinese apps
List of app in the link
https://drive.google.com/file/d/1NRcC49uKIvwA4-sDmubC5aC2LmHggKoG/view
List of app in the link
https://drive.google.com/file/d/1NRcC49uKIvwA4-sDmubC5aC2LmHggKoG/view
Android Permission (Notification Permission) Can Be Lethal [Android Malware Series]
https://youtu.be/PzhDEV7rpP0
https://youtu.be/PzhDEV7rpP0
YouTube
This Android Permission Can Be Lethal. [Android Malware Series]
In this video, I talk about how this Android Permission (Notification Permission) can steal almost all private data from victim's device without asking for any extra permission.
Many Android Malware uses this permission to perform various tasks like stealingβ¦
Many Android Malware uses this permission to perform various tasks like stealingβ¦
WhatsApp discloses six previously undisclosed flaws
https://www.whatsapp.com/security/advisories/2020/
https://www.whatsapp.com/security/advisories/2020/
WhatsApp.com
WhatsApp Security Advisories 2020
WhatsApp Security Advisories 2020 - List of security fixes for WhatsApp products
ARM64 Reversing and Exploitation
Part 1: https://highaltitudehacks.com/2020/09/05/arm64-reversing-and-exploitation-part-1-arm-instruction-set-heap-overflow/
Part 2: https://highaltitudehacks.com/2020/09/06/arm64-reversing-and-exploitation-part-2-use-after-free/
Part 3: https://highaltitudehacks.com/2020/09/06/arm64-reversing-and-exploitation-part-3-a-simple-rop-chain/
Part 1: https://highaltitudehacks.com/2020/09/05/arm64-reversing-and-exploitation-part-1-arm-instruction-set-heap-overflow/
Part 2: https://highaltitudehacks.com/2020/09/06/arm64-reversing-and-exploitation-part-2-use-after-free/
Part 3: https://highaltitudehacks.com/2020/09/06/arm64-reversing-and-exploitation-part-3-a-simple-rop-chain/
Forwarded from The Bug Bounty Hunter
TikTok Spyware (SpyNote) Analysis
https://www.zscaler.com/blogs/research/tiktok-spyware
https://www.zscaler.com/blogs/research/tiktok-spyware
Zscaler
Detailed Analysis of TikTok Spyware | Zscaler Blog
Recently, Zscaler analyzed another variant of this app portraying itself as TikTok Pro, but its a spyware with premium features to spy on victim with ease.
Android bypass SSL pinning using Frida
https://www.docdroid.net/file/download/zokUC70/android-ssl-pinning-pdf.pdf
https://www.docdroid.net/file/download/zokUC70/android-ssl-pinning-pdf.pdf
Three persistent and one theft of arbitrary files vulnerabilities have been discovered in the TikTok Android app
https://blog.oversecured.com/Oversecured-detects-dangerous-vulnerabilities-in-the-TikTok-Android-app/
https://blog.oversecured.com/Oversecured-detects-dangerous-vulnerabilities-in-the-TikTok-Android-app/
News, Techniques & Guides
Oversecured detects dangerous vulnerabilities in the TikTok Android app
Oversecured has once again uncovered high-severity vulnerabilities, this time in the TikTok app. The app contained one vulnerability to theft of arbitrary files with user interaction and three to persistent arbitrary code execution.
Billions of devices vulnerable to new 'BLESA' Bluetooth security flaw
https://www.zdnet.com/google-amp/article/billions-of-devices-vulnerable-to-new-blesa-bluetooth-security-flaw/
https://www.zdnet.com/google-amp/article/billions-of-devices-vulnerable-to-new-blesa-bluetooth-security-flaw/
ZDNET
Billions of devices vulnerable to new 'BLESA' Bluetooth security flaw
New BLESA attack goes after the often ignored Bluetooth reconnection process, unlike previous vulnerabilities, most found in the pairing operation.
Vulnerability that allows to persistently launch Intent on every device on the same LAN that had vulnerable version of Firefox for Android (68.11.0 and below)
Report: https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/firefox-android-2020
PoC code: https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/blob/master/firefox-android-2020/ffssdp.py
Report: https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/firefox-android-2020
PoC code: https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/blob/master/firefox-android-2020/ffssdp.py
GitLab
firefox-android-2020 Β· master Β· GitLab.com / GitLab Security Division / Security Operations Department / Red Team / Red Team Publicβ¦
As we come across interesting things that we want to share with the community we will document them here as a tech note.
Rampant Kitten β An Iranian Espionage Campaign (including Android component)
https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/
https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/
Check Point Research
Rampant Kitten - An Iranian Espionage Campaign - Check Point Research
Introduction Check Point Research unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchersβ¦
π1
Locating the Trojan inside an infected COVID-19 contact tracing app
https://medium.com/@cryptax/locating-the-trojan-inside-an-infected-covid-19-contact-tracing-app-21e23f90fbfe
https://medium.com/@cryptax/locating-the-trojan-inside-an-infected-covid-19-contact-tracing-app-21e23f90fbfe
Medium
Locating the Trojan inside an infected COVID-19 contact tracing app
An italian company, SoftMining, developed an Android COVID-19 contact tracing application βSM-COVID-19β. Unfortunately, malware authorsβ¦
Exploitation of LAN vulnerability found in Firefox for Android [demo]
I tested this PoC exploit on 3 devices on same wifi network, it worked pretty well.
I was able to open custom URL on every smartphone using vulnerable Firefox (68.11.0 and below).
https://twitter.com/LukasStefanko/status/1307013106615418883
I tested this PoC exploit on 3 devices on same wifi network, it worked pretty well.
I was able to open custom URL on every smartphone using vulnerable Firefox (68.11.0 and below).
https://twitter.com/LukasStefanko/status/1307013106615418883
iOS and Android scam apps spreading via TikTok
https://blog.avast.com/scam-apps-spreading-via-tiktok-avast
https://blog.avast.com/scam-apps-spreading-via-tiktok-avast
Avast
iOS and Android scam apps spreading via TikTok
After a 12-year-old girl reported a rogue app circulating on TikTok to Avast, our team found a total of seven adware scam apps available on both the Google Play Store and the Apple App Store.