Android Icon-hiding Adware found on Google Play

Seven apps with altogether over 700,000 installs.
https://twitter.com/s_metanka/status/1155824374177587201

HiddenAd Adware with 500,000 installs found on Google Play
https://twitter.com/ESETresearch/status/1156551255701020672?s=19

Introducing new #Android #malware analysis platform!
Upload APK, detect malware and grab its configuration.
Currently open for trusted researchers only.
https://www.apkdetect.com/

Riltok - Android banking Trojan spreads in France 🇫🇷 via SMS
https://twitter.com/benkow_/status/1165905380402171905?s=19

Fake VPN app found on Google Play can download and install additional apps.
https://twitter.com/m0br3v/status/1166680295023812609?s=19

Two spy apps that steal contact list found on Google Play with 110+ installs
https://twitter.com/s_metanka/status/1181192866875559936

New Joker Trojan app with 100,000+ installs found on Google Play
https://twitter.com/s_metanka/status/1181592422796664837

RCE Vulnerability found in Android
CVE-2019-2205 - memory corruption due to a use after free could lead to RCE
It was fixed in the latest Android Security Bulletin—November 2019. Update!
https://www.nowsecure.com/blog/2019/11/13/nowsecure-discovers-critical-android-vuln-that-may-lead-to-remote-code-execution/

What a interesting vulnerability in HockeyApp platform #Android #iOS #BugBounty

Leaked API key allowed:
-fetch internal employee contacts
-distribute #malware directly to devices of organization employees as internal app update

+PoC Metasploit scenario
https://www.allysonomalley.com/2020/01/06/saying-goodbye-to-my-favorite-5-minute-p1/

What to Look for When Reverse Engineering Android Apps
https://www.nowsecure.com/blog/2020/02/26/what-to-look-for-when-reverse-engineering-android-apps/

Patched and malicious Zoom Android apps
https://labs.bitdefender.com/2020/03/infected-zoom-apps-for-android-target-work-from-home-users/

Android SLocker uses Coronavirus scare to lock smartphones
https://labs.bitdefender.com/2020/05/android-slocker-variant-uses-coronavirus-scare-to-take-android-hostage/

Android Malware in COVID-19 Clothes Steals SMS and Contacts
https://labs.bitdefender.com/2020/05/android-malware-in-covid-19-clothes-steals-sms-and-contacts/

Apps on Google Play Tainted with Cerberus Banker Malware
https://labs.bitdefender.com/2020/09/apps-on-google-play-tainted-with-cerberus-banker-malware/

A Year in Review of 0-days Used In-the-Wild in 2021 by Google
In 2021 there were 7 #Android in-the-wild 0-days detected and disclosed:
- Qualcomm Adreno GPU driver (CVE-2020-11261, CVE-2021-1905, CVE-2021-1906)
- ARM Mali GPU driver (CVE-2021-28663, CVE-2021-28664)
- Upstream Linux kernel (CVE-2021-1048, CVE-2021-0920)

For the 5 total #iOS and macOS in-the-wild 0-days, they targeted 3 different attack surfaces:
- IOMobileFrameBuffer (CVE-2021-30807, CVE-2021-30883)
- XNU Kernel (CVE-2021-1782 & CVE-2021-30869)
- CoreGraphics (CVE-2021-30860)
- CommCenter (FORCEDENTRY sandbox escape - CVE requested, not yet assigned)
https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html

Spyware vendor targets users in Italy and Kazakhstan #Android #iOS #Hermit
https://blog.google/threat-analysis-group/italian-spyware-vendor-targets-users-in-italy-and-kazakhstan/

Bypassing Frida detection in Android
https://www.youtube.com/watch?v=M0ETKs6DZn8

Emulating Android native library to decrypt strings using Qiling Framework
https://youtu.be/R1zWh3fbY24

Bypassing advance root detections using Frida
Techniques learned from video:
-presence of SU binary
-SELinux policies
-mountinfo
-attr/prev
-looking for SU bin paths using Supervisor calls

Video: https://youtu.be/7KqPwxlA-00
Scripts and POCs: https://github.com/fatalSec/in-app-protections