Universal Android Debloater Next Generation
Cross-platform GUI written in Rust using ADB to debloat non-rooted #Android devices. Improve your privacy, the security and battery life of your device.
https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation
This is a detached fork of the UAD project, which aims to improve privacy and battery performance by removing unnecessary and obscure system apps. This can also contribute to improving security by reducing the attack surface.
Wiki
https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation/wiki
Download
https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation/releases
#debloater #uadng
Cross-platform GUI written in Rust using ADB to debloat non-rooted #Android devices. Improve your privacy, the security and battery life of your device.
https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation
This is a detached fork of the UAD project, which aims to improve privacy and battery performance by removing unnecessary and obscure system apps. This can also contribute to improving security by reducing the attack surface.
Wiki
https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation/wiki
Download
https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation/releases
#debloater #uadng
GitHub
GitHub - Universal-Debloater-Alliance/universal-android-debloater-next-generation: Cross-platform GUI written in Rust using ADB…
Cross-platform GUI written in Rust using ADB to debloat non-rooted Android devices. Improve your privacy, the security and battery life of your device. - Universal-Debloater-Alliance/universal-andr...
Safe Space (A safe space for your digital valuables.)
Safe space is an app that creates a separate place on your android device to store valuable files. This storage location is not visible to other apps and is encrypted by the system by default.
Features:
* Store files in a secure storage location that is not visible to other apps and is secured by device encryption and system authentication (Biometric and PIN/Pattern/Password)
* Open Images, Audio, Video, PDF documents and plain text documents
* Create simple text notes without leaving the app
* Dark and light mode
* ability to copy and move files
* Import from and export files to external storage without storage permissions
* Completely offline with no telemetry and data collection
https://f-droid.org/packages/org.privacymatters.safespace
#Android #Security #Privacy
#EncryptedFiles
Safe space is an app that creates a separate place on your android device to store valuable files. This storage location is not visible to other apps and is encrypted by the system by default.
Features:
* Store files in a secure storage location that is not visible to other apps and is secured by device encryption and system authentication (Biometric and PIN/Pattern/Password)
* Open Images, Audio, Video, PDF documents and plain text documents
* Create simple text notes without leaving the app
* Dark and light mode
* ability to copy and move files
* Import from and export files to external storage without storage permissions
* Completely offline with no telemetry and data collection
https://f-droid.org/packages/org.privacymatters.safespace
#Android #Security #Privacy
#EncryptedFiles
Forwarded from Pegasus NSO & other spyware
Android Malware Vultur Expands Its Wingspan | NCC Group Research Blog
Via @androidMalware
#Android #Malware #Vultur
The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim’s mobile device.
Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that are decrypted on the fly, and using the guise of legitimate applications to carry out its malicious actions.
Via @androidMalware
#Android #Malware #Vultur
UpgradeAll
Check updates for Android apps, Magisk modules and more
Free and open source software which simplifies the process of finding updates for Android apps (even if you didn't install them), Magisk modules and more. The main focus is on speed and ease of use, which is widely appreciated by users.
Currently, the following sources are officially supported:
Github
Gitlab
F-Droid
Play Store
Coolapk
Source List
https://github.com/DUpdateSystem/UpgradeAll
Telegram channel: https://t.me/upallci
Discussions:
https://t.me/DUpdateSystem
https://matrix.to/#/#upgradeall:matrix.org
https://jq.qq.com/?_wv=1027&k=ZAOtKhuH
Download
https://github.com/DUpdateSystem/UpgradeAll/releases
https://f-droid.org/packages/net.xzos.upgradeall/
#apk #android #upgrade #update
Check updates for Android apps, Magisk modules and more
Free and open source software which simplifies the process of finding updates for Android apps (even if you didn't install them), Magisk modules and more. The main focus is on speed and ease of use, which is widely appreciated by users.
Currently, the following sources are officially supported:
Github
Gitlab
F-Droid
Play Store
Coolapk
Source List
https://github.com/DUpdateSystem/UpgradeAll
Telegram channel: https://t.me/upallci
Discussions:
https://t.me/DUpdateSystem
https://matrix.to/#/#upgradeall:matrix.org
https://jq.qq.com/?_wv=1027&k=ZAOtKhuH
Download
https://github.com/DUpdateSystem/UpgradeAll/releases
https://f-droid.org/packages/net.xzos.upgradeall/
#apk #android #upgrade #update
Forwarded from Pegasus NSO & other spyware
eXotic Visit campaign: Tracing the footprints of Virtual Invaders | We Live Security
Via @androidMalware
#Android #Espionage #XploitSPY #India #Pakistan
ESET researchers have discovered an active espionage campaign targeting Android users with apps primarily posing as messaging services. While these apps offer functional services as bait, they are bundled with open-source XploitSPY malware. We have named this campaign eXotic Visit and have tracked its activities from November 2021 through to the end of 2023. The targeted campaign has been distributing malicious Android apps through dedicated websites and, for some time, through the Google Play store as well.
Via @androidMalware
#Android #Espionage #XploitSPY #India #Pakistan
Forwarded from Pegasus NSO & other spyware
Playing Possum: What's the Wpeeper Backdoor Up To? | XLab_qianxin
Via @androidmalware
#Android #Trojan #Possum #Wpeeper
#WordPress
On April 18, 2024, XLab's threat hunting system detected an ELF file with zero detections on VirusTotal being distributed through two different domains. One of the domains was marked as malicious by three security firms, while the other was recently registered and had no detections, drawing our attention. Upon analysis, we confirmed that this ELF was malware targeting Android systems, utilizing compromised WordPress sites as relay C2 servers, and we named it Wpeeper.
Wpeeper is a typical backdoor Trojan for Android systems, supporting functions such as collecting sensitive device information, managing files and directories, uploading and downloading, and executing commands.Via @androidmalware
#Android #Trojan #Possum #Wpeeper
#WordPress
Forwarded from Pegasus NSO & other spyware
Becoming any Android app via Zygote command injection | Meta Red Team X
#Zygote #Android #Vulnerability
We have discovered a vulnerability in Android that allows an attacker with the WRITE_SECURE_SETTINGS permission, which is held by the ADB shell and certain privileged apps, to execute arbitrary code as any app on a device. By doing so, they can read and write any app’s data, make use of per-app secrets and login tokens, change most system configuration, unenroll or bypass Mobile Device Management, and more. Our exploit involves no memory corruption, meaning it works unmodified on virtually any device running Android 9 or later, and persists across reboots.#Zygote #Android #Vulnerability
Security flaw found in #android's WRITESECURESETTINGS showing attackers access to any app's data
https://rtx.meta.security/exploitation/2024/06/03/Android-Zygote-injection.html
#vulnerability
https://rtx.meta.security/exploitation/2024/06/03/Android-Zygote-injection.html
#vulnerability
Meta Red Team X
Becoming any Android app via Zygote command injection
We have discovered a vulnerability in Android that allows an attacker with the WRITE_SECURE_SETTINGS permission, which is held by the ADB shell and certain privileged apps, to execute arbitrary code as any app on a device. By doing so, they can read and write…
Forwarded from Pegasus NSO & other spyware
Arid Viper poisons Android apps with AridSpy | WeLiveSecurity
Via @androidmalware
#Palestine #Egypt #AridSpy #Android
#Trojan #AridViper #APT
ESET researchers have identified five campaigns targeting Android users with trojanized apps. Most probably carried out by the Arid Viper APT group, these campaigns started in 2022 and three of them are still ongoing at the time of the publication of this blogpost. They deploy multistage Android spyware, which we named AridSpy, that downloads first- and second-stage payloads from its C&C server to assist it avoiding detection.
The malware is distributed through dedicated websites impersonating various messaging apps, a job opportunity app, and a Palestinian Civil Registry app. Often these are existing applications that had been trojanized by the addition of AridSpy’s malicious code.
Via @androidmalware
#Palestine #Egypt #AridSpy #Android
#Trojan #AridViper #APT
Free Android VPN Security Flaws: 100 Apps Tested
I tested the 100 most popular free VPNs in the Google Play store and found significant security and privacy flaws affecting Android apps that have been installed over 2.5 billion times worldwide.
#Android #VPN #Infosec
I tested the 100 most popular free VPNs in the Google Play store and found significant security and privacy flaws affecting Android apps that have been installed over 2.5 billion times worldwide.
#Android #VPN #Infosec
Forwarded from Pegasus NSO & other spyware
Beware of Snowblind: A new Android malware
Snowblind : A new Android malware abuses security feature to bypass security
Demo : YT link ( Invidious is broken !)
Via @androidmalware
#Android #Malware #Snowblind #Trojan
Snowblind : A new Android malware abuses security feature to bypass security
In early 2024, our partner i-Sprint provided a sample of a new Android banking trojan we have named Snowblind. Our analysis of Snowblind found that it uses a novel technique to attack Android apps based on the Linux kernel feature seccomp. Android uses seccomp to sandbox applications and limit the system calls they can make. This is intended as security feature that makes it harder for malicious apps to compromise the device.
However, Snowblind misuses seccomp as an attack vector to be able to attack applications. We have not seen seccomp being used as an attack vector before and we were surprised how powerful and versatile it can be if used maliciously.
Demo : YT link ( Invidious is broken !)
Via @androidmalware
#Android #Malware #Snowblind #Trojan
FUTO Keyboard
Keyboard being developed, forked from the AOSP keyboard.
The goal is to create a good, customizable keyboard that doesn't sacrifice on privacy or freedoms.
If you're testing this, please join either the Discord server or the FUTO chat. Your feedback is valuable during this testing period
https://keyboard.futo.org
https://gitlab.futo.org/alex/keyboard-wiki/-/wikis/FUTO-Keyboard
https://github.com/futo-org/android-keyboard/issues
#futo #android #keyboard
Keyboard being developed, forked from the AOSP keyboard.
The goal is to create a good, customizable keyboard that doesn't sacrifice on privacy or freedoms.
If you're testing this, please join either the Discord server or the FUTO chat. Your feedback is valuable during this testing period
https://keyboard.futo.org
https://gitlab.futo.org/alex/keyboard-wiki/-/wikis/FUTO-Keyboard
https://github.com/futo-org/android-keyboard/issues
#futo #android #keyboard
GitLab
FUTO Keyboard · Wiki · Aleksandras Kostarevas / keyboard-wiki · GitLab
GitLab Enterprise Edition
Forwarded from Pegasus NSO & other spyware
Untangling Android/TangleBot. We dig in a malicious sample of… | Cryptax
Via @androidmalware
#Android #RAT #TangleBot #BankBot
We dig in a malicious sample of Android/TangleBot of May 2024. TangleBot is also reported as a BankBot, although it is more an Android RAT currently than a banking trojan. It is also known as Medusa, but I prefer not to use this name, as this confuses the Android malware with a Windows ransomware, or with the non-malicious and useful hacking tool Medusa.
An excellent analysis of TangleBot is available here. I invite you to read it to understand the history of TangleBot, how much the new versions have changed, who they target and what they do.
In this blog post, I will focus on something different: how to analyze the sample, and how it is implemented.Via @androidmalware
#Android #RAT #TangleBot #BankBot