Forwarded from Pegasus NSO & other spyware
Coper / Octo - A Conductor for Mobile Mayhem… With Eight Limbs? | Team Cymru
#Android #MAS #Exobot #Keylogging #Malware #RemoteAccess #SMS #Coper #Octo
Coper, a descendant of the Exobot malware family, was first observed in the wild in July 2021, targeting Colombian Android users. At that time, Coper (the Spanish translation of “Copper”) was distributed as a fake version of Bancolombia’s “Personas'' application.
The malware offers a variety of advanced features, including keylogging, interception of SMS messages and push notifications, and control over the device's screen. It employs various injects to steal sensitive information, such as passwords and login credentials, by displaying fake screens or overlays. Additionally, it utilizes VNC (Virtual Network Computing) for remote access to devices, enhancing its surveillance capabilities.
#Android #MAS #Exobot #Keylogging #Malware #RemoteAccess #SMS #Coper #Octo
Forwarded from Pegasus NSO & other spyware
Attacking Android
"
#Android #Infosec #Vulnerabilities
"
In this comprehensive guide, we delve into the world of Android security from an offensive perspective, shedding light on the various techniques and methodologies used by attackers to compromise Android devices and infiltrate their sensitive data. From exploiting common coding flaws to leveraging sophisticated social engineering tactics, we explore the full spectrum of attack surfaces present in Android environments."#Android #Infosec #Vulnerabilities
Media is too big
VIEW IN TELEGRAM
AutoSpill: Zero Effort Credential Stealing from Mobile Password Managers
We will present a novel attack - that we call AutoSpill - to steal users' saved credentials from PMs during an autofill operation on a login page loaded inside an app. AutoSpill violates Android's secure autofill process. We found that the majority of top Android PMs were vulnerable to AutoSpill; even without JavaScript injections. With #JavaScriptInjections enabled, all of them were found vulnerable. We discovered the fundamental reasons for AutoSpill and will propose systematic countermeasures to fix AutoSpill properly. We responsibly disclosed our findings to the affected PMs and Android security team. Different PMs and Google accepted our work as a valid issue.
By: Ankit Gangwal , Shubham Singh , Abhijeet Srivastava
Full Abstract and Presentation Materials
#Android #Vulnerabilities #PasswordManager #AutoSpill
We will present a novel attack - that we call AutoSpill - to steal users' saved credentials from PMs during an autofill operation on a login page loaded inside an app. AutoSpill violates Android's secure autofill process. We found that the majority of top Android PMs were vulnerable to AutoSpill; even without JavaScript injections. With #JavaScriptInjections enabled, all of them were found vulnerable. We discovered the fundamental reasons for AutoSpill and will propose systematic countermeasures to fix AutoSpill properly. We responsibly disclosed our findings to the affected PMs and Android security team. Different PMs and Google accepted our work as a valid issue.
By: Ankit Gangwal , Shubham Singh , Abhijeet Srivastava
Full Abstract and Presentation Materials
#Android #Vulnerabilities #PasswordManager #AutoSpill
Universal Android Debloater Next Generation
Cross-platform GUI written in Rust using ADB to debloat non-rooted #Android devices. Improve your privacy, the security and battery life of your device.
https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation
This is a detached fork of the UAD project, which aims to improve privacy and battery performance by removing unnecessary and obscure system apps. This can also contribute to improving security by reducing the attack surface.
Wiki
https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation/wiki
Download
https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation/releases
#debloater #uadng
Cross-platform GUI written in Rust using ADB to debloat non-rooted #Android devices. Improve your privacy, the security and battery life of your device.
https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation
This is a detached fork of the UAD project, which aims to improve privacy and battery performance by removing unnecessary and obscure system apps. This can also contribute to improving security by reducing the attack surface.
Wiki
https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation/wiki
Download
https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation/releases
#debloater #uadng
GitHub
GitHub - Universal-Debloater-Alliance/universal-android-debloater-next-generation: Cross-platform GUI written in Rust using ADB…
Cross-platform GUI written in Rust using ADB to debloat non-rooted Android devices. Improve your privacy, the security and battery life of your device. - Universal-Debloater-Alliance/universal-andr...
Safe Space (A safe space for your digital valuables.)
Safe space is an app that creates a separate place on your android device to store valuable files. This storage location is not visible to other apps and is encrypted by the system by default.
Features:
* Store files in a secure storage location that is not visible to other apps and is secured by device encryption and system authentication (Biometric and PIN/Pattern/Password)
* Open Images, Audio, Video, PDF documents and plain text documents
* Create simple text notes without leaving the app
* Dark and light mode
* ability to copy and move files
* Import from and export files to external storage without storage permissions
* Completely offline with no telemetry and data collection
https://f-droid.org/packages/org.privacymatters.safespace
#Android #Security #Privacy
#EncryptedFiles
Safe space is an app that creates a separate place on your android device to store valuable files. This storage location is not visible to other apps and is encrypted by the system by default.
Features:
* Store files in a secure storage location that is not visible to other apps and is secured by device encryption and system authentication (Biometric and PIN/Pattern/Password)
* Open Images, Audio, Video, PDF documents and plain text documents
* Create simple text notes without leaving the app
* Dark and light mode
* ability to copy and move files
* Import from and export files to external storage without storage permissions
* Completely offline with no telemetry and data collection
https://f-droid.org/packages/org.privacymatters.safespace
#Android #Security #Privacy
#EncryptedFiles
Forwarded from Pegasus NSO & other spyware
Android Malware Vultur Expands Its Wingspan | NCC Group Research Blog
Via @androidMalware
#Android #Malware #Vultur
The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim’s mobile device.
Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that are decrypted on the fly, and using the guise of legitimate applications to carry out its malicious actions.
Via @androidMalware
#Android #Malware #Vultur
UpgradeAll
Check updates for Android apps, Magisk modules and more
Free and open source software which simplifies the process of finding updates for Android apps (even if you didn't install them), Magisk modules and more. The main focus is on speed and ease of use, which is widely appreciated by users.
Currently, the following sources are officially supported:
Github
Gitlab
F-Droid
Play Store
Coolapk
Source List
https://github.com/DUpdateSystem/UpgradeAll
Telegram channel: https://t.me/upallci
Discussions:
https://t.me/DUpdateSystem
https://matrix.to/#/#upgradeall:matrix.org
https://jq.qq.com/?_wv=1027&k=ZAOtKhuH
Download
https://github.com/DUpdateSystem/UpgradeAll/releases
https://f-droid.org/packages/net.xzos.upgradeall/
#apk #android #upgrade #update
Check updates for Android apps, Magisk modules and more
Free and open source software which simplifies the process of finding updates for Android apps (even if you didn't install them), Magisk modules and more. The main focus is on speed and ease of use, which is widely appreciated by users.
Currently, the following sources are officially supported:
Github
Gitlab
F-Droid
Play Store
Coolapk
Source List
https://github.com/DUpdateSystem/UpgradeAll
Telegram channel: https://t.me/upallci
Discussions:
https://t.me/DUpdateSystem
https://matrix.to/#/#upgradeall:matrix.org
https://jq.qq.com/?_wv=1027&k=ZAOtKhuH
Download
https://github.com/DUpdateSystem/UpgradeAll/releases
https://f-droid.org/packages/net.xzos.upgradeall/
#apk #android #upgrade #update
Forwarded from Pegasus NSO & other spyware
eXotic Visit campaign: Tracing the footprints of Virtual Invaders | We Live Security
Via @androidMalware
#Android #Espionage #XploitSPY #India #Pakistan
ESET researchers have discovered an active espionage campaign targeting Android users with apps primarily posing as messaging services. While these apps offer functional services as bait, they are bundled with open-source XploitSPY malware. We have named this campaign eXotic Visit and have tracked its activities from November 2021 through to the end of 2023. The targeted campaign has been distributing malicious Android apps through dedicated websites and, for some time, through the Google Play store as well.
Via @androidMalware
#Android #Espionage #XploitSPY #India #Pakistan
Forwarded from Pegasus NSO & other spyware
Playing Possum: What's the Wpeeper Backdoor Up To? | XLab_qianxin
Via @androidmalware
#Android #Trojan #Possum #Wpeeper
#WordPress
On April 18, 2024, XLab's threat hunting system detected an ELF file with zero detections on VirusTotal being distributed through two different domains. One of the domains was marked as malicious by three security firms, while the other was recently registered and had no detections, drawing our attention. Upon analysis, we confirmed that this ELF was malware targeting Android systems, utilizing compromised WordPress sites as relay C2 servers, and we named it Wpeeper.
Wpeeper is a typical backdoor Trojan for Android systems, supporting functions such as collecting sensitive device information, managing files and directories, uploading and downloading, and executing commands.Via @androidmalware
#Android #Trojan #Possum #Wpeeper
#WordPress