Vulnerability found in Facebook for Android that could trigger malicious deep links, run arbitrary JavaScript or replace URLs to phishing pages
https://ash-king.co.uk/blog/Launching-internal-non-exported-deeplinks-on-Facebook
https://ash-king.co.uk/blog/Launching-internal-non-exported-deeplinks-on-Facebook
ash-king.co.uk
Launching internal & non-exported deeplinks on Facebook
Ash King - Software Developer & Security Researcher
π1
Reverse engineering Flutter for Android + Doldrums (Doldrums is a reverse engineering tool for Flutter apps)
https://rloura.wordpress.com/2020/12/04/reversing-flutter-for-android-wip/
https://github.com/rscloura/Doldrums
https://rloura.wordpress.com/2020/12/04/reversing-flutter-for-android-wip/
https://github.com/rscloura/Doldrums
A Moment of Insanity
Reverse engineering Flutter for Android
Disclaimer: the contents of this article are the result of countless hours of personal investigation combined with exhaustive trial and error. I have never contacted Flutter or Dart development teaβ¦
Dissecting a MediaTek BootROM exploit
https://tinyhack.com/2021/01/31/dissecting-a-mediatek-bootrom-exploit/
https://tinyhack.com/2021/01/31/dissecting-a-mediatek-bootrom-exploit/
Tinyhack.com
Dissecting a MediaTek BootROM exploit
A bricked Xiaomi phone led me to discover a project in Github that uses a MediaTek BootROM exploit that was undocumented. The exploit was found by Xyz, and implemented by Chaosmaster. The initial exploit was already available for quite a while. Since I haveβ¦
Data Driven Security Hardening in Android
https://security.googleblog.com/2021/01/data-driven-security-hardening-in.html
https://security.googleblog.com/2021/01/data-driven-security-hardening-in.html
Google Online Security Blog
Data Driven Security Hardening in Android
Posted by Kevin Deus, Joel Galenson, Billy Lau and Ivan Lozano, Android Security & Privacy Team The Android platform team is committed to ...
Hackers tried to trick iPhone users into installing a fake version of WhatsApp to spy on them.
How: By tricking users into installing configuration files or so-called Mobile Device Management (MDM) profiles, which can then potentially push malware onto a target device.
https://www.vice.com/en/article/akdqwa/a-spyware-vendor-seemingly-made-a-fake-whatsapp-to-hack-targets
How: By tricking users into installing configuration files or so-called Mobile Device Management (MDM) profiles, which can then potentially push malware onto a target device.
https://www.vice.com/en/article/akdqwa/a-spyware-vendor-seemingly-made-a-fake-whatsapp-to-hack-targets
VICE
A Spyware Vendor Seemingly Made a Fake WhatsApp to Hack Targets
Technical analyses by Citizen Lab and Motherboard found links between a fake version of WhatsApp and Cy4Gate, an Italian surveillance firm that works with cops and intelligence agencies.
New Android DDoS botnet called - Matryosh - communicates over TOR and infect devices via enabled ADB port
https://blog.netlab.360.com/matryosh-botnet-is-spreading-en/
https://blog.netlab.360.com/matryosh-botnet-is-spreading-en/
360 Netlab Blog - Network Security Research Lab at 360
New Threat: Matryosh Botnet Is Spreading
Background
On January 25, 2021, 360 netlab BotMon system labeled a suspicious ELF file as
Mirai, but the network traffic did not match Mirai's characteristics.
This anomaly caught our attention, and after analysis, we determined that it was a new botnetβ¦
On January 25, 2021, 360 netlab BotMon system labeled a suspicious ELF file as
Mirai, but the network traffic did not match Mirai's characteristics.
This anomaly caught our attention, and after analysis, we determined that it was a new botnetβ¦
CVE-2020-27932: iOS Kernel privesc with turnstiles
https://googleprojectzero.blogspot.com/p/rca-cve-2020-27932.html
https://googleprojectzero.blogspot.com/p/rca-cve-2020-27932.html
Blogspot
CVE-2020-27932: iOS Kernel privesc with turnstiles
This page has been moved to our new site. Please click here to go to the new location. Posted by Ian Beer, Project Zero (2021-02-04) Disc...
Analysis of Android downloader
https://cryptax.medium.com/an-apparently-benign-app-distribution-scheme-which-has-all-it-takes-to-turn-very-ugly-f733be528535
https://cryptax.medium.com/an-apparently-benign-app-distribution-scheme-which-has-all-it-takes-to-turn-very-ugly-f733be528535
Medium
An apparently benign app distribution scheme which has all it takes to turn (very) ugly
This articles discusses a recent Android sample from January 2021. It was first scanned on the 11th, but according to its certificateβ¦
Barcode Scanner app on Google Play infects 10 million users with one update
https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/
https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/
Malwarebytes
Barcode Scanner app on Google Play infects 10 million users with one update | Malwarebytes Labs
In a single update, a popular barcode scanner app that had been on Google Play for years turned into malware.
Insecure Data Storage: Clear Text Storage of Sensitive Information (Hard-coded strings, credentials, tokens & keys)
https://medium.com/mobis3c/insecure-data-storage-clear-text-storage-of-sensitive-information-hard-coded-strings-fb7b056c0d0
https://medium.com/mobis3c/insecure-data-storage-clear-text-storage-of-sensitive-information-hard-coded-strings-fb7b056c0d0
Medium
Insecure Data Storage: Clear Text Storage of Sensitive Information (Hard-coded strings, credentials, tokens & keys)
Before we get started, we need to have the apk which can be extracted from the device by installing the application through the play storeβ¦
Domestic Kitten (APT-C-50) β An Inside Look at the Iranian Surveillance Operations
https://research.checkpoint.com/2021/domestic-kitten-an-inside-look-at-the-iranian-surveillance-operations/
https://research.checkpoint.com/2021/domestic-kitten-an-inside-look-at-the-iranian-surveillance-operations/
Check Point Research
Domestic Kitten β An Inside Look at the Iranian Surveillance Operations - Check Point Research
Overview Despite the reveal of βDomestic Kittenβ by Check Point in 2018, APT-C-50 has not stopped conducting extensive surveillance operations against Iranian citizens that could pose a threat to the stability of the Iranian regime, including internal dissidentsβ¦
Couple of bugs disclosed for Huawei, Motorola, OPPO, Mediatek, Vivo, Meizu, ZTE, K-Touch, Transsion, Digitime devices
Issues: ADB private key leak, a cloud services key leak, and permissions bypass for system APIs
https://bugs.chromium.org/p/apvi/issues/list?q=&can=1
Issues: ADB private key leak, a cloud services key leak, and permissions bypass for system APIs
https://bugs.chromium.org/p/apvi/issues/list?q=&can=1
Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows
https://blog.talosintelligence.com/2021/02/kasablanka-lodarat.html
https://blog.talosintelligence.com/2021/02/kasablanka-lodarat.html
Cisco Talos
Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows
* The developers of LodaRAT have added Android as a targeted platform. * A new iteration of LodaRAT for Windows has been identified with improved sound recording capabilities. * The operators behind LodaRAT tied to a specific campaign targeting Bangladeshβ¦
Discovered Confucius APT Android Spyware Linked to India-Pakistan Conflict
https://blog.lookout.com/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict
https://blog.lookout.com/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict
Lookout
Confucius APT Android Spyware Linked to India-Pakistan Conflict | Threat Intel
The Lookout Threat Intelligence team has discovered two novel Android surveillanceware β Hornbill and SunBird.
SHAREit Flaw Could Lead to Remote Code Execution
https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html
https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html
Trend Micro
SHAREit Flaw Could Lead to Remote Code Execution
We discovered vulnerabilities in the SHAREit application. These vulnerabilities can be abused to leak a userβs sensitive data, execute arbitrary code, and possibly lead to remote code execution. The app has over 1 billion downloads.
π1
Stealing Facebook access token and WebView cookies from SHAREit using 3rd party app (not fixed)
https://youtu.be/D2d8AL1jtes
https://youtu.be/D2d8AL1jtes
Hunting for bugs in Telegram's animated stickers remote attack surface
https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/
https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/
Shielder
Shielder - Hunting for bugs in Telegram's animated stickers remote attack surface
polict's 2020 journey in researching the lottie animation format, its integration in mobile apps and the vulnerabilities triggerable by a remote attacker against any Telegram user.
Analyzing Clubhouse for fun and profit
https://theori.io/research/korean/analyzing-clubhouse/
https://theori.io/research/korean/analyzing-clubhouse/
βScamClubβ Bypasses Iframe Sandboxing With postMessage() to deliver malvertism ads [CVE-2021β1801]
https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
Confiant
Malvertiser βScamClubβ Bypasses Iframe Sandboxing With postMessage() Shenanigans [CVE-2021β1801]
This blog post is about the mechanics of a long tail iframe sandbox bypass found in a payload belonging to the persistent malvertising attacker that we call ScamClub.