When Wireless Malware Stays On After Turning Off iPhones
demo: https://youtu.be/KrqTHd5oqVw
paper: https://arxiv.org/pdf/2205.06114.pdf
demo: https://youtu.be/KrqTHd5oqVw
paper: https://arxiv.org/pdf/2205.06114.pdf
YouTube
[Paper Teaser] Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhones
The full paper will be presented at ACM WiSec 2022, the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks, from May 16 to May 19, 2022.
*** ACM WiSec 2022 ***
The 15th ACM Conference on Security and Privacy in Wireless and Mobileโฆ
*** ACM WiSec 2022 ***
The 15th ACM Conference on Security and Privacy in Wireless and Mobileโฆ
๐33๐2๐คฎ2
Vulnerability in Huawei's AppGallery can download paid apps for free
https://evowizz.dev/blog/huawei-appgallery-vulnerability
https://evowizz.dev/blog/huawei-appgallery-vulnerability
evowizz.dev
Vulnerability in Huawei's AppGallery can download paid apps for free
How I discovered the vulnerability in Huawei's AppGallery, the consequences and what happened
๐13๐คฎ6
Comparing root detection on banking apps with latest version of Magisk
https://markuta.com/magisk-root-detection-banking-apps/
https://markuta.com/magisk-root-detection-banking-apps/
Markuta
Comparing root detection on banking apps with latest version of Magisk
Comparing root detection on 24 banking apps using the latest version of Magisk v24.3 on a Google Pixel 3a running Android 10.
๐18โค1๐ข1
Technical Advisory โ BLE Proximity Authentication Vulnerable to Relay Attacks
https://research.nccgroup.com/2022/05/15/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks/
https://research.nccgroup.com/2022/05/15/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks/
๐5
Protecting Android users from 0-Day attacks
Description of 3 campaigns delivered one-time links mimicking URL shortener services to the targeted Android users via email. Once clicked, the link redirected the target to an attacker-owned domain that delivered the exploits before redirecting the browser to a legitimate website.
Compromise flow:
website redirect -> deliver browser exploit -> load ALIEN malware -> load PREDATOR payload
https://blog.google/threat-analysis-group/protecting-android-users-from-0-day-attacks/
Description of 3 campaigns delivered one-time links mimicking URL shortener services to the targeted Android users via email. Once clicked, the link redirected the target to an attacker-owned domain that delivered the exploits before redirecting the browser to a legitimate website.
Compromise flow:
website redirect -> deliver browser exploit -> load ALIEN malware -> load PREDATOR payload
https://blog.google/threat-analysis-group/protecting-android-users-from-0-day-attacks/
Google
Protecting Android users from 0-Day attacks
To protect our users, Googleโs Threat Analysis Group (TAG) routinely hunts for 0-day vulnerabilities exploited in-the-wild. In 2021, we reported nine 0-days affecting Chโฆ
๐12
Android security checklist: theft of arbitrary files
https://blog.oversecured.com/Android-security-checklist-theft-of-arbitrary-files/
https://blog.oversecured.com/Android-security-checklist-theft-of-arbitrary-files/
News, Techniques & Guides
Android security checklist: theft of arbitrary files
Developers for Android do a lot of work with files and exchange them with other apps, for example, to get photos, images, or user data.
๐ฅ12๐5
Weaponizing dirtypipe vulnerability on Android
https://docs.google.com/presentation/d/1Tq00gy1GtiK0OvNYOy_kCz0er9ZECBXGoy5Lfy5MD3M/mobilepresent#slide=id.p
https://docs.google.com/presentation/d/1Tq00gy1GtiK0OvNYOy_kCz0er9ZECBXGoy5Lfy5MD3M/mobilepresent#slide=id.p
Google Docs
Weaponizing dirtypipe on android
Weaponizing dirtypipe on android Tales of challenges and complexities
๐2๐ฅ2
New version of Android banking trojan ERMAC 2.0 is available on the underground market and already has an active campaign https://blog.cyble.com/2022/05/25/ermac-back-in-action/
Cyble
ERMAC Malware Back In Action: New Threats And Attack Methods
ERMAC malware is back with improved capabilities, targeting Android devices with enhanced threat techniques. Learn about its actions, impact, and how to defend against this evolving mobile malware
๐ฅ7๐6
Notification implicit PendingIntent in Android NextCloud app allows to access contacts (CVE-2022-24886) https://hackerone.com/reports/1161401
HackerOne
Nextcloud disclosed on HackerOne: Notification implicit...
Advisory at https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5cj3-v98r-2wmq
๐5
Mobile threat evolution in Q1 2022 by Kaspersky
https://securelist.com/it-threat-evolution-in-q1-2022-mobile-statistics/106589/
https://securelist.com/it-threat-evolution-in-q1-2022-mobile-statistics/106589/
Securelist
IT threat evolution in Q1 2022. Mobile statistics
According to Kaspersky Security Network, in Q1 2022 516,617 mobile malware installation packages were detected, of which 53,947 packages were related to mobile banking trojans, and 1,942 packages were mobile ransomware trojans.
๐2
GhostTouch: Targeted Attacks on Touchscreens without Physical Touch
The core idea is to take advantage of the electromagnetic signals to inject fake touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over remote control and manipulating the underlying device
https://www.usenix.org/conference/usenixsecurity22/presentation/wang-kai
The core idea is to take advantage of the electromagnetic signals to inject fake touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over remote control and manipulating the underlying device
https://www.usenix.org/conference/usenixsecurity22/presentation/wang-kai
๐11๐ฅ4
Android apps with millions of downloads exposed to high-severity vulnerabilities
http://www.microsoft.com/security/blog/2022/05/27/android-apps-with-millions-of-downloads-exposed-to-high-severity-vulnerabilities/
http://www.microsoft.com/security/blog/2022/05/27/android-apps-with-millions-of-downloads-exposed-to-high-severity-vulnerabilities/
Microsoft News
Android apps with millions of downloads exposed to high-severity vulnerabilities
Microsoft uncovered high-severity vulnerabilities in a mobile framework used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote or local attacks.
๐14
The Bridge between Web Applications and Mobile Platforms is Still Broken
https://minimalblue.com/data/papers/SECWEB22_broken_bridge.pdf
https://minimalblue.com/data/papers/SECWEB22_broken_bridge.pdf
๐5
Sophisticated RAT spying on Mobile Devices
https://blog.cyble.com/2022/05/26/new-malware-campaign-delivers-android-rat/
https://blog.cyble.com/2022/05/26/new-malware-campaign-delivers-android-rat/
๐8
IoT malware EnemyBot: In case an Android device is connected through USB, or Android emulator running on the machine, EnemyBot will try to infect it by executing shell command
https://cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers
https://cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers
LevelBlue
Rapidly evolving IoT malware EnemyBot now targeting Contentโฆ
Executive summary LevelBlue Labsโข has been tracking a new IoT botnet dubbed โEnemyBotโ, which is believed to be distributed by threat actor Keksec. During our investigations, LevelBlue Labs has discovered that EnemyBot is expanding its capabilities, exploitingโฆ
๐13
A Deep Dive into iOS Code Signing
https://blog.umangis.me/a-deep-dive-into-ios-code-signing/
https://blog.umangis.me/a-deep-dive-into-ios-code-signing/
Umang's Blog
A Deep Dive into iOS Code Signing
Apple's code signing is a complex beast, consisting of several different
components, each serving its own unique purpose. When I first started working on
Meteorite
[https://www.reddit.com/r/jailbreak/comments/877y53/discussion_announcing_meteorite_an_opensource/]โฆ
components, each serving its own unique purpose. When I first started working on
Meteorite
[https://www.reddit.com/r/jailbreak/comments/877y53/discussion_announcing_meteorite_an_opensource/]โฆ
๐ฅ7๐3
Pending Intents: A Pentesterโs view
https://valsamaras.medium.com/pending-intents-a-pentesters-view-92f305960f03
https://valsamaras.medium.com/pending-intents-a-pentesters-view-92f305960f03
Medium
Pending Intents: A Pentesterโs view
Few days ago I came across an interesting case of vulnerability posted at the AndroidInfoSecโs facebook page. Since there are not manyโฆ
๐6
Takedown of SMS-based FluBot spyware infecting Android phones
https://www.europol.europa.eu/media-press/newsroom/news/takedown-of-sms-based-flubot-spyware-infecting-android-phones
https://www.europol.europa.eu/media-press/newsroom/news/takedown-of-sms-based-flubot-spyware-infecting-android-phones
Europol
Takedown of SMS-based FluBot spyware infecting Android phones | Europol
This technical achievement follows a complex investigation involving law enforcement authorities of Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland, the Netherlands and the United States, with the coordination of international activityโฆ
๐11
WhatsApp accounts hijacked by call forwarding
https://blog.malwarebytes.com/social-engineering/2022/06/whatsapp-accounts-hijacked-by-call-forwarding/
https://blog.malwarebytes.com/social-engineering/2022/06/whatsapp-accounts-hijacked-by-call-forwarding/
Malwarebytes
WhatsApp accounts hijacked by call forwarding
Threat actors are using a new method to take over WhatsApp accounts. The trick starts with tricking the victim into forwarding their calls
๐ฅ8๐2๐ฑ2๐ฅฐ1