New version of Android banking trojan ERMAC 2.0 is available on the underground market and already has an active campaign https://blog.cyble.com/2022/05/25/ermac-back-in-action/
Cyble
ERMAC Malware Back In Action: New Threats And Attack Methods
ERMAC malware is back with improved capabilities, targeting Android devices with enhanced threat techniques. Learn about its actions, impact, and how to defend against this evolving mobile malware
π₯7π6
Notification implicit PendingIntent in Android NextCloud app allows to access contacts (CVE-2022-24886) https://hackerone.com/reports/1161401
HackerOne
Nextcloud disclosed on HackerOne: Notification implicit...
Advisory at https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5cj3-v98r-2wmq
π5
Mobile threat evolution in Q1 2022 by Kaspersky
https://securelist.com/it-threat-evolution-in-q1-2022-mobile-statistics/106589/
https://securelist.com/it-threat-evolution-in-q1-2022-mobile-statistics/106589/
Securelist
IT threat evolution in Q1 2022. Mobile statistics
According to Kaspersky Security Network, in Q1 2022 516,617 mobile malware installation packages were detected, of which 53,947 packages were related to mobile banking trojans, and 1,942 packages were mobile ransomware trojans.
π2
GhostTouch: Targeted Attacks on Touchscreens without Physical Touch
The core idea is to take advantage of the electromagnetic signals to inject fake touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over remote control and manipulating the underlying device
https://www.usenix.org/conference/usenixsecurity22/presentation/wang-kai
The core idea is to take advantage of the electromagnetic signals to inject fake touch events such as taps and swipes into targeted locations of the touchscreen with the goal of taking over remote control and manipulating the underlying device
https://www.usenix.org/conference/usenixsecurity22/presentation/wang-kai
π11π₯4
Android apps with millions of downloads exposed to high-severity vulnerabilities
http://www.microsoft.com/security/blog/2022/05/27/android-apps-with-millions-of-downloads-exposed-to-high-severity-vulnerabilities/
http://www.microsoft.com/security/blog/2022/05/27/android-apps-with-millions-of-downloads-exposed-to-high-severity-vulnerabilities/
Microsoft News
Android apps with millions of downloads exposed to high-severity vulnerabilities
Microsoft uncovered high-severity vulnerabilities in a mobile framework used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote or local attacks.
π14
The Bridge between Web Applications and Mobile Platforms is Still Broken
https://minimalblue.com/data/papers/SECWEB22_broken_bridge.pdf
https://minimalblue.com/data/papers/SECWEB22_broken_bridge.pdf
π5
Sophisticated RAT spying on Mobile Devices
https://blog.cyble.com/2022/05/26/new-malware-campaign-delivers-android-rat/
https://blog.cyble.com/2022/05/26/new-malware-campaign-delivers-android-rat/
π8
IoT malware EnemyBot: In case an Android device is connected through USB, or Android emulator running on the machine, EnemyBot will try to infect it by executing shell command
https://cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers
https://cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers
LevelBlue
Rapidly evolving IoT malware EnemyBot now targeting Contentβ¦
Executive summary LevelBlue Labsβ’ has been tracking a new IoT botnet dubbed βEnemyBotβ, which is believed to be distributed by threat actor Keksec. During our investigations, LevelBlue Labs has discovered that EnemyBot is expanding its capabilities, exploitingβ¦
π13
A Deep Dive into iOS Code Signing
https://blog.umangis.me/a-deep-dive-into-ios-code-signing/
https://blog.umangis.me/a-deep-dive-into-ios-code-signing/
Umang's Blog
A Deep Dive into iOS Code Signing
Apple's code signing is a complex beast, consisting of several different
components, each serving its own unique purpose. When I first started working on
Meteorite
[https://www.reddit.com/r/jailbreak/comments/877y53/discussion_announcing_meteorite_an_opensource/]β¦
components, each serving its own unique purpose. When I first started working on
Meteorite
[https://www.reddit.com/r/jailbreak/comments/877y53/discussion_announcing_meteorite_an_opensource/]β¦
π₯7π3
Pending Intents: A Pentesterβs view
https://valsamaras.medium.com/pending-intents-a-pentesters-view-92f305960f03
https://valsamaras.medium.com/pending-intents-a-pentesters-view-92f305960f03
Medium
Pending Intents: A Pentesterβs view
Few days ago I came across an interesting case of vulnerability posted at the AndroidInfoSecβs facebook page. Since there are not manyβ¦
π6
Takedown of SMS-based FluBot spyware infecting Android phones
https://www.europol.europa.eu/media-press/newsroom/news/takedown-of-sms-based-flubot-spyware-infecting-android-phones
https://www.europol.europa.eu/media-press/newsroom/news/takedown-of-sms-based-flubot-spyware-infecting-android-phones
Europol
Takedown of SMS-based FluBot spyware infecting Android phones | Europol
This technical achievement follows a complex investigation involving law enforcement authorities of Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland, the Netherlands and the United States, with the coordination of international activityβ¦
π11
WhatsApp accounts hijacked by call forwarding
https://blog.malwarebytes.com/social-engineering/2022/06/whatsapp-accounts-hijacked-by-call-forwarding/
https://blog.malwarebytes.com/social-engineering/2022/06/whatsapp-accounts-hijacked-by-call-forwarding/
Malwarebytes
WhatsApp accounts hijacked by call forwarding
Threat actors are using a new method to take over WhatsApp accounts. The trick starts with tricking the victim into forwarding their calls
π₯8π2π±2π₯°1
Android spyware connected to SideWinder APT group has been distributed via Google Play
https://blog.group-ib.com/sidewinder-antibot
https://blog.group-ib.com/sidewinder-antibot
Group-IB
SideWinder.AntiBot.Script
Group-IB Threat Intelligence researchers have discovered a new malicious infrastructure and a custom tool of the APT group SideWinder. Check!
π10π₯2
SMSFactory Android Trojan producing high costs for victims
https://blog.avast.com/smsfactory-android-trojan
https://blog.avast.com/smsfactory-android-trojan
Avast
SMSFactory Android Trojan producing high costs for victims
Avast protected more than 165,000 people across the globe from TrojanSMS malware SMSFactory within a year.
π₯7
Malicious App spread through Phishing and Google Play and Huawei's AppGallery App Store
https://www.d3lab.net/malicious-app-spread-through-italian-phishing-and-official-app-store/
https://www.d3lab.net/malicious-app-spread-through-italian-phishing-and-official-app-store/
D3Lab
π¬π§ Malicious App spread through Italian Phishing and official App Store
Since the end of 2019 there has been a change in bank phishing campaigns against Italian users who have introduced the combined use in a massive manner of methods until then used exclusively for targeted attacks, such as:
Vishing (telephone phishing);Smishingβ¦
Vishing (telephone phishing);Smishingβ¦
π₯6
Mobile Banking Heists: The Emerging Threats and How to Respond
https://storage.pardot.com/66612/1654181473nzPs3Zrz/Zimperium_Mobile_Bank_Heists_Report_0622.pdf
https://storage.pardot.com/66612/1654181473nzPs3Zrz/Zimperium_Mobile_Bank_Heists_Report_0622.pdf
π₯4β€1π1
Vulnerability within the UNISOC baseband opens mobile phones communications to remote hacker attacks (CVE-2022-20210)
https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/
https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/
π7
Mobile forensic & network analysis
PiRogue tool suite (PTS) is an open-source tool suite that provides a comprehensive mobile forensic and network traffic analysis platform targeting Android, iOS and IoT devices
https://piroguetoolsuite.github.io/
PiRogue tool suite (PTS) is an open-source tool suite that provides a comprehensive mobile forensic and network traffic analysis platform targeting Android, iOS and IoT devices
https://piroguetoolsuite.github.io/
PiRogue Tool Suite
Mobile forensic & digital investigation
PiRogue tool suite (PTS) provides a platform combining analysis tools, knowledge management, incident response management and artifact management, which allows NGOs with limited resources to equip themselves at a low cost. The project consists of an openβ¦
π₯5π2
New βDeveloper Modeβ in iOS 16!
In order to install self-signed apps into your iOS device, you can now enable developer mode
https://developer.apple.com/documentation/xcode/enabling-developer-mode-on-a-device
In order to install self-signed apps into your iOS device, you can now enable developer mode
https://developer.apple.com/documentation/xcode/enabling-developer-mode-on-a-device
π₯3