Tracking Android/Joker payloads with Medusa, static analysis (and patience)
https://cryptax.medium.com/tracking-android-joker-payloads-with-medusa-static-analysis-and-patience-672348b81ac2
https://cryptax.medium.com/tracking-android-joker-payloads-with-medusa-static-analysis-and-patience-672348b81ac2
Medium
Tracking Android/Joker payloads with Medusa, static analysis (and patience)
I am looking into a new sample of Android/Joker, reported on June 19, 2022 by @ReBensk:
๐20
Lab Setup for Android Pentesting on Android Emulator (M1 Macbook)
https://guptashubham.com/blog/lab-setup-for-android-pentesting-on-android-emulator-m1-macbook
https://guptashubham.com/blog/lab-setup-for-android-pentesting-on-android-emulator-m1-macbook
๐1
ARM 64 Assembly Seriesโ Basic definitions and registers
https://valsamaras.medium.com/arm-64-assembly-series-basic-definitions-and-registers-ec8cc1334e40
https://valsamaras.medium.com/arm-64-assembly-series-basic-definitions-and-registers-ec8cc1334e40
Medium
ARM 64 Assembly Seriesโ Basic definitions and registers
Main Definitions
๐18
Exploiting vulnerabilities in iOS Application
https://lonewolf-raj.medium.com/exploiting-vulnerabilities-in-ios-application-cf5718910c47
https://lonewolf-raj.medium.com/exploiting-vulnerabilities-in-ios-application-cf5718910c47
Medium
Exploiting vulnerabilities in iOS Application
Hello Everyone, Here Iโm going to share one of my findings which I got while enumerating iOS application, below are my findings and theโฆ
๐ค10โค5๐ฉ5๐2
Spyware vendor targets users in Italy and Kazakhstan #Android #iOS #Hermit
https://blog.google/threat-analysis-group/italian-spyware-vendor-targets-users-in-italy-and-kazakhstan/
https://blog.google/threat-analysis-group/italian-spyware-vendor-targets-users-in-italy-and-kazakhstan/
Google
Spyware vendor targets users in Italy and Kazakhstan
Today, alongside Googleโs Project Zero, we are detailing capabilities provided by RCS Labs, an Italian vendor that uses a combination of tactics, including atypical drive-by downloads as initial infection vectors to target mobile users on both iOS and Android.
๐14
Androscope is a collaborative Android malware encyclopedia
You can search for malware based on what they do, and if you are a reverse engineer you can contribute and add new entries to the encyclopedia. https://androscope.fortinet-cse.com/
You can search for malware based on what they do, and if you are a reverse engineer you can contribute and add new entries to the encyclopedia. https://androscope.fortinet-cse.com/
๐19
Revive: from spyware to Android banking trojan
https://www.cleafy.com/cleafy-labs/revive-from-spyware-to-android-banking-trojan
https://www.cleafy.com/cleafy-labs/revive-from-spyware-to-android-banking-trojan
Cleafy
Revive: from spyware to android banking trojan | Cleafy Labs
A new banking trojan targeting Europe has been discovered by Cleafy's Threat Intelligence Team. We dubbed it Revive and it is an evolution of simple spyware into a banking trojan, with the key capability of conducting Account Takeover attacks: here's theโฆ
๐15
Flubot: the evolution of a notorious Android Banking Malware
https://blog.fox-it.com/2022/06/29/flubot-the-evolution-of-a-notorious-android-banking-malware/
https://blog.fox-it.com/2022/06/29/flubot-the-evolution-of-a-notorious-android-banking-malware/
Fox-IT International blog
Flubot: the evolution of a notorious Android Banking Malware
Authored by Alberto Segura (main author) and Rolf Govers (co-author) Summary Flubot is an Android based malware that has been distributed in the past 1.5 years inEurope, Asia and Oceania affecting โฆ
๐19
AMAZON FIXED A VULNERABILITY OF BROKEN AUTHENTICATION IN AMAZON PHOTOS ANDROID APP
https://checkmarx.com/blog/amazon-confirmed-and-fixed-a-high-severity-vulnerability-of-broken-authentication-in-amazon-photos-android-app/
https://checkmarx.com/blog/amazon-confirmed-and-fixed-a-high-severity-vulnerability-of-broken-authentication-in-amazon-photos-android-app/
Checkmarx.com
Amazon Confirmed and Fixed a High Severity Vulnerability of Broken Authentication in Amazon Photos Android App
Our research team at Checkmarx found that the Amazon Photos Android app could have allowed a malicious application, installed on the userโs phone, to steal their Amazon access token. The Android app has over 50 million downloads.
๐21
Google patched security issues in Chrome for Android, one of the exploit exists in the wild (CVE-2022-2294, CVE-2022-2295)
https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html
https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html
Chrome Releases
Chrome for Android Update
Hi, everyone! We've just released Chrome 103 (103.0.5060.71) for Android: it'll become available on Google Play over the next few days. Th...
๐13
Toll fraud malware: How an Android application can drain your wallet
https://www.microsoft.com/security/blog/2022/06/30/toll-fraud-malware-how-an-android-application-can-drain-your-wallet/
https://www.microsoft.com/security/blog/2022/06/30/toll-fraud-malware-how-an-android-application-can-drain-your-wallet/
Microsoft News
Toll fraud malware: How an Android application can drain your wallet
Toll fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent, is one of the most prevalent types of Android malware โ and it continues to evolve.
๐11๐คฌ1
Apple implemented "Lockdown Mode" in their devices from version 16 to protects users against spyware
"Hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware."
https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/
"Hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware."
https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/
Apple Newsroom
Apple expands commitment to protect users from mercenary spyware
Apple today detailed two initiatives to help protect users who may be personally targeted by sophisticated digital threats.
๐17
New malware detected on Google Play, 100.000+ users affected
https://blog.pradeo.com/pradeo-identifies-app-joker-malware-google-play
https://blog.pradeo.com/pradeo-identifies-app-joker-malware-google-play
Pradeo
New malware detected on Google Play, 100.000+ users affected
Joker is a malware that silently exfiltrates data and subscribes users to unwanted premium subscription. The malware was found in 24 apps on Google Play.
๐13๐ค5๐ฉ3
Guide to Reversing and Exploiting iOS binaries Part 2: ARM64 ROP Chains
https://www.inversecos.com/2022/06/guide-to-reversing-and-exploiting-ios.html
https://www.inversecos.com/2022/06/guide-to-reversing-and-exploiting-ios.html
Inversecos
Guide to Reversing and Exploiting iOS binaries Part 2: ARM64 ROP Chains
๐15
Heap Overflows on iOS ARM64: Heap Grooming, Use-After-Free (Part 3)
https://www.inversecos.com/2022/07/heap-overflows-on-ios-arm64-heap.html
https://www.inversecos.com/2022/07/heap-overflows-on-ios-arm64-heap.html
Inversecos
Heap Overflows on iOS ARM64: Heap Spraying, Use-After-Free (Part 3)
๐9
Lock Screen Bypass Exploit of Android Devices (CVE-2022โ20006)
https://medium.com/maverislabs/lock-screen-bypass-exploit-of-android-devices-cve-2022-20006-604958fcee3a
https://medium.com/maverislabs/lock-screen-bypass-exploit-of-android-devices-cve-2022-20006-604958fcee3a
Medium
Lock Screen Bypass Exploit of Android Devices (CVE-2022โ20006)
Background on Lock Screen Bypass Exploits
๐37๐1๐1
Session On Android โ An App Wrapped in Signal
https://thebinaryhick.blog/2022/07/14/session-on-android-an-app-wrapped-in-signal/
https://thebinaryhick.blog/2022/07/14/session-on-android-an-app-wrapped-in-signal/
The Binary Hick
Session On Android โ An App Wrapped in Signal
NOTE: parts of this article describe steps by which the order of encryption methods are reversed to render encrypted data in clear-text. This was done in order to investigate the app being discusseโฆ
๐8๐ฅ6
Exploiting Android Vulnerabilities with Malicious Third-Party Apps (featuring Oversecured APK)
https://medium.com/@as3ng/exploiting-android-vulnerabilities-with-malicious-third-party-apps-featuring-oversecured-apk-adea3241ce49
https://medium.com/@as3ng/exploiting-android-vulnerabilities-with-malicious-third-party-apps-featuring-oversecured-apk-adea3241ce49
Medium
Exploiting Android Vulnerabilities with Malicious Third-Party Apps (featuring Oversecured APK)
Mobile applications has become a trend these days since there are a rapid growing companies and startups which already taken their stepsโฆ
๐14๐ฅ5๐2๐1
Pegasus Spyware Used Against Thailandโs Pro-Democracy Movement
https://citizenlab.ca/2022/07/geckospy-pegasus-spyware-used-against-thailands-pro-democracy-movement/
https://citizenlab.ca/2022/07/geckospy-pegasus-spyware-used-against-thailands-pro-democracy-movement/
The Citizen Lab
GeckoSpy
Uncovering an extensive espionage operation infecting dozens of Thai pro-democracy campaigners with NSO Group's Pegasus spyware.
๐15๐5๐ฅ3
The first distribution of Android related malware by Turla APT group spoofing domain Ukrainian Azov Regiment
https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag/
https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag/
Google
Continued cyber activity in Eastern Europe observed by TAG
Googleโs Threat Analysis Group (TAG) continues to closely monitor the cybersecurity environment in Eastern Europe with regard to the war in Ukraine. Many Russian government cyber assets have remained focused on Ukraine and related issues since the invasionโฆ
๐15โค1
ARM 64 Assembly Series โ Branch
https://valsamaras.medium.com/arm-64-assembly-series-branch-9ce820987fc6
https://valsamaras.medium.com/arm-64-assembly-series-branch-9ce820987fc6
Medium
ARM 64 Assembly SeriesโโโBranch
Previous posts: Basic definitions and registers, lab setup, offset and addressing modes, Load And Store
๐14๐ฅ6โค2๐ฅฐ2