Analysis of Triangulation iOS spyware implant
https://securelist.com/triangledb-triangulation-implant/110050/
https://securelist.com/triangledb-triangulation-implant/110050/
Securelist
Dissecting TriangleDB, a Triangulation spyware implant
In researching Operation Triangulation, we set ourselves the goal to retrieve as many parts of the exploitation chain as possible. As of now, we have finished analyzing the spyware implant and are ready to share the details.
π7β€2
Reversing Flutter apps: Dartβs Small Integers
https://cryptax.medium.com/reversing-flutter-apps-darts-small-integers-b922d7fae7d9
https://cryptax.medium.com/reversing-flutter-apps-darts-small-integers-b922d7fae7d9
Medium
Reversing Flutter apps: Dartβs Small Integers
This article delves into the reverse engineering of Dart executable or Flutter release applications. We focus on the reverse engineering ofβ¦
π9β€1
The State of Android (Banking) Malware: Insights from 2022 and Predictions for 2023
https://www.threatfabric.com/hubfs/ThreatFabric_Generic_Report-The%20State%20of%20Android%20Banking%20Malware%202022.pdf
https://www.threatfabric.com/hubfs/ThreatFabric_Generic_Report-The%20State%20of%20Android%20Banking%20Malware%202022.pdf
π10β€4
Military service members have been receiving physical smartwatches in the mail. Smartwatches can auto-connect to Wifi and began connecting to cell phones unprompted, access voice and cameras
https://www.cid.army.mil/Media/Press-Center/Article-Display/Article/3429159/cid-lookout-unsolicited-smartwatches-received-by-mail/
https://www.cid.army.mil/Media/Press-Center/Article-Display/Article/3429159/cid-lookout-unsolicited-smartwatches-received-by-mail/
π13π€1
Reversing Flutter-based Android Malware βFluhorseβ
https://www.fortinet.com/blog/threat-research/fortinet-reverses-flutter-based-android-malware-fluhorse
https://www.fortinet.com/blog/threat-research/fortinet-reverses-flutter-based-android-malware-fluhorse
Fortinet Blog
Fortinet Reverses Flutter-based Android Malware βFluhorseβ
Gain insights into the Fluhorse malware campaign as we've managed to fully reverse engineer the malicious Flutter applications. Learn more.β¦
π15π2β€1
How to manually unpack native Android packer called KangaPack
https://cryptax.medium.com/inside-kangapack-the-kangaroo-packer-with-native-decryption-3e7e054679c4
https://cryptax.medium.com/inside-kangapack-the-kangaroo-packer-with-native-decryption-3e7e054679c4
Medium
Inside KangaPack: the Kangaroo packer with native decryption
In this blog post, we unpack a malicious sample sha256: 2c05efa757744cb01346fe6b39e9ef8ea2582d27481a441eb885c5c4dcd2b65b . The coreβ¦
π11β€3
Four Anatsa (also known as TeaBot) Android banking Trojans were discovered on Google Play Store with over 30,000 installs targeting almost 600 financial app
https://www.threatfabric.com/blogs/anatsa-hits-uk-and-dach-with-new-campaign
https://www.threatfabric.com/blogs/anatsa-hits-uk-and-dach-with-new-campaign
ThreatFabric
Anatsa banking Trojan hits UK, US and DACH with new campaign
Anatsa returns with a new campaign targeting UK, US and DACH supported by droppers on Google Play Store.
π14π€3
Interesting hardening technique of Android financial apps
Put custom permission on their components such as activities, services, etc, so banking Trojans can't launch and interact with them
This prevents malware to perform on device fraudulent transactions
https://debugactiveprocess.medium.com/strengthening-android-security-mitigating-banking-trojan-threats-fe94ae9e2f02
Put custom permission on their components such as activities, services, etc, so banking Trojans can't launch and interact with them
This prevents malware to perform on device fraudulent transactions
https://debugactiveprocess.medium.com/strengthening-android-security-mitigating-banking-trojan-threats-fe94ae9e2f02
Medium
Strengthening Android Security: Mitigating Banking Trojan Threats
In todayβs digital age, mobile devices have become integral to our daily lives, including financial transactions. However, this increasedβ¦
π20β€2
Android SELinux Internals Part I Understand how Android SELinux works, along with its functionalities and benefits
https://8ksec.io/android-selinux-internals-part-i-8ksec-blogs/
https://8ksec.io/android-selinux-internals-part-i-8ksec-blogs/
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Android SELinux Internals Part I | 8kSec Blogs - 8kSec
In Android SELinux internals Part 1 blog, explore how it provides security on Android devices and ways to bypass it. Read more to learn!
π19π₯2
A modified version of the Telegram Androis app found to be maliciously patched with Triada malware
https://blog.checkpoint.com/security/dont-be-fooled-by-app-earances-check-point-researchers-spot-hidden-malwares-behind-legitimate-looking-apps/
https://blog.checkpoint.com/security/dont-be-fooled-by-app-earances-check-point-researchers-spot-hidden-malwares-behind-legitimate-looking-apps/
Check Point Blog
Donβt be fooled by app-earances: Check Point Researchers spot hidden malwares behind legitimate looking apps - Check Point Blog
Highlights: A modified version of the popular messaging app Telegram found to be malicious The malicious app can sign up the victim for various paid
π20π€4β€1π1
Kunai - library for analyzing Dalvik Executable Files (DEX)
https://farena.in/android/analysis/kunai-lib/
https://farena.in/android/analysis/kunai-lib/
Eduardo BlΓ‘zquez's Personal Webpage
Kunai, a library for analyzing Dalvik Executable Files
Kunai is a library for analyzing Dalvik Executable Files, this library is written in C++ for performance reasons
π18π₯1
Intercepting Android App Traffic using BurpSuite
Video tutorial shows how to setup Android emulator, installing Burp Certificate in the System Store, proxy app traffic through BurpSuite, and bypass certificate pinning using Frida
https://youtu.be/xp8ufidc514
Video tutorial shows how to setup Android emulator, installing Burp Certificate in the System Store, proxy app traffic through BurpSuite, and bypass certificate pinning using Frida
https://youtu.be/xp8ufidc514
YouTube
Intercepting Android App Traffic with BurpSuite
00:00 - Introduction, talking about RouterSpace and why we can't just do what we did in that video
01:25 - Installing Genymotion, Virtual Box, and ADB; while talking about why I don't use Android Studio/AVD. Simply because genymotion just works.
02:05 - Makeβ¦
01:25 - Installing Genymotion, Virtual Box, and ADB; while talking about why I don't use Android Studio/AVD. Simply because genymotion just works.
02:05 - Makeβ¦
π15β€2
Bringing NFC contactless payment to CASIO F-91W watch
https://medium.com/@matteo.pisani.91/how-i-hacked-casio-f-91w-digital-watch-892bd519bd15
https://medium.com/@matteo.pisani.91/how-i-hacked-casio-f-91w-digital-watch-892bd519bd15
Medium
How I hacked CASIO F-91W digital watch
Bringing NFC contactless payment capability to a true classic.
π23π€5π₯1π1
Introduction to Kali NetHunter Hacker series: Which NetHunter fits you best?
https://www.mobile-hacker.com/2023/07/04/introduction-of-kali-nethunter-hacker-series-and-which-nethunter-fits-you-best/
https://www.mobile-hacker.com/2023/07/04/introduction-of-kali-nethunter-hacker-series-and-which-nethunter-fits-you-best/
Mobile Hacker
Introduction to Kali NetHunter hacker series and which NetHunter fits you best Mobile Hacker
Welcome to the exciting world of NetHunter! In this blog post, we will dive into the powerful toolkit designed specifically for mobile penetration testing and ethical hacking. Kali NetHunter brings the full arsenal of Kali Linux tools to your mobile deviceβ¦
β€16π3π2π₯°2π1π€1
Analysis of account takeover discovered in Android app with 100M+ installs from Google Play ($1000 bounty)
https://medium.com/@amolbhavar/how-i-get-1000-bounty-for-discovering-account-takeover-in-android-application-3c4f54fbde39
https://medium.com/@amolbhavar/how-i-get-1000-bounty-for-discovering-account-takeover-in-android-application-3c4f54fbde39
Medium
How I get 1000$ bounty for Discovering Account Takeover in Android Application
In this blog post, I will share my experience of discovering a critical account takeover vulnerability in an Android application which hasβ¦
π17β€3
Analysis of Android EverSpy 2 Malware which source code price is $4,000
https://www.theobservator.net/everspy-2-malware-reverse-engineering/
https://www.theobservator.net/everspy-2-malware-reverse-engineering/
β€12π4π€3π€£3
Using MLIR for Dalvik Bytecode Analysis
Using intermediate representations allows analysts to write optimizations and code analysis passes easier than parsing binary or bytecode directly. Kunai is a library intended for static analysis of dalvik bytecode, in a newer version of the library, the idea is to use the capabilities and possibilities offered by MLIR, writing a new dialect centered on Dalvik instructions.
Presentation: https://youtu.be/hfqOivYdD40
Slides: https://llvm.org/devmtg/2023-05/slides/Lightning-Talks/01-Eduardo-EuroLLVM2023.pdf
Using intermediate representations allows analysts to write optimizations and code analysis passes easier than parsing binary or bytecode directly. Kunai is a library intended for static analysis of dalvik bytecode, in a newer version of the library, the idea is to use the capabilities and possibilities offered by MLIR, writing a new dialect centered on Dalvik instructions.
Presentation: https://youtu.be/hfqOivYdD40
Slides: https://llvm.org/devmtg/2023-05/slides/Lightning-Talks/01-Eduardo-EuroLLVM2023.pdf
YouTube
2023 EuroLLVM - Using MLIR for Dalvik Bytecode Analysis
2023 European LLVM Developers' Meeting
https://llvm.org/devmtg/2023-05/
------
Using MLIR for Dalvik Bytecode Analysis
Speaker: Eduardo BlΓ‘zquez
------
Slides: https://llvm.org/devmtg/2023-05/slides/Lightning-Talks/01-Eduardo-EuroLLVM2023.pdf
-----
Usingβ¦
https://llvm.org/devmtg/2023-05/
------
Using MLIR for Dalvik Bytecode Analysis
Speaker: Eduardo BlΓ‘zquez
------
Slides: https://llvm.org/devmtg/2023-05/slides/Lightning-Talks/01-Eduardo-EuroLLVM2023.pdf
-----
Usingβ¦
π14β€3
Exploit Google Pixel 7
In detail analysis of exploiting CVE-2023-21400 on Google Pixel 7 with Dirty Pagetable exploit that uses file UAF and pid UAF vulnerabilities
https://yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html
In detail analysis of exploiting CVE-2023-21400 on Google Pixel 7 with Dirty Pagetable exploit that uses file UAF and pid UAF vulnerabilities
https://yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html
π8β€1
Android malware installed directly from a website can bypass "installation from untrusted sources" warning using WebAPK technology
WebAPK enables creation Android native apps from web applications
https://www.linkedin.com/pulse/using-webapk-technology-phishing-attacks-csirt-knf
WebAPK enables creation Android native apps from web applications
https://www.linkedin.com/pulse/using-webapk-technology-phishing-attacks-csirt-knf
Linkedin
Using WebAPK Technology for Phishing Attacks
Report: Using WebAPK Technology for Phishing Attacks Introduction The CSIRT KNF team carried out a detailed analysis of a website reported by RIFFSEC (https://twitter.com/getriffsec/status/1676663509617131520).
π23
The Turkish Government Masqueraded Site Distributing Android RAT
https://blog.cyble.com/2023/07/10/the-turkish-government-masqueraded-site-distributing-android-rat/
https://blog.cyble.com/2023/07/10/the-turkish-government-masqueraded-site-distributing-android-rat/
Cyble
Turkish Gov Site Masquerade Distributes Android RAT
CRIL analyzes the phishing campaign masquerading Turkish Government to distribute Android RAT with VNC and Keylogging feature
π16β€1π₯°1