Bypassing Android 13 Restrictions with SecuriDropper
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
ThreatFabric
Bypassing Android 13 Restrictions with SecuriDropper
ThreatFabric discovers new droppers that drop Spyware and Banker malware variants Bypassing Android 13 restrictions.
π9π±3
Usage of ispw, the Swiss Army Knife for iOS/MacOS security research
https://8ksec.io/ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research/
https://8ksec.io/ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research/
π5π1
Arid Viper | APTβs Nest of SpyC23 Malware Continues to Target Android Devices
https://www.sentinelone.com/labs/arid-viper-apts-nest-of-spyc23-malware-continues-to-target-android-devices/
https://www.sentinelone.com/labs/arid-viper-apts-nest-of-spyc23-malware-continues-to-target-android-devices/
SentinelOne
Arid Viper | APTβs Nest of SpyC23 Malware Continues to Target Android Devices
Hamas-aligned threat actor delivers spyware through weaponized apps posing as Telegram or Skipped messenger.
π6π€1
Pandora's box is now open: the well-known Mirai trojan arrives in a new disguise to Android-based TV sets and TV boxes (Tanix TX6 TV Box, MX10 Pro 6K, H96 MAX X3 and others)
https://news.drweb.com/show/?lng=en&i=14743https://news.drweb.com/show/?lng=en&i=14743
https://news.drweb.com/show/?lng=en&i=14743https://news.drweb.com/show/?lng=en&i=14743
Dr.Web
Dr.Web β innovative anti-virus technologies. Comprehensive protection from Internet threats.
Doctor Web is a Russian IT-security solutions vendor developing Dr.Web anti-virus for businesses and personal use, as well as anti-virus as a service since 1992.
π4β€1π±1
Video tutorial on how to install rootless Kali NetHunter in 8 minutes on Android 13 and Android 14
https://www.youtube.com/watch?v=GmfM8VCAu-I
https://www.youtube.com/watch?v=GmfM8VCAu-I
YouTube
Kali Linux NetHunter install in 8 minutes (rootless) and includes Android 14
It's easy to install Kali Linux on your Android phone without rooting it. This is a rootless install that allows you to run Kali NetHunter as an app on your phone - I'll show you how to do this in 8 minutes.
IMPORTANT - if you have issues, please read theβ¦
IMPORTANT - if you have issues, please read theβ¦
β€13π7
How to bypass root detection in Android flutter apps
https://shobi.dev/blog/2023-28-10-bypassing-root-detection-in-flutter-with-frida
https://shobi.dev/blog/2023-28-10-bypassing-root-detection-in-flutter-with-frida
shobi.dev
Bypassing Root detection in android flutter apps
As part of the security research I was doing for an app, I had to run it in the emulator which is by default rooted. The app of course had root detection enabled. Before I proceed further I had to figure out how to bypass the root detection from the app.β¦
π13β€3
Run Kitchen Sink from Android app using 219 devices at once targeting iOS, Windows and Android & signal range comparison of BLE spam messages for Flipper Zero, Bluetooth LE Spam and nRF Connect apps
https://www.mobile-hacker.com/2023/11/08/android-kitchen-sink-send-ble-spam-to-ios-android-and-windows-at-once-using-android-app/
https://www.mobile-hacker.com/2023/11/08/android-kitchen-sink-send-ble-spam-to-ios-android-and-windows-at-once-using-android-app/
Mobile Hacker
Android Kitchen Sink: Send BLE spam to iOS, Android and Windows at once using Android app Mobile Hacker
The Kitchen Sink is a name of Bluetooth Low Energy (BLE) attack that sends random advertisement packets that targets iOS, Android, and Windows devices the same time in the vicinity. The attack is called βKitchen Sinkβ because it tries to send every possibleβ¦
π15β€3π₯2
Android malware spying on Urdu-speaking residents via a possible watering-hole attack
https://www.welivesecurity.com/en/eset-research/unlucky-kamran-android-malware-spying-urdu-speaking-residents-gilgit-baltistan/
https://www.welivesecurity.com/en/eset-research/unlucky-kamran-android-malware-spying-urdu-speaking-residents-gilgit-baltistan/
Welivesecurity
Unlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-Baltistan
ESET researchers discover Kamran, previously unknown malware, which spies on Urdu-speaking readers of Hunza News in the Gilgit-Baltistan region
π6β€1
A step-by-step Android penetration testing guide for beginners
https://infosecwriteups.com/a-step-by-step-android-penetration-testing-guide-for-beginners-8435e5e969a3
https://infosecwriteups.com/a-step-by-step-android-penetration-testing-guide-for-beginners-8435e5e969a3
Medium
A step-by-step Android penetration testing guide for beginners
Greetings fellow hackers, my name is Sandy, Security Analyst and Bug bounty hunter.
π26π2
Analysis of trojanized Skype App
https://slowmist.medium.com/fake-skype-app-phishing-analysis-35c1dc8bc515
https://slowmist.medium.com/fake-skype-app-phishing-analysis-35c1dc8bc515
Medium
Fake Skype App Phishing Analysis
Background
π12
Flutter Reverse Engineering and Security Analysis
https://medium.com/@ostorlab/flutter-reverse-engineering-and-security-analysis-41433f5671f3
https://medium.com/@ostorlab/flutter-reverse-engineering-and-security-analysis-41433f5671f3
Medium
Flutter Reverse Engineering and Security Analysis
Flutter, developed by Google, is a widely-used cross-platform framework for mobile development that supports web and desktop application.
π17β€1π1
Z Camera Android app that was downloaded over 100,000,000 times from Google Play store contained several vulnerabilities such as server leak, SQLi, intent redirection
https://medium.com/@ostorlab/this-article-is-a-technical-deep-dive-showing-how-a-100m-installation-image-application-can-6343ce8ea076
https://medium.com/@ostorlab/this-article-is-a-technical-deep-dive-showing-how-a-100m-installation-image-application-can-6343ce8ea076
Medium
This article is a technical deep dive, showing how a 100M+ installation image application canβ¦
In 2021, we reported a set of vulnerabilities to the Google AppStore team, which affected a popular Camera application called zCamera.
π13π3β€2
ZIP Exploitation: Critical Vulnerabilities Found in Popular Zip Libraries in Swift and Flutter
https://blog.ostorlab.co/zip-packages-exploitation.html
https://blog.ostorlab.co/zip-packages-exploitation.html
blog.ostorlab.co
Ostorlab: Mobile App Security Testing for Android and iOS
Recent in-depth investigations reveal serious vulnerabilities discovered in widely-used zip packages in Flutter and Swift, posing serious security risks for thousands of developers and applications. Our article delves into the technical aspects of these vulnerabilitiesβ¦
π10β€2
BLE spam but for adult toys
Using Flipper Zero or nRF Connect app, it is possible to send Bluetooth LE advertisement packets (without being paired) to adult toys in vicinity and make them all vibrate. It is also possible to start Denial of Pleasure by continuously broadcasting the stop packet
https://www.whid.ninja/blog/denial-of-pleasure-attacking-unusual-ble-targets-with-a-flipper-zero
Using Flipper Zero or nRF Connect app, it is possible to send Bluetooth LE advertisement packets (without being paired) to adult toys in vicinity and make them all vibrate. It is also possible to start Denial of Pleasure by continuously broadcasting the stop packet
https://www.whid.ninja/blog/denial-of-pleasure-attacking-unusual-ble-targets-with-a-flipper-zero
WHID - We Hack In Disguise
Denial of Pleasure: Attacking Unusual BLE Targets with a Flipper Zero
Become familiar with developing applications for Flipper Zero, which will be capable of activating adult toys all at once or completely inhibit their use for those within your range (i.e. Denial of Pleasure Attack).
π€£37π9π7π₯1
Part 2: Usage of ispw, the Swiss Army Knife for iOS/MacOS security research
https://8ksec.io/ipsw-walkthrough-part-2-the-swiss-army-knife-for-ios-macos-security-research/
https://8ksec.io/ipsw-walkthrough-part-2-the-swiss-army-knife-for-ios-macos-security-research/
π13
Fake Android and iOS apps steal SMS and contacts in South Korea
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-and-ios-apps-steal-sms-and-contacts-in-south-korea/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-and-ios-apps-steal-sms-and-contacts-in-south-korea/
McAfee Blog
Fake Android and iOS apps steal SMS and contacts in South Korea | McAfee Blog
Authored by Dexter Shin Most people have smartphones these days which can be used to easily search for various topics of interest on the Internet. These
π9π€1
Tablet for kids (Dragon Touch KidzPad Y88X) contains malware
https://www.eff.org/deeplinks/2023/11/low-budget-should-not-mean-high-risk-kids-tablet-came-preloaded-sketchyware
https://www.eff.org/deeplinks/2023/11/low-budget-should-not-mean-high-risk-kids-tablet-came-preloaded-sketchyware
Electronic Frontier Foundation
Low Budget Should Not Mean High Risk: Kids' Tablet Came Preloaded with Sketchyware
Itβs easy to get Android devices from online vendors like Amazon at different price points. Unfortunately, it is also easy to end up with an Android device with malware at these lower budgets. There
π10π±5
Palera1n Jailbreak iOS 15.7.7 for Penetration Testing
https://medium.com/@jcngan97/palera1n-jailbreak-ios-15-7-7-for-penetration-testing-7645abd15724
https://medium.com/@jcngan97/palera1n-jailbreak-ios-15-7-7-for-penetration-testing-7645abd15724
Medium
Palera1n Jailbreak iOS 15.7.7 for Penetration Testing
While performing mobile application penetration testing, the app that you are testing might have a minimum OS version of iOS 15. Withβ¦
π14β€2π2π1
Social engineering attacks lure Indian users to install Android banking trojans
https://www.microsoft.com/en-us/security/blog/2023/11/20/social-engineering-attacks-lure-indian-users-to-install-android-banking-trojans/
https://www.microsoft.com/en-us/security/blog/2023/11/20/social-engineering-attacks-lure-indian-users-to-install-android-banking-trojans/
Microsoft Security Blog
Social engineering attacks lure Indian users to install Android banking trojans | Microsoft Security Blog
Mobile banking trojan campaigns targeting users in India impersonate legitimate orgs and steal usersβ information for financial fraud scams.
π₯14π4π2π1
Nothing Chats app, the Sunbird-based iMessage app, is a privacy nightmare with unencrypted messages and images
https://9to5google.com/2023/11/18/nothing-chats-sunbird-unencrypted-data-privacy-nightmare/
https://9to5google.com/2023/11/18/nothing-chats-sunbird-unencrypted-data-privacy-nightmare/
9to5Google
Nothing Chats, the Sunbird-based iMessage app, is a privacy nightmare with unencrypted messages and images
The Nothing Chats app, powered by Sunbird, promises encrypted iMessage for Android, but it's literally a privacy nightmare.
π₯9π8π1
Intercepting Flutter Based Application Traffic Using iptables
https://krushnalipane.medium.com/intercepting-flutter-based-application-traffic-using-iptables-da0f67064944
https://krushnalipane.medium.com/intercepting-flutter-based-application-traffic-using-iptables-da0f67064944
Medium
Intercepting Flutter Based Application Traffic Using iptables
Flutter, created by Google, has emerged as a popular open-source framework for building natively compiled applications for mobile, web, and desktop from a single codebase. However, with great powerβ¦
π21β€4π₯2