Android barcode scanner app with 100K installs exposes user passwords
https://cybernews.com/security/android-barcode-scanner-data-leak/
https://cybernews.com/security/android-barcode-scanner-data-leak/
Cybernews
Android barcode scanner app exposes user passwords
An Android app with over 100k Google Play downloads and a 4.5-star average rating has let an open instance go unchecked, leaving sensitive user data up for grabs.
π8π1
AutoSpill Vulnerability: Your mobile password manager might be exposing your credentials
https://techcrunch.com/2023/12/06/your-mobile-password-manager-might-be-exposing-your-credentials/
https://techcrunch.com/2023/12/06/your-mobile-password-manager-might-be-exposing-your-credentials/
TechCrunch
Your mobile password manager might be exposing your credentials
A number of popular mobile password managers are inadvertently spilling user credentials due to a vulnerability in the autofill functionality of Android apps.
π18π€¬2β€1
5Ghoul: New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands
https://asset-group.github.io/disclosures/5ghoul/
https://asset-group.github.io/disclosures/5ghoul/
π10π€1
Hardening cellular basebands in Android
https://security.googleblog.com/2023/12/hardening-cellular-basebands-in-android.html
https://security.googleblog.com/2023/12/hardening-cellular-basebands-in-android.html
Google Online Security Blog
Hardening cellular basebands in Android
Posted by Ivan Lozano and Roger Piqueras Jover Androidβs defense-in-depth strategy applies not only to the Android OS running on the Appl...
π12
Mobile Malware Analysis Part 6 β Xenomorph
https://8ksec.io/mobile-malware-analysis-part-6-xenomorph/
https://8ksec.io/mobile-malware-analysis-part-6-xenomorph/
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Mobile Malware Analysis Part 6 β Xenomorph - 8kSec
Welcome to the sixth installment of our Mobile Malware Series, dedicated to dissecting the latest threats and fortifying your cybersecurity defenses. In this edition, we
π11π€3π₯±2π2
Bad Zip and new Packer for Android/BianLian
https://cryptax.medium.com/bad-zip-and-new-packer-for-android-bianlian-5bdad4b90aeb
https://cryptax.medium.com/bad-zip-and-new-packer-for-android-bianlian-5bdad4b90aeb
Medium
Bad Zip and new Packer for Android/BianLian
I got my hands on a new sample of Android/BianLian (sha256: 0070bc10699a982a26f6da48452b8f5e648e1e356a7c1667f393c5c3a1150865), a bankingβ¦
π17
Shielding Against Android Phishing in Indian Banking
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shielding-against-android-phishing-in-indian-banking/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shielding-against-android-phishing-in-indian-banking/
McAfee Blog
Shielding Against Android Phishing in Indian Banking | McAfee Blog
Authored by Neil Tyagi and Fernando Ruiz In a digitally evolving world, the convenience of banking through mobile applications has revolutionized
π10
Android Banking Trojan Chameleon can now bypass any Biometric Authentication
https://www.threatfabric.com/blogs/android-banking-trojan-chameleon-is-back-in-action
https://www.threatfabric.com/blogs/android-banking-trojan-chameleon-is-back-in-action
ThreatFabric
Android Banking Trojan Chameleon can now bypass any Biometric Authentication
ThreatFabric discovers a new variant of the Chameleon banking trojan distributed via Zombinder with features to bypass any biometric authentication.
π12β€1
A WSPR Monitor Running on an old Android TV Box with OpenWebRX and RTL-SDR
https://www.rtl-sdr.com/a-wspr-monitor-running-on-an-old-android-tv-box-with-openwebrx-and-rtl-sdr/
https://www.rtl-sdr.com/a-wspr-monitor-running-on-an-old-android-tv-box-with-openwebrx-and-rtl-sdr/
rtl-sdr.com
A WSPR Monitor Running on an old Android TV Box with OpenWebRX and RTL-SDR
Thank you to Joseph IT9YBG for writing in and sharing with us his experience in getting Armbian and OpenWebRX running with an RTl-SDR V3 smoothly on an old A95X Android TV Box. These TV Boxes have an AMlogic S805 chip and Joseph writes that he is quite impressedβ¦
π12
Stealth Backdoor βAndroid/Xamaliciousβ Actively Infecting Devices
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/stealth-backdoor-android-xamalicious-actively-infecting-devices/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/stealth-backdoor-android-xamalicious-actively-infecting-devices/
McAfee Blog
Stealth Backdoor βAndroid/Xamaliciousβ Actively Infecting Devices | McAfee Blog
Authored by Fernando Ruiz McAfee Mobile Research Team identified an Android backdoor implemented with Xamarin, an open-source framework that allows
π12
Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware
https://blog.talosintelligence.com/intellexa-and-cytrox-intel-agency-grade-spyware/
https://blog.talosintelligence.com/intellexa-and-cytrox-intel-agency-grade-spyware/
Cisco Talos Blog
Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware
Talos revealed that rebooting an iOS or Android device may not remove the Predator spyware produced by Intellexa. Intellexa knows if their customers intend to perform surveillance operations on foreign soil.
π8
Operation Triangulation: The last (hardware) mystery
https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
Securelist
Operation Triangulation: The last (hardware) mystery
Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.
π14π4
Flutter Spy: Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps.
https://github.com/anasfik/flutter-spy
https://github.com/anasfik/flutter-spy
GitHub
GitHub - anasfik/flutter-spy: Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps.
Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps. - anasfik/flutter-spy
π17β€3
Code and hardware for Tamarin-C, the iPhone 15 USB-C exploration tool
https://github.com/stacksmashing/tamarin-c
https://github.com/stacksmashing/tamarin-c
GitHub
GitHub - stacksmashing/tamarin-c: A tool to explore USB-C on Apple devices using the Tamarin C Hardware.
A tool to explore USB-C on Apple devices using the Tamarin C Hardware. - stacksmashing/tamarin-c
π14πΏ1
Exploring Info.plist: Essential Knowledge for iOS Reverse Engineering
https://youtu.be/KL899jMSD8w
https://youtu.be/KL899jMSD8w
YouTube
Exploring Info.plist: Essential Knowledge for iOS Reverse Engineering
In this video, we dive into the Info.plist and discover the relevant sections for iOS Reverse Engineering and security analysis. We also write a quick python script to manually decode binary plists!
---
Timestamp:
00:00 Intro
00:49 Filza File Manager Exampleβ¦
---
Timestamp:
00:00 Intro
00:49 Filza File Manager Exampleβ¦
π14
Bypass SSL Pinning for Flutter
https://medium.com/@prasad508/bypass-ssl-pinning-for-flutter-a2f9ae85762e
https://medium.com/@prasad508/bypass-ssl-pinning-for-flutter-a2f9ae85762e
Medium
Bypass SSL Pinning for Flutter
What is Flutter?
π₯16π1
Frinet: Tracing the execution of a specific function in a userland process, on a Frida-compatible system (Tested on Linux/Android/iOS/Windows)
https://github.com/synacktiv/frinet
https://github.com/synacktiv/frinet
GitHub
GitHub - synacktiv/frinet: Frida-based tracer for easier reverse-engineering on Android, iOS, Linux, Windows and most related architectures.
Frida-based tracer for easier reverse-engineering on Android, iOS, Linux, Windows and most related architectures. - synacktiv/frinet
π9
Vooki - Free Android APK & API Vulnerability Scanner(Yaazhini)
https://www.vegabird.com/yaazhini/
https://www.vegabird.com/yaazhini/
Vegabird
Vooki - Free Android APK & API Vulnerability Scanner | Vooki Infosec
Free Android Application APK & API Vulnerability Scanner tool. Available for Windows & Mac. Get the android app security scanner.
π14β€2