Mobile Malware Analysis Part 6 β Xenomorph
https://8ksec.io/mobile-malware-analysis-part-6-xenomorph/
https://8ksec.io/mobile-malware-analysis-part-6-xenomorph/
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Mobile Malware Analysis Part 6 β Xenomorph - 8kSec
Welcome to the sixth installment of our Mobile Malware Series, dedicated to dissecting the latest threats and fortifying your cybersecurity defenses. In this edition, we
π11π€3π₯±2π2
Bad Zip and new Packer for Android/BianLian
https://cryptax.medium.com/bad-zip-and-new-packer-for-android-bianlian-5bdad4b90aeb
https://cryptax.medium.com/bad-zip-and-new-packer-for-android-bianlian-5bdad4b90aeb
Medium
Bad Zip and new Packer for Android/BianLian
I got my hands on a new sample of Android/BianLian (sha256: 0070bc10699a982a26f6da48452b8f5e648e1e356a7c1667f393c5c3a1150865), a bankingβ¦
π17
Shielding Against Android Phishing in Indian Banking
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shielding-against-android-phishing-in-indian-banking/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shielding-against-android-phishing-in-indian-banking/
McAfee Blog
Shielding Against Android Phishing in Indian Banking | McAfee Blog
Authored by Neil Tyagi and Fernando Ruiz In a digitally evolving world, the convenience of banking through mobile applications has revolutionized
π10
Android Banking Trojan Chameleon can now bypass any Biometric Authentication
https://www.threatfabric.com/blogs/android-banking-trojan-chameleon-is-back-in-action
https://www.threatfabric.com/blogs/android-banking-trojan-chameleon-is-back-in-action
ThreatFabric
Android Banking Trojan Chameleon can now bypass any Biometric Authentication
ThreatFabric discovers a new variant of the Chameleon banking trojan distributed via Zombinder with features to bypass any biometric authentication.
π12β€1
A WSPR Monitor Running on an old Android TV Box with OpenWebRX and RTL-SDR
https://www.rtl-sdr.com/a-wspr-monitor-running-on-an-old-android-tv-box-with-openwebrx-and-rtl-sdr/
https://www.rtl-sdr.com/a-wspr-monitor-running-on-an-old-android-tv-box-with-openwebrx-and-rtl-sdr/
rtl-sdr.com
A WSPR Monitor Running on an old Android TV Box with OpenWebRX and RTL-SDR
Thank you to Joseph IT9YBG for writing in and sharing with us his experience in getting Armbian and OpenWebRX running with an RTl-SDR V3 smoothly on an old A95X Android TV Box. These TV Boxes have an AMlogic S805 chip and Joseph writes that he is quite impressedβ¦
π12
Stealth Backdoor βAndroid/Xamaliciousβ Actively Infecting Devices
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/stealth-backdoor-android-xamalicious-actively-infecting-devices/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/stealth-backdoor-android-xamalicious-actively-infecting-devices/
McAfee Blog
Stealth Backdoor βAndroid/Xamaliciousβ Actively Infecting Devices | McAfee Blog
Authored by Fernando Ruiz McAfee Mobile Research Team identified an Android backdoor implemented with Xamarin, an open-source framework that allows
π12
Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware
https://blog.talosintelligence.com/intellexa-and-cytrox-intel-agency-grade-spyware/
https://blog.talosintelligence.com/intellexa-and-cytrox-intel-agency-grade-spyware/
Cisco Talos Blog
Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware
Talos revealed that rebooting an iOS or Android device may not remove the Predator spyware produced by Intellexa. Intellexa knows if their customers intend to perform surveillance operations on foreign soil.
π8
Operation Triangulation: The last (hardware) mystery
https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
Securelist
Operation Triangulation: The last (hardware) mystery
Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.
π14π4
Flutter Spy: Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps.
https://github.com/anasfik/flutter-spy
https://github.com/anasfik/flutter-spy
GitHub
GitHub - anasfik/flutter-spy: Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps.
Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps. - anasfik/flutter-spy
π17β€3
Code and hardware for Tamarin-C, the iPhone 15 USB-C exploration tool
https://github.com/stacksmashing/tamarin-c
https://github.com/stacksmashing/tamarin-c
GitHub
GitHub - stacksmashing/tamarin-c: A tool to explore USB-C on Apple devices using the Tamarin C Hardware.
A tool to explore USB-C on Apple devices using the Tamarin C Hardware. - stacksmashing/tamarin-c
π14πΏ1
Exploring Info.plist: Essential Knowledge for iOS Reverse Engineering
https://youtu.be/KL899jMSD8w
https://youtu.be/KL899jMSD8w
YouTube
Exploring Info.plist: Essential Knowledge for iOS Reverse Engineering
In this video, we dive into the Info.plist and discover the relevant sections for iOS Reverse Engineering and security analysis. We also write a quick python script to manually decode binary plists!
---
Timestamp:
00:00 Intro
00:49 Filza File Manager Exampleβ¦
---
Timestamp:
00:00 Intro
00:49 Filza File Manager Exampleβ¦
π14
Bypass SSL Pinning for Flutter
https://medium.com/@prasad508/bypass-ssl-pinning-for-flutter-a2f9ae85762e
https://medium.com/@prasad508/bypass-ssl-pinning-for-flutter-a2f9ae85762e
Medium
Bypass SSL Pinning for Flutter
What is Flutter?
π₯16π1
Frinet: Tracing the execution of a specific function in a userland process, on a Frida-compatible system (Tested on Linux/Android/iOS/Windows)
https://github.com/synacktiv/frinet
https://github.com/synacktiv/frinet
GitHub
GitHub - synacktiv/frinet: Frida-based tracer for easier reverse-engineering on Android, iOS, Linux, Windows and most related architectures.
Frida-based tracer for easier reverse-engineering on Android, iOS, Linux, Windows and most related architectures. - synacktiv/frinet
π9
Vooki - Free Android APK & API Vulnerability Scanner(Yaazhini)
https://www.vegabird.com/yaazhini/
https://www.vegabird.com/yaazhini/
Vegabird
Vooki - Free Android APK & API Vulnerability Scanner | Vooki Infosec
Free Android Application APK & API Vulnerability Scanner tool. Available for Windows & Mac. Get the android app security scanner.
π14β€2
Frida Android Helper: Several handy commands to facilitate common Android pentesting tasks
https://github.com/Hamz-a/frida-android-helper
https://github.com/Hamz-a/frida-android-helper
GitHub
GitHub - Hamz-a/frida-android-helper: Frida Android utilities
Frida Android utilities. Contribute to Hamz-a/frida-android-helper development by creating an account on GitHub.
π9
Path traversal to RCE in Android β Mobile Hacking Lab βDocument Viewerβ write-up
https://ajmal-moochingal.medium.com/path-traversal-to-rce-in-android-mobile-hacking-lab-document-viewer-write-up-ef9226aea1ac
https://ajmal-moochingal.medium.com/path-traversal-to-rce-in-android-mobile-hacking-lab-document-viewer-write-up-ef9226aea1ac
Medium
Path traversal to RCE in Android β Mobile Hacking Lab βDocument Viewerβ write-up
During my preparation for eMAPT, I came across Mobile Hacking Lab βββand their free hacking labs which I felt would help me for practiceβ¦
π18
A PoC for the CVE-2023-32530, for iOS/MacOS from Operation Triangulation discovered by Kaspersky
- Tested on: iOS 16.3, 16.3.1, 16.4 and 16.5 (iPhone 14 Pro Max) and macOS 13.1 and 13.4 (MacBook Air M2 2022)
- Fixed in iOS 16.5.1 and macOS 13.4.1
https://github.com/felix-pb/kfd/blob/main/writeups/smith.md
- Tested on: iOS 16.3, 16.3.1, 16.4 and 16.5 (iPhone 14 Pro Max) and macOS 13.1 and 13.4 (MacBook Air M2 2022)
- Fixed in iOS 16.5.1 and macOS 13.4.1
https://github.com/felix-pb/kfd/blob/main/writeups/smith.md
GitHub
kfd/writeups/smith.md at main Β· felix-pb/kfd
kfd, short for kernel file descriptor, is a project to read and write kernel memory on Apple devices. - felix-pb/kfd
π11π₯6β€4
MyEstatePoint Property Search app leaked data on nearly half a million of its users, exposing their names and plain-text passwords
https://cybernews.com/security/myestatepoint-property-search-app-data-leak/
https://cybernews.com/security/myestatepoint-property-search-app-data-leak/
Cybernews
Real estate Android app leaks user passwords
MyEstatePoint Property Search Android app leaks user passwords.
π12π±4π1