Analysis of iOS Info Stealer malware distributed via phishing website
https://medium.com/@icebre4ker/analysis-of-an-info-stealer-chapter-2-the-ios-app-0529e7b45405
https://medium.com/@icebre4ker/analysis-of-an-info-stealer-chapter-2-the-ios-app-0529e7b45405
Medium
Analysis of an Info Stealer — Chapter 2: The iOS App
Introduction
👍16
Android DeviceVersionFragment.java Privilege Escalation Exploit for Pixel Watch (CVE-2023-48418)
https://0day.today/exploit/description/39237
https://0day.today/exploit/description/39237
👍13
Financial Fraud APK Campaign targeting Chinese users
https://unit42.paloaltonetworks.com/malicious-apks-steal-pii-from-chinese-users/
https://unit42.paloaltonetworks.com/malicious-apks-steal-pii-from-chinese-users/
Unit 42
Financial Fraud APK Campaign
Drawing attention to the ways threat actors steal PII for financial fraud, this article focuses on a malicious APK campaign aimed at Chinese users.
👏12👍2
GrapheneOS: Frequent Android auto-reboots block firmware exploits
https://www.bleepingcomputer.com/news/security/grapheneos-frequent-android-auto-reboots-block-firmware-exploits/
https://www.bleepingcomputer.com/news/security/grapheneos-frequent-android-auto-reboots-block-firmware-exploits/
BleepingComputer
GrapheneOS: Frequent Android auto-reboots block firmware exploits
GrapheneOS, a privacy and security-focused Android-based operating system, has posted a series of tweets on X suggesting that Android should introduce frequent auto-reboots to make it harder for forensic software vendors to exploit firmware flaws and spy…
👍17😁7❤3
Xiaomi HyperOS BootLoader Bypass
A PoC that exploits a vulnerability to bypass the Xiaomi HyperOS community restrictions of BootLoader unlocked account bindings
https://github.com/MlgmXyysd/Xiaomi-HyperOS-BootLoader-Bypass#xiaomi-hyperos-bootloader-bypass
A PoC that exploits a vulnerability to bypass the Xiaomi HyperOS community restrictions of BootLoader unlocked account bindings
https://github.com/MlgmXyysd/Xiaomi-HyperOS-BootLoader-Bypass#xiaomi-hyperos-bootloader-bypass
GitHub
GitHub - MlgmXyysd/Xiaomi-HyperOS-BootLoader-Bypass: A PoC that exploits a vulnerability to bypass the Xiaomi HyperOS community…
A PoC that exploits a vulnerability to bypass the Xiaomi HyperOS community restrictions of BootLoader unlocked account bindings. - MlgmXyysd/Xiaomi-HyperOS-BootLoader-Bypass
👍17👏3❤2
Deobfuscating Android ARM64 strings with Ghidra: Emulating, Patching, and Automating
https://blog.nviso.eu/2024/01/15/deobfuscating-android-arm64-strings-with-ghidra-emulating-patching-and-automating/
https://blog.nviso.eu/2024/01/15/deobfuscating-android-arm64-strings-with-ghidra-emulating-patching-and-automating/
NVISO Labs
Deobfuscating Android ARM64 strings with Ghidra: Emulating, Patching, and Automating
In a recent engagement I had to deal with some custom encrypted strings inside an Android ARM64 app. I had a lot of fun reversing the app and in the process I learned a few cool new techniques whic…
👍17
A lightweight method to detect potential iOS malware
https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/
https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/
Securelist
Detecting iOS malware via Shutdown.log file
Analyzing Shutdown.log file as a lightweight method to detect indicators of infection with sophisticated iOS malware such as Pegasus, Reign and Predator.
👍9
XSS & Command Injection in Android — MobileHackingLab ‘Post Board’ Write-up
https://ajmal-moochingal.medium.com/xss-command-injection-in-android-mobilehackinglab-post-board-write-up-ae9497829615
https://ajmal-moochingal.medium.com/xss-command-injection-in-android-mobilehackinglab-post-board-write-up-ae9497829615
Medium
XSS & Command Injection in Android — MobileHackingLab ‘Post Board’ Write-up
A lab that covers XSS in a WebView within Android which could be exploited by other apps in the device, combined with a Command Injection…
👍18🤡6❤1
Bigpanzi botnet infects 170,000 Android TV boxes with malware
https://blog.xlab.qianxin.com/bigpanzi-exposed-hidden-cyber-threat-behind-your-stb/
https://blog.xlab.qianxin.com/bigpanzi-exposed-hidden-cyber-threat-behind-your-stb/
奇安信 X 实验室
Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box
Background
Some time ago, we intercepted a dubious ELF sample exhibiting zero detection on VirusTotal. This sample, named pandoraspear and employing a modified UPX shell, has an MD5 signature of 9a1a6d484297a4e5d6249253f216ed69. Our analysis revealed that…
Some time ago, we intercepted a dubious ELF sample exhibiting zero detection on VirusTotal. This sample, named pandoraspear and employing a modified UPX shell, has an MD5 signature of 9a1a6d484297a4e5d6249253f216ed69. Our analysis revealed that…
👍13
MavenGate: a supply chain attack method for Java and Android applications
https://blog.oversecured.com/Introducing-MavenGate-a-supply-chain-attack-method-for-Java-and-Android-applications/
https://blog.oversecured.com/Introducing-MavenGate-a-supply-chain-attack-method-for-Java-and-Android-applications/
News, Techniques & Guides
Introducing MavenGate: a supply chain attack method for Java and Android applications
More recently, the cybersecurity community has seen numerous studies of supply chain attacks on Web apps.
👍14❤1
Getting Started with iOS Penetration Testing — Part 1: The Setup
https://sahil-security-nerd07.medium.com/getting-started-with-ios-penetration-testing-part-1-the-setup-e322c73ab9a0
https://sahil-security-nerd07.medium.com/getting-started-with-ios-penetration-testing-part-1-the-setup-e322c73ab9a0
Medium
Getting Started with iOS Penetration Testing, The Setup.
Introduction:
🔥19🥱5👍3❤1
2023_Mobile_Banking_Heists_Report.pdf
13.3 MB
Mobile Banking Heists Report 2023: 29 Malware Families Targeting 1,800 Mobile Banking Apps
👍18
Mobile malware analysis for the BBC of TeaBot (Anatsa) banking trojan impersonating PDF AI: Add-On app
https://www.pentestpartners.com/security-blog/mobile-malware-analysis-for-the-bbc/
https://www.pentestpartners.com/security-blog/mobile-malware-analysis-for-the-bbc/
Pentestpartners
Mobile malware analysis for the BBC | Pen Test Partners
This is a version of our report referenced in the Helping a mobile malware fraud victim blog post, with all sensitive information removed. Summary One malicious application was identified on the device, and evidence identified during the examination strong…
🔥5🤡4🙈3👍2👎2
PoC to takeover Android using another Android by exploiting critical Bluetooth vulnerability to install Metasploit without proper Bluetooth pairing (CVE-2023-45866). It still affects Android 10 and bellow.
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
Mobile Hacker
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing Mobile Hacker
[update 2024-02-19] This vulnerability can be even used to remotely wipe data of targeted Android smartphone. Using this vulnerability it is possible to guess user lock screen PIN. After five incorrect PINs device is locked out for 30 seconds. This operation…
👍19🔥10🤡5❤2
Hunting for Android Privilege Escalation with a 32 Line Fuzzer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hunting-for-android-privilege-escalation-with-a-32-line-fuzzer/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hunting-for-android-privilege-escalation-with-a-32-line-fuzzer/
Levelblue
Hunting for Android Privilege Escalation with a 32 Line Fuzzer
Trustwave SpiderLabs tested a couple of Android OS-based mobile devices to conduct the research on privilege escalation scenarios.
👍7
Pakistan-based Threat Actor Targets Indians with Fake Loan Android Application
https://www.cyfirma.com/outofband/pakistan-based-threat-actor-targets-indians-with-fake-loan-android-application/
https://www.cyfirma.com/outofband/pakistan-based-threat-actor-targets-indians-with-fake-loan-android-application/
CYFIRMA
Pakistan-based Threat Actor Targets Indians with Fake Loan Android Application - CYFIRMA
EXECUTIVE SUMMARY The team at CYFIRMA recently identified a pattern where unknown threat actors utilize Android malware to target individuals...
🤣18👍8👎5
Android-based PAX Technology Point of Sale (POS) vulnerabilities
CVE-2023-42133 - Reserved
CVE-2023-42134 - Signed partition overwrite and subsequently local code execution as root via hidden bootloader command
CVE-2023-42135 - Local code execution as root via kernel parameter injection in fastboot
CVE-2023-42136 - Privilege escalation from any user/application to system user via shell injection binder-exposed service
CVE-2023-42137 - Privilege escalation from system/shell user to root via insecure operations in systool_server daemon
CVE-2023-4818 - Bootloader downgrade via improper tokenization
https://blog.stmcyber.com/pax-pos-cves-2023/
CVE-2023-42133 - Reserved
CVE-2023-42134 - Signed partition overwrite and subsequently local code execution as root via hidden bootloader command
CVE-2023-42135 - Local code execution as root via kernel parameter injection in fastboot
CVE-2023-42136 - Privilege escalation from any user/application to system user via shell injection binder-exposed service
CVE-2023-42137 - Privilege escalation from system/shell user to root via insecure operations in systool_server daemon
CVE-2023-4818 - Bootloader downgrade via improper tokenization
https://blog.stmcyber.com/pax-pos-cves-2023/
STM Cyber Blog
Android-based PAX POS vulnerabilities (Part 1) - STM Cyber Blog
In this article, we present details of 6 vulnerabilities on the Android POS devices made by the worldwide known company PAX Technology.
👍13
Android Deep Links & WebViews Exploitations Part I
https://medium.com/@justmobilesec/deep-links-webviews-exploitations-part-i-452e8aad124f
https://medium.com/@justmobilesec/deep-links-webviews-exploitations-part-i-452e8aad124f
Medium
Deep Links & WebViews Exploitations Part I
TLDR: This post is the first of a two-part series covering Deep Links & WebViews Exploitations. This article focuses on WebViews. It…
👍15
APK Obfucation Detection - detect code obfuscation through text classification in the detection process
https://github.com/liansecurityOS/apk-obfucation-detection
https://github.com/liansecurityOS/apk-obfucation-detection
GitHub
GitHub - liansecurityOS/apk-obfucation-detection: Detect code obfuscation through text classification in the detection process.
Detect code obfuscation through text classification in the detection process. - liansecurityOS/apk-obfucation-detection
👍18👎2❤1
Buffer-overflow in Android native code — MobileHackingLab ‘Notekeeper’ Write-up
https://ajmal-moochingal.medium.com/buffer-overflow-in-android-native-code-mobilehackinglab-notekeeper-write-up-4e7764be3c2a
https://ajmal-moochingal.medium.com/buffer-overflow-in-android-native-code-mobilehackinglab-notekeeper-write-up-4e7764be3c2a
Medium
Buffer-overflow in Android native code — MobileHackingLab ‘Notekeeper’ Write-up
Exploiting a Buffer-overflow bug in a native library function in an Android App to gain code execution.
🔥8👍5❤2
How to debug Android/iOS native library using GDB debugger?
https://medium.com/@shubhamsonani/how-to-debug-android-ios-native-library-using-gdb-debugger-d02c0e0341eb
https://medium.com/@shubhamsonani/how-to-debug-android-ios-native-library-using-gdb-debugger-d02c0e0341eb
Medium
How to debug Android/iOS native library using GDB debugger?
Hi Guys, after a long time, I am writing a new blog that will help you guys while performing Android/iOS penetration testing. I am going…
👍13