2023_Mobile_Banking_Heists_Report.pdf
13.3 MB
Mobile Banking Heists Report 2023: 29 Malware Families Targeting 1,800 Mobile Banking Apps
π18
Mobile malware analysis for the BBC of TeaBot (Anatsa) banking trojan impersonating PDF AI: Add-On app
https://www.pentestpartners.com/security-blog/mobile-malware-analysis-for-the-bbc/
https://www.pentestpartners.com/security-blog/mobile-malware-analysis-for-the-bbc/
Pentestpartners
Mobile malware analysis for the BBC | Pen Test Partners
This is a version of our report referenced in the Helping a mobile malware fraud victim blog post, with all sensitive information removed. Summary One malicious application was identified on the device, and evidence identified during the examination strongβ¦
π₯5π€‘4π3π2π2
PoC to takeover Android using another Android by exploiting critical Bluetooth vulnerability to install Metasploit without proper Bluetooth pairing (CVE-2023-45866). It still affects Android 10 and bellow.
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
Mobile Hacker
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing Mobile Hacker
[update 2024-02-19] This vulnerability can be even used to remotely wipe data of targeted Android smartphone. Using this vulnerability it is possible to guess user lock screen PIN. After five incorrect PINs device is locked out for 30 seconds. This operationβ¦
π19π₯10π€‘5β€2
Hunting for Android Privilege Escalation with a 32 Line Fuzzer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hunting-for-android-privilege-escalation-with-a-32-line-fuzzer/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hunting-for-android-privilege-escalation-with-a-32-line-fuzzer/
Levelblue
Hunting for Android Privilege Escalation with a 32 Line Fuzzer
Trustwave SpiderLabs tested a couple of Android OS-based mobile devices to conduct the research on privilege escalation scenarios.
π7
Pakistan-based Threat Actor Targets Indians with Fake Loan Android Application
https://www.cyfirma.com/outofband/pakistan-based-threat-actor-targets-indians-with-fake-loan-android-application/
https://www.cyfirma.com/outofband/pakistan-based-threat-actor-targets-indians-with-fake-loan-android-application/
CYFIRMA
Pakistan-based Threat Actor Targets Indians with Fake Loan Android Application - CYFIRMA
EXECUTIVE SUMMARY The team at CYFIRMA recently identified a pattern where unknown threat actors utilize Android malware to target individuals...
π€£18π8π5
Android-based PAX Technology Point of Sale (POS) vulnerabilities
CVE-2023-42133 - Reserved
CVE-2023-42134 - Signed partition overwrite and subsequently local code execution as root via hidden bootloader command
CVE-2023-42135 - Local code execution as root via kernel parameter injection in fastboot
CVE-2023-42136 - Privilege escalation from any user/application to system user via shell injection binder-exposed service
CVE-2023-42137 - Privilege escalation from system/shell user to root via insecure operations in systool_server daemon
CVE-2023-4818 - Bootloader downgrade via improper tokenization
https://blog.stmcyber.com/pax-pos-cves-2023/
CVE-2023-42133 - Reserved
CVE-2023-42134 - Signed partition overwrite and subsequently local code execution as root via hidden bootloader command
CVE-2023-42135 - Local code execution as root via kernel parameter injection in fastboot
CVE-2023-42136 - Privilege escalation from any user/application to system user via shell injection binder-exposed service
CVE-2023-42137 - Privilege escalation from system/shell user to root via insecure operations in systool_server daemon
CVE-2023-4818 - Bootloader downgrade via improper tokenization
https://blog.stmcyber.com/pax-pos-cves-2023/
STM Cyber Blog
Android-based PAX POS vulnerabilities (Part 1) - STM Cyber Blog
In this article, we present details of 6 vulnerabilities on the Android POS devices made by the worldwide known company PAX Technology.
π13
Android Deep Links & WebViews Exploitations Part I
https://medium.com/@justmobilesec/deep-links-webviews-exploitations-part-i-452e8aad124f
https://medium.com/@justmobilesec/deep-links-webviews-exploitations-part-i-452e8aad124f
Medium
Deep Links & WebViews Exploitations Part I
TLDR: This post is the first of a two-part series covering Deep Links & WebViews Exploitations. This article focuses on WebViews. Itβ¦
π15
APK Obfucation Detection - detect code obfuscation through text classification in the detection process
https://github.com/liansecurityOS/apk-obfucation-detection
https://github.com/liansecurityOS/apk-obfucation-detection
GitHub
GitHub - liansecurityOS/apk-obfucation-detection: Detect code obfuscation through text classification in the detection process.
Detect code obfuscation through text classification in the detection process. - liansecurityOS/apk-obfucation-detection
π18π2β€1
Buffer-overflow in Android native code β MobileHackingLab βNotekeeperβ Write-up
https://ajmal-moochingal.medium.com/buffer-overflow-in-android-native-code-mobilehackinglab-notekeeper-write-up-4e7764be3c2a
https://ajmal-moochingal.medium.com/buffer-overflow-in-android-native-code-mobilehackinglab-notekeeper-write-up-4e7764be3c2a
Medium
Buffer-overflow in Android native code β MobileHackingLab βNotekeeperβ Write-up
Exploiting a Buffer-overflow bug in a native library function in an Android App to gain code execution.
π₯8π5β€2
How to debug Android/iOS native library using GDB debugger?
https://medium.com/@shubhamsonani/how-to-debug-android-ios-native-library-using-gdb-debugger-d02c0e0341eb
https://medium.com/@shubhamsonani/how-to-debug-android-ios-native-library-using-gdb-debugger-d02c0e0341eb
Medium
How to debug Android/iOS native library using GDB debugger?
Hi Guys, after a long time, I am writing a new blog that will help you guys while performing Android/iOS penetration testing. I am goingβ¦
π13
Exploit released for Android local privilege elevation (root) impacts several OEMs (APEX key reuse vulnerability CVE-2023-45779)
Info: Devices contained at least one preinstalled APEX signed only with AOSP test keys, for which anyone can produce an update
Write-up: https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys.html
Exploit: https://github.com/metaredteam/rtx-cve-2023-45779
Info: Devices contained at least one preinstalled APEX signed only with AOSP test keys, for which anyone can produce an update
Write-up: https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys.html
Exploit: https://github.com/metaredteam/rtx-cve-2023-45779
Meta Red Team X
Missing signs: how several brands forgot to secure a key piece of Android
We recently discovered that Android devices from multiple major brands sign APEX modulesβupdatable units of highly-privileged OS codeβusing private keys from Androidβs public source repository. Anyone can forge an APEX update for such a device to gain nearβ¦
π9π₯2β€1
Complete guide on how Bluetooth and BLE works
It also includes source code for a server and client Android apps that demonstrate the communication
https://proandroiddev.com/android-bluetooth-and-ble-the-modern-way-a-complete-guide-4e95138998a0
It also includes source code for a server and client Android apps that demonstrate the communication
https://proandroiddev.com/android-bluetooth-and-ble-the-modern-way-a-complete-guide-4e95138998a0
Medium
Android, Bluetooth and BLE the modern way: a complete guide
Bluetooth is an immensely fun technology to work with. Once you learn how to search for and communicate with devices, you will be surprisedβ¦
π₯11π3
Twelve Android apps containing VajraSpy RAT used by the Patchwork APT group. Six of these apps had previously been available on Google Play; together they reached over 1,400 installs
https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/
https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/
Welivesecurity
VajraSpy: A Patchwork of espionage apps
ESET researchers discovered several Android apps that posed as messaging tools but carried VajraSpy, a RAT used by the Patchwork APT group
π10β€3
NetHunter Hacker XII: Master Social Engineering using SET
Explained SET attack vectors such as create e-mail template, site clone, credential harvester, mass mailer, Arduino attacks, web jacking attack.
Also how to fix common errors and attack prevention tips
https://www.mobile-hacker.com/2024/02/02/nethunter-hacker-xii-master-social-engineering-using-set/
Explained SET attack vectors such as create e-mail template, site clone, credential harvester, mass mailer, Arduino attacks, web jacking attack.
Also how to fix common errors and attack prevention tips
https://www.mobile-hacker.com/2024/02/02/nethunter-hacker-xii-master-social-engineering-using-set/
Mobile Hacker
NetHunter Hacker XII: Master Social Engineering using SET Mobile Hacker
Social engineering is a technique used by attackers to trick people into disclosing private information or doing activities that affect the security of a system or network. The Social-Engineer Toolkit (SET) is one of the most popular tools used in socialβ¦
π19β€1
Hacking a Smart Home Device
Reverse engineered an ESP32-based smart home device to gain remote control access and integrate it with Home Assistant
https://jmswrnr.com/blog/hacking-a-smart-home-device
Reverse engineered an ESP32-based smart home device to gain remote control access and integrate it with Home Assistant
https://jmswrnr.com/blog/hacking-a-smart-home-device
James Warner
Hacking a Smart Home Device
How I reverse engineered an ESP32-based smart home device to gain remote control access and integrate it with Home Assistant.
π17
Analysis of Android settings during a forensic investigation
https://blog.digital-forensics.it/2024/01/analysis-of-android-settings-during.html
https://blog.digital-forensics.it/2024/01/analysis-of-android-settings-during.html
blog.digital-forensics.it
Analysis of Android settings during a forensic investigation
DFIR research
π14β€3
MobSF Remote code execution (via CVE-2024-21633)
https://github.com/0x33c0unt/CVE-2024-21633
https://github.com/0x33c0unt/CVE-2024-21633
GitHub
GitHub - 0x33c0unt/CVE-2024-21633: MobSF Remote code execution (via CVE-2024-21633)
MobSF Remote code execution (via CVE-2024-21633). Contribute to 0x33c0unt/CVE-2024-21633 development by creating an account on GitHub.
π16π€―8π»1
Commercial spyware companies are behind most zero-day exploits - discovered by Google
Blog: https://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/
PDF: https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Buying_Spying_-_Insights_into_Commercial_Surveillance_Vendors_-_TAG_report.pdf
Blog: https://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/
PDF: https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Buying_Spying_-_Insights_into_Commercial_Surveillance_Vendors_-_TAG_report.pdf
Google
Buying Spying: How the commercial surveillance industry works and what can be done about it
The latest report from Threat Analysis Group documents the rise of commercial surveillance vendors and the industry that threatens free speech, the free press and the opβ¦
π₯7β€3π2π»1
Android Content Providers 101
https://www.pentestpartners.com/security-blog/android-content-providers-101/
https://www.pentestpartners.com/security-blog/android-content-providers-101/
Pentestpartners
Android Content Providers 101 | Pen Test Partners
Introduction Android has a number of different types of components that a program or app can instantiate to interact with the user or other programs. Recently I've been looking at exported as an interesting way to manipulate information that other apps haveβ¦
π9π»1
Operation triangulation - Keychain module analysis
https://shindan.io/posts/keychain_module_analysis/
https://shindan.io/posts/keychain_module_analysis/
shindan.io
Operation triangulation - Keychain module analysis.
Operation Triangulation is the name of an attack that has been targeting Kaspersky employees among others.
Kaspersky has published a lot of really interesting blogposts detailing the exploit chain and how they caught all the samples.
https://securelist.com/trngβ¦
Kaspersky has published a lot of really interesting blogposts detailing the exploit chain and how they caught all the samples.
https://securelist.com/trngβ¦
π12π»1
Google Play Protect will soon automatically block sideloading Android apps if they request one of these four permissions: RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility
https://security.googleblog.com/2024/02/piloting-new-ways-to-protect-Android-users-from%20financial-fraud.html
https://security.googleblog.com/2024/02/piloting-new-ways-to-protect-Android-users-from%20financial-fraud.html
Google Online Security Blog
Piloting new ways of protecting Android users from financial fraud
Posted by Eugene Liderman, Director of Mobile Security Strategy, Google From its founding , Android has been guided by principles of open...
π13π’7π€¬5β€1π»1