Twelve Android apps containing VajraSpy RAT used by the Patchwork APT group. Six of these apps had previously been available on Google Play; together they reached over 1,400 installs
https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/
https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/
Welivesecurity
VajraSpy: A Patchwork of espionage apps
ESET researchers discovered several Android apps that posed as messaging tools but carried VajraSpy, a RAT used by the Patchwork APT group
π10β€3
NetHunter Hacker XII: Master Social Engineering using SET
Explained SET attack vectors such as create e-mail template, site clone, credential harvester, mass mailer, Arduino attacks, web jacking attack.
Also how to fix common errors and attack prevention tips
https://www.mobile-hacker.com/2024/02/02/nethunter-hacker-xii-master-social-engineering-using-set/
Explained SET attack vectors such as create e-mail template, site clone, credential harvester, mass mailer, Arduino attacks, web jacking attack.
Also how to fix common errors and attack prevention tips
https://www.mobile-hacker.com/2024/02/02/nethunter-hacker-xii-master-social-engineering-using-set/
Mobile Hacker
NetHunter Hacker XII: Master Social Engineering using SET Mobile Hacker
Social engineering is a technique used by attackers to trick people into disclosing private information or doing activities that affect the security of a system or network. The Social-Engineer Toolkit (SET) is one of the most popular tools used in socialβ¦
π19β€1
Hacking a Smart Home Device
Reverse engineered an ESP32-based smart home device to gain remote control access and integrate it with Home Assistant
https://jmswrnr.com/blog/hacking-a-smart-home-device
Reverse engineered an ESP32-based smart home device to gain remote control access and integrate it with Home Assistant
https://jmswrnr.com/blog/hacking-a-smart-home-device
James Warner
Hacking a Smart Home Device
How I reverse engineered an ESP32-based smart home device to gain remote control access and integrate it with Home Assistant.
π17
Analysis of Android settings during a forensic investigation
https://blog.digital-forensics.it/2024/01/analysis-of-android-settings-during.html
https://blog.digital-forensics.it/2024/01/analysis-of-android-settings-during.html
blog.digital-forensics.it
Analysis of Android settings during a forensic investigation
DFIR research
π14β€3
MobSF Remote code execution (via CVE-2024-21633)
https://github.com/0x33c0unt/CVE-2024-21633
https://github.com/0x33c0unt/CVE-2024-21633
GitHub
GitHub - 0x33c0unt/CVE-2024-21633: MobSF Remote code execution (via CVE-2024-21633)
MobSF Remote code execution (via CVE-2024-21633). Contribute to 0x33c0unt/CVE-2024-21633 development by creating an account on GitHub.
π16π€―8π»1
Commercial spyware companies are behind most zero-day exploits - discovered by Google
Blog: https://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/
PDF: https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Buying_Spying_-_Insights_into_Commercial_Surveillance_Vendors_-_TAG_report.pdf
Blog: https://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/
PDF: https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Buying_Spying_-_Insights_into_Commercial_Surveillance_Vendors_-_TAG_report.pdf
Google
Buying Spying: How the commercial surveillance industry works and what can be done about it
The latest report from Threat Analysis Group documents the rise of commercial surveillance vendors and the industry that threatens free speech, the free press and the opβ¦
π₯7β€3π2π»1
Android Content Providers 101
https://www.pentestpartners.com/security-blog/android-content-providers-101/
https://www.pentestpartners.com/security-blog/android-content-providers-101/
Pentestpartners
Android Content Providers 101 | Pen Test Partners
Introduction Android has a number of different types of components that a program or app can instantiate to interact with the user or other programs. Recently I've been looking at exported as an interesting way to manipulate information that other apps haveβ¦
π9π»1
Operation triangulation - Keychain module analysis
https://shindan.io/posts/keychain_module_analysis/
https://shindan.io/posts/keychain_module_analysis/
shindan.io
Operation triangulation - Keychain module analysis.
Operation Triangulation is the name of an attack that has been targeting Kaspersky employees among others.
Kaspersky has published a lot of really interesting blogposts detailing the exploit chain and how they caught all the samples.
https://securelist.com/trngβ¦
Kaspersky has published a lot of really interesting blogposts detailing the exploit chain and how they caught all the samples.
https://securelist.com/trngβ¦
π12π»1
Google Play Protect will soon automatically block sideloading Android apps if they request one of these four permissions: RECEIVE_SMS, READ_SMS, BIND_Notifications, and Accessibility
https://security.googleblog.com/2024/02/piloting-new-ways-to-protect-Android-users-from%20financial-fraud.html
https://security.googleblog.com/2024/02/piloting-new-ways-to-protect-Android-users-from%20financial-fraud.html
Google Online Security Blog
Piloting new ways of protecting Android users from financial fraud
Posted by Eugene Liderman, Director of Mobile Security Strategy, Google From its founding , Android has been guided by principles of open...
π13π’7π€¬5β€1π»1
Reverse engineering of Android Phoenix RAT
Analysis: https://cryptax.medium.com/reverse-engineering-of-android-phoenix-b59693c03bd3
Phoenix overview: https://cryptax.medium.com/android-phoenix-authors-claims-sample-identification-and-trends-f199cbc9901d
Analysis: https://cryptax.medium.com/reverse-engineering-of-android-phoenix-b59693c03bd3
Phoenix overview: https://cryptax.medium.com/android-phoenix-authors-claims-sample-identification-and-trends-f199cbc9901d
Medium
Reverse engineering of Android/Phoenix
Android/Phoenix is a malicious Remote Access Tool. Its main goal is to extensively spy on the victimβs phone (grab all screenshots, stealβ¦
π9β€2π»2
Analysis of an Info Stealer β Chapter 2: The iOS App
https://medium.com/@icebre4ker/analysis-of-an-info-stealer-chapter-2-the-ios-app-0529e7b45405
https://medium.com/@icebre4ker/analysis-of-an-info-stealer-chapter-2-the-ios-app-0529e7b45405
Medium
Analysis of an Info Stealer β Chapter 2: The iOS App
Introduction
β€7π3π€3π»1
Analysis of an Info Stealer β Chapter 3: The Android App
https://medium.com/@icebre4ker/analysis-of-an-info-stealer-chapter-3-the-android-app-54ba3068b537
https://medium.com/@icebre4ker/analysis-of-an-info-stealer-chapter-3-the-android-app-54ba3068b537
Medium
Analysis of an Info Stealer β Chapter 3: The Android App
Introduction & Preface
π₯8π4β€2π1
MoqHao evolution: New variants start automatically right after installation
MoqHao aka XLoader is an Android malware operated by a financially motivated threat actor named Roaming Mantis.
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/moqhao-evolution-new-variants-start-automatically-right-after-installation/
MoqHao aka XLoader is an Android malware operated by a financially motivated threat actor named Roaming Mantis.
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/moqhao-evolution-new-variants-start-automatically-right-after-installation/
McAfee Blog
MoqHao evolution: New variants start automatically right after installation | McAfee Blog
Authored by Dexter Shin MoqHao is a well-known Android malware family associated with the Roaming Mantis threat actor group first discovered in 2015.
π10β€3π1π»1
NetHunter Hacker XIII: Overall guide to MITM framework
New blog covers methods that attackers may employ to intercept network communication like in a video that demonstrates using SSLStrip+ and DNS change to intercept HTTPS and bypass HSTS via MITMf
https://www.mobile-hacker.com/2024/02/13/nethunter-hacker-xiii-overall-guide-to-mitm-framework/
New blog covers methods that attackers may employ to intercept network communication like in a video that demonstrates using SSLStrip+ and DNS change to intercept HTTPS and bypass HSTS via MITMf
https://www.mobile-hacker.com/2024/02/13/nethunter-hacker-xiii-overall-guide-to-mitm-framework/
Mobile Hacker
NetHunter Hacker XIII: Overall guide to MITM framework Mobile Hacker
I will cover the several methods that attackers may employ to intercept network communication to execute ARP poisoning, HTTP and HTTPS traffic interception, and DNS spoofing. In the video below is a demonstration of using SSLstrip and DNS change to interceptβ¦
π13β‘2β€1
SIM Hijacking
https://sensepost.com/blog/2022/sim-hijacking/
https://sensepost.com/blog/2022/sim-hijacking/
π15β‘1
Mobile Threat Landscape Report for 2023
Report includes review of Android and iOS vulnerabilities and malware in 2023
https://www.lookout.com/threat-intelligence/report/mobile-landscape-threat-report
Report includes review of Android and iOS vulnerabilities and malware in 2023
https://www.lookout.com/threat-intelligence/report/mobile-landscape-threat-report
Lookout
Mobile Landscape Threat Report
Based on an analysis of Lookoutβs security dataset of more than 300 million mobile apps, 220 million mobile devices, and billions of web items, Lookout has authored the Mobile Threat Landscape Report.
π10β€2
iOS and Android Trojan harvesting facial recognition data used for unauthorized access to bank accounts
https://www.group-ib.com/blog/goldfactory-ios-trojan/
https://www.group-ib.com/blog/goldfactory-ios-trojan/
Group-IB
Face Off: Group-IB identifies first iOS trojan stealing facial recognition data
Group-IB uncovers the first iOS Trojan harvesting facial recognition data used for unauthorized access to bank accounts. The GoldDigger family grows
π13π₯7
Dusting Off Old Fingerprints: NSO Groupβs Unknown MMS Hack
https://www.enea.com/insights/dusting-off-old-fingerprints-nso-groups-unknown-mms-hack/
https://www.enea.com/insights/dusting-off-old-fingerprints-nso-groups-unknown-mms-hack/
Enea
Dusting off Old Fingerprints: NSO Group's Unknown MMS Hack
π13β€3π₯1
Android SpyNote RAT Moves to Crypto Currencies
https://www.fortinet.com/blog/threat-research/android-spynote-moves-to-crypto-currencies
https://www.fortinet.com/blog/threat-research/android-spynote-moves-to-crypto-currencies
Fortinet Blog
Android/SpyNote Moves to Crypto Currencies
FortiGuard investigates a hot new sample of Android/SpyNote, which shows the malware authors stealing crypto currencies from crypto wallets.β¦
β€11π6
New WiFi authentication vulnerabilities discovered affecting Android, ChromeOS and Linux devices
CVE-2023-52160 (βPhase-2 bypassβ): This vulnerability can be exploited by an attacker to deceive the victim into connecting to a fake Wi-Fi network set up by the adversary. Once connected, the attacker can intercept and monitor the victimβs network traffic
CVE-2023-52161 (β4-way bypassβ): It allows an adversary to gain full access to an existing protected WiFi network, exposing existing users and devices
PoC exploit is not available.
https://www.top10vpn.com/research/wifi-vulnerabilities/
CVE-2023-52160 (βPhase-2 bypassβ): This vulnerability can be exploited by an attacker to deceive the victim into connecting to a fake Wi-Fi network set up by the adversary. Once connected, the attacker can intercept and monitor the victimβs network traffic
CVE-2023-52161 (β4-way bypassβ): It allows an adversary to gain full access to an existing protected WiFi network, exposing existing users and devices
PoC exploit is not available.
https://www.top10vpn.com/research/wifi-vulnerabilities/
Top10Vpn
New WiFi Authentication Vulnerabilities Discovered
Two new WiFi vulnerabilities allow hackers to trick you into connecting to fake hotspots and steal your data, and join secure networks without the password.
β€13π5π4π₯2
Ghost files in the shared preferences
https://valsamaras.medium.com/ghost-files-in-the-shared-preferences-8d75226c23c0
https://valsamaras.medium.com/ghost-files-in-the-shared-preferences-8d75226c23c0
Medium
Ghost files in the shared preferences
Have you ever encountered an exceptionally clever bug, only to be thwarted by an unforeseen obstacle just moments before exploiting itβ¦
π13