Reverse engineering of Android Phoenix RAT
Analysis: https://cryptax.medium.com/reverse-engineering-of-android-phoenix-b59693c03bd3
Phoenix overview: https://cryptax.medium.com/android-phoenix-authors-claims-sample-identification-and-trends-f199cbc9901d
Analysis: https://cryptax.medium.com/reverse-engineering-of-android-phoenix-b59693c03bd3
Phoenix overview: https://cryptax.medium.com/android-phoenix-authors-claims-sample-identification-and-trends-f199cbc9901d
Medium
Reverse engineering of Android/Phoenix
Android/Phoenix is a malicious Remote Access Tool. Its main goal is to extensively spy on the victimβs phone (grab all screenshots, stealβ¦
π9β€2π»2
Analysis of an Info Stealer β Chapter 2: The iOS App
https://medium.com/@icebre4ker/analysis-of-an-info-stealer-chapter-2-the-ios-app-0529e7b45405
https://medium.com/@icebre4ker/analysis-of-an-info-stealer-chapter-2-the-ios-app-0529e7b45405
Medium
Analysis of an Info Stealer β Chapter 2: The iOS App
Introduction
β€7π3π€3π»1
Analysis of an Info Stealer β Chapter 3: The Android App
https://medium.com/@icebre4ker/analysis-of-an-info-stealer-chapter-3-the-android-app-54ba3068b537
https://medium.com/@icebre4ker/analysis-of-an-info-stealer-chapter-3-the-android-app-54ba3068b537
Medium
Analysis of an Info Stealer β Chapter 3: The Android App
Introduction & Preface
π₯8π4β€2π1
MoqHao evolution: New variants start automatically right after installation
MoqHao aka XLoader is an Android malware operated by a financially motivated threat actor named Roaming Mantis.
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/moqhao-evolution-new-variants-start-automatically-right-after-installation/
MoqHao aka XLoader is an Android malware operated by a financially motivated threat actor named Roaming Mantis.
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/moqhao-evolution-new-variants-start-automatically-right-after-installation/
McAfee Blog
MoqHao evolution: New variants start automatically right after installation | McAfee Blog
Authored by Dexter Shin MoqHao is a well-known Android malware family associated with the Roaming Mantis threat actor group first discovered in 2015.
π10β€3π1π»1
NetHunter Hacker XIII: Overall guide to MITM framework
New blog covers methods that attackers may employ to intercept network communication like in a video that demonstrates using SSLStrip+ and DNS change to intercept HTTPS and bypass HSTS via MITMf
https://www.mobile-hacker.com/2024/02/13/nethunter-hacker-xiii-overall-guide-to-mitm-framework/
New blog covers methods that attackers may employ to intercept network communication like in a video that demonstrates using SSLStrip+ and DNS change to intercept HTTPS and bypass HSTS via MITMf
https://www.mobile-hacker.com/2024/02/13/nethunter-hacker-xiii-overall-guide-to-mitm-framework/
Mobile Hacker
NetHunter Hacker XIII: Overall guide to MITM framework Mobile Hacker
I will cover the several methods that attackers may employ to intercept network communication to execute ARP poisoning, HTTP and HTTPS traffic interception, and DNS spoofing. In the video below is a demonstration of using SSLstrip and DNS change to interceptβ¦
π13β‘2β€1
SIM Hijacking
https://sensepost.com/blog/2022/sim-hijacking/
https://sensepost.com/blog/2022/sim-hijacking/
π15β‘1
Mobile Threat Landscape Report for 2023
Report includes review of Android and iOS vulnerabilities and malware in 2023
https://www.lookout.com/threat-intelligence/report/mobile-landscape-threat-report
Report includes review of Android and iOS vulnerabilities and malware in 2023
https://www.lookout.com/threat-intelligence/report/mobile-landscape-threat-report
Lookout
Mobile Landscape Threat Report
Based on an analysis of Lookoutβs security dataset of more than 300 million mobile apps, 220 million mobile devices, and billions of web items, Lookout has authored the Mobile Threat Landscape Report.
π10β€2
iOS and Android Trojan harvesting facial recognition data used for unauthorized access to bank accounts
https://www.group-ib.com/blog/goldfactory-ios-trojan/
https://www.group-ib.com/blog/goldfactory-ios-trojan/
Group-IB
Face Off: Group-IB identifies first iOS trojan stealing facial recognition data
Group-IB uncovers the first iOS Trojan harvesting facial recognition data used for unauthorized access to bank accounts. The GoldDigger family grows
π13π₯7
Dusting Off Old Fingerprints: NSO Groupβs Unknown MMS Hack
https://www.enea.com/insights/dusting-off-old-fingerprints-nso-groups-unknown-mms-hack/
https://www.enea.com/insights/dusting-off-old-fingerprints-nso-groups-unknown-mms-hack/
Enea
Dusting off Old Fingerprints: NSO Group's Unknown MMS Hack
π13β€3π₯1
Android SpyNote RAT Moves to Crypto Currencies
https://www.fortinet.com/blog/threat-research/android-spynote-moves-to-crypto-currencies
https://www.fortinet.com/blog/threat-research/android-spynote-moves-to-crypto-currencies
Fortinet Blog
Android/SpyNote Moves to Crypto Currencies
FortiGuard investigates a hot new sample of Android/SpyNote, which shows the malware authors stealing crypto currencies from crypto wallets.β¦
β€11π6
New WiFi authentication vulnerabilities discovered affecting Android, ChromeOS and Linux devices
CVE-2023-52160 (βPhase-2 bypassβ): This vulnerability can be exploited by an attacker to deceive the victim into connecting to a fake Wi-Fi network set up by the adversary. Once connected, the attacker can intercept and monitor the victimβs network traffic
CVE-2023-52161 (β4-way bypassβ): It allows an adversary to gain full access to an existing protected WiFi network, exposing existing users and devices
PoC exploit is not available.
https://www.top10vpn.com/research/wifi-vulnerabilities/
CVE-2023-52160 (βPhase-2 bypassβ): This vulnerability can be exploited by an attacker to deceive the victim into connecting to a fake Wi-Fi network set up by the adversary. Once connected, the attacker can intercept and monitor the victimβs network traffic
CVE-2023-52161 (β4-way bypassβ): It allows an adversary to gain full access to an existing protected WiFi network, exposing existing users and devices
PoC exploit is not available.
https://www.top10vpn.com/research/wifi-vulnerabilities/
Top10Vpn
New WiFi Authentication Vulnerabilities Discovered
Two new WiFi vulnerabilities allow hackers to trick you into connecting to fake hotspots and steal your data, and join secure networks without the password.
β€13π5π4π₯2
Ghost files in the shared preferences
https://valsamaras.medium.com/ghost-files-in-the-shared-preferences-8d75226c23c0
https://valsamaras.medium.com/ghost-files-in-the-shared-preferences-8d75226c23c0
Medium
Ghost files in the shared preferences
Have you ever encountered an exceptionally clever bug, only to be thwarted by an unforeseen obstacle just moments before exploiting itβ¦
π13
Anatsa (TeaBot) Android Trojan Returns: Targeting Europe and Expanding Its Reach
Trojan reached on Google Play 10,000 installs, impersonating Phone Cleaner app.
The current campaign involves five droppers with over 100,000 total installations
https://www.threatfabric.com/blogs/anatsa-trojan-returns-targeting-europe-and-expanding-its-reach
Trojan reached on Google Play 10,000 installs, impersonating Phone Cleaner app.
The current campaign involves five droppers with over 100,000 total installations
https://www.threatfabric.com/blogs/anatsa-trojan-returns-targeting-europe-and-expanding-its-reach
ThreatFabric
Anatsa Trojan Returns: Targeting Europe and Expanding Its Reach
The Anatsa trojan returns, targeting Europe while expanding its reach.
π₯8π3β€2π₯±2π1π€1
Android file wiper implemented in native library as part of malware campaign
https://harfanglab.io/en/insidethelab/samecoin-malware-hamas/
https://harfanglab.io/en/insidethelab/samecoin-malware-hamas/
π₯±9β€1π1π₯1
Auto DNS poisoning
While charging Android smartphone via computer it is possible to perform automated and even remotely controlled DNS poisoning without any user interaction
Blog and video explains how it works, when it doesn't work and how to prevent it
https://www.mobile-hacker.com/2024/02/20/automated-dns-poisoning-using-android-while-charging-via-computer/
While charging Android smartphone via computer it is possible to perform automated and even remotely controlled DNS poisoning without any user interaction
Blog and video explains how it works, when it doesn't work and how to prevent it
https://www.mobile-hacker.com/2024/02/20/automated-dns-poisoning-using-android-while-charging-via-computer/
Mobile Hacker
Automated local DNS cache poisoning using Android while charging via computer Mobile Hacker
I will delve into using Android smartphone while charging from computer to perform automated DNS poisoning attack without any user interaction. I go through its results, downsides and effective prevention tips.
π14β€4π€―4
Analysis of Android HookBot malware
HookBot analysis: https://cebrf.knf.gov.pl/komunikaty/artykuly-csirt-knf/362-ostrzezenia/858-hookbot-a-new-mobile-malware
HookBot full report: https://cebrf.knf.gov.pl/images/HOOKBOT_CSIRT_KNF_ENG.pdf
HookBuilder analysis: https://cebrf.knf.gov.pl/images/Hookbot_Builder_-_Analyze_CSIRT_KNF.pdf
HookBot analysis: https://cebrf.knf.gov.pl/komunikaty/artykuly-csirt-knf/362-ostrzezenia/858-hookbot-a-new-mobile-malware
HookBot full report: https://cebrf.knf.gov.pl/images/HOOKBOT_CSIRT_KNF_ENG.pdf
HookBuilder analysis: https://cebrf.knf.gov.pl/images/Hookbot_Builder_-_Analyze_CSIRT_KNF.pdf
π9
Android Deep Links & WebViews Exploitations Part II
https://medium.com/@justmobilesec/deep-links-webviews-exploitations-part-ii-5c0b118ec6f1
https://medium.com/@justmobilesec/deep-links-webviews-exploitations-part-ii-5c0b118ec6f1
Medium
Deep Links & WebViews Exploitations Part II
TLDR: This post is the second of a two-part series covering Deep Links & WebViews Exploitations. This article focuses on Deep Links. Itβ¦
π15
NetHunter Hacker XIV: Find exploits using SearchSploit and setup Wi-Fi Pineapple connector
https://www.mobile-hacker.com/2024/02/27/nethunter-hacker-xiv-find-exploits-using-searchsploit-and-setup-wi-fi-pineapple-connector/
https://www.mobile-hacker.com/2024/02/27/nethunter-hacker-xiv-find-exploits-using-searchsploit-and-setup-wi-fi-pineapple-connector/
Mobile Hacker
NetHunter Hacker XIV: Find exploits using SearchSploit and setup Wi-Fi Pineapple connector Mobile Hacker
SearchSploit is a powerful command-line tool that is part of the NetHunter system, developed by Offensive Security. It is designed to help security professionals and penetration testers search for known vulnerabilities in software by leveraging a comprehensiveβ¦
π14β€6π₯°1
NetHunter Hacker XV: Use Nmap for network scanning
Nmap can also reveal open ports of file manager apps that are running local file sharing servers to allow local attacker to access files on device (video)
https://www.mobile-hacker.com/2024/03/01/nethunter-hacker-xv-use-nmap-for-network-scanning/
Nmap can also reveal open ports of file manager apps that are running local file sharing servers to allow local attacker to access files on device (video)
https://www.mobile-hacker.com/2024/03/01/nethunter-hacker-xv-use-nmap-for-network-scanning/
Mobile Hacker
NetHunter Hacker XV: Use Nmap for network scanning
Besides explaining NetHunterβs nmap user interface and its usage, we will take one extra step further to actually demonstrate its functionality on our router to search for open ports and known vulnerabilities.
π21π€2β€1
Unveiling iOS Vulnerabilities: A Deep Dive into Attacking iOS system
https://blog.devsecopsguides.com/attacking-ios
https://blog.devsecopsguides.com/attacking-ios
Devsecopsguides
Attacking IOS
In this comprehensive guide, we delve into the world of iOS security from an offensive perspective, shedding light on the various techniques and methodologies used by attackers to compromise iOS devices and infiltrate their sensitive data.
π12β€2π€2
On-Device Fraud on the rise: exposing a recent Android Copybara fraud campaign
https://www.cleafy.com/cleafy-labs/on-device-fraud-on-the-rise-exposing-a-recent-copybara-fraud-campaign
https://www.cleafy.com/cleafy-labs/on-device-fraud-on-the-rise-exposing-a-recent-copybara-fraud-campaign
Cleafy
On-Device Fraud on the rise: exposing a recent Copybara fraud campaign | Cleafy Labs
Uncover the persistent threat of Account Takeover (ATO) and the emerging challenge of On-Device Fraud (ODF) in online banking. Learn how advanced Android banking trojans Copybara enable remote-controlled attacks and explore the tactics of threat actors, fromβ¦
π10π₯4