Portable Flipper Zero detector
Now you can detect any Flipper Zeros and BLE advertisement spam attacks in vicinity using Android Bluetooth LE Spam app
https://www.mobile-hacker.com/2024/01/09/how-to-detect-flipper-zero-and-bluetooth-advertisement-attacks/
Now you can detect any Flipper Zeros and BLE advertisement spam attacks in vicinity using Android Bluetooth LE Spam app
https://www.mobile-hacker.com/2024/01/09/how-to-detect-flipper-zero-and-bluetooth-advertisement-attacks/
๐11โค2
Analysis of iOS Info Stealer malware distributed via phishing website
https://medium.com/@icebre4ker/analysis-of-an-info-stealer-chapter-2-the-ios-app-0529e7b45405
https://medium.com/@icebre4ker/analysis-of-an-info-stealer-chapter-2-the-ios-app-0529e7b45405
Medium
Analysis of an Info Stealer โ Chapter 2: The iOS App
Introduction
๐16
Android DeviceVersionFragment.java Privilege Escalation Exploit for Pixel Watch (CVE-2023-48418)
https://0day.today/exploit/description/39237
https://0day.today/exploit/description/39237
๐13
Financial Fraud APK Campaign targeting Chinese users
https://unit42.paloaltonetworks.com/malicious-apks-steal-pii-from-chinese-users/
https://unit42.paloaltonetworks.com/malicious-apks-steal-pii-from-chinese-users/
Unit 42
Financial Fraud APK Campaign
Drawing attention to the ways threat actors steal PII for financial fraud, this article focuses on a malicious APK campaign aimed at Chinese users.
๐12๐2
GrapheneOS: Frequent Android auto-reboots block firmware exploits
https://www.bleepingcomputer.com/news/security/grapheneos-frequent-android-auto-reboots-block-firmware-exploits/
https://www.bleepingcomputer.com/news/security/grapheneos-frequent-android-auto-reboots-block-firmware-exploits/
BleepingComputer
GrapheneOS: Frequent Android auto-reboots block firmware exploits
GrapheneOS, a privacy and security-focused Android-based operating system, has posted a series of tweets on X suggesting that Android should introduce frequent auto-reboots to make it harder for forensic software vendors to exploit firmware flaws and spyโฆ
๐17๐7โค3
Xiaomi HyperOS BootLoader Bypass
A PoC that exploits a vulnerability to bypass the Xiaomi HyperOS community restrictions of BootLoader unlocked account bindings
https://github.com/MlgmXyysd/Xiaomi-HyperOS-BootLoader-Bypass#xiaomi-hyperos-bootloader-bypass
A PoC that exploits a vulnerability to bypass the Xiaomi HyperOS community restrictions of BootLoader unlocked account bindings
https://github.com/MlgmXyysd/Xiaomi-HyperOS-BootLoader-Bypass#xiaomi-hyperos-bootloader-bypass
GitHub
GitHub - MlgmXyysd/Xiaomi-HyperOS-BootLoader-Bypass: A PoC that exploits a vulnerability to bypass the Xiaomi HyperOS communityโฆ
A PoC that exploits a vulnerability to bypass the Xiaomi HyperOS community restrictions of BootLoader unlocked account bindings. - MlgmXyysd/Xiaomi-HyperOS-BootLoader-Bypass
๐17๐3โค2
Deobfuscating Android ARM64 strings with Ghidra: Emulating, Patching, and Automating
https://blog.nviso.eu/2024/01/15/deobfuscating-android-arm64-strings-with-ghidra-emulating-patching-and-automating/
https://blog.nviso.eu/2024/01/15/deobfuscating-android-arm64-strings-with-ghidra-emulating-patching-and-automating/
NVISO Labs
Deobfuscating Android ARM64 strings with Ghidra: Emulating, Patching, and Automating
In a recent engagement I had to deal with some custom encrypted strings inside an Android ARM64 app. I had a lot of fun reversing the app and in the process I learned a few cool new techniques whicโฆ
๐17
A lightweight method to detect potential iOS malware
https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/
https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/
Securelist
Detecting iOS malware via Shutdown.log file
Analyzing Shutdown.log file as a lightweight method to detect indicators of infection with sophisticated iOS malware such as Pegasus, Reign and Predator.
๐9
XSS & Command Injection in Android โ MobileHackingLab โPost Boardโ Write-up
https://ajmal-moochingal.medium.com/xss-command-injection-in-android-mobilehackinglab-post-board-write-up-ae9497829615
https://ajmal-moochingal.medium.com/xss-command-injection-in-android-mobilehackinglab-post-board-write-up-ae9497829615
Medium
XSS & Command Injection in Android โ MobileHackingLab โPost Boardโ Write-up
A lab that covers XSS in a WebView within Android which could be exploited by other apps in the device, combined with a Command Injectionโฆ
๐18๐คก6โค1
Bigpanzi botnet infects 170,000 Android TV boxes with malware
https://blog.xlab.qianxin.com/bigpanzi-exposed-hidden-cyber-threat-behind-your-stb/
https://blog.xlab.qianxin.com/bigpanzi-exposed-hidden-cyber-threat-behind-your-stb/
ๅฅๅฎไฟก X ๅฎ้ชๅฎค
Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box
Background
Some time ago, we intercepted a dubious ELF sample exhibiting zero detection on VirusTotal. This sample, named pandoraspear and employing a modified UPX shell, has an MD5 signature of 9a1a6d484297a4e5d6249253f216ed69. Our analysis revealed thatโฆ
Some time ago, we intercepted a dubious ELF sample exhibiting zero detection on VirusTotal. This sample, named pandoraspear and employing a modified UPX shell, has an MD5 signature of 9a1a6d484297a4e5d6249253f216ed69. Our analysis revealed thatโฆ
๐13
MavenGate: a supply chain attack method for Java and Android applications
https://blog.oversecured.com/Introducing-MavenGate-a-supply-chain-attack-method-for-Java-and-Android-applications/
https://blog.oversecured.com/Introducing-MavenGate-a-supply-chain-attack-method-for-Java-and-Android-applications/
News, Techniques & Guides
Introducing MavenGate: a supply chain attack method for Java and Android applications
More recently, the cybersecurity community has seen numerous studies of supply chain attacks on Web apps.
๐14โค1
Getting Started with iOS Penetration Testing โโPart 1: The Setup
https://sahil-security-nerd07.medium.com/getting-started-with-ios-penetration-testing-part-1-the-setup-e322c73ab9a0
https://sahil-security-nerd07.medium.com/getting-started-with-ios-penetration-testing-part-1-the-setup-e322c73ab9a0
Medium
Getting Started with iOS Penetration Testing, The Setup.
Introduction:
๐ฅ19๐ฅฑ5๐3โค1
2023_Mobile_Banking_Heists_Report.pdf
13.3 MB
Mobile Banking Heists Report 2023: 29 Malware Families Targeting 1,800 Mobile Banking Apps
๐18
Mobile malware analysis for the BBC of TeaBot (Anatsa) banking trojan impersonating PDF AI: Add-On app
https://www.pentestpartners.com/security-blog/mobile-malware-analysis-for-the-bbc/
https://www.pentestpartners.com/security-blog/mobile-malware-analysis-for-the-bbc/
Pentestpartners
Mobile malware analysis for the BBC | Pen Test Partners
This is a version of our report referenced in the Helping a mobile malware fraud victim blog post, with all sensitive information removed. Summary One malicious application was identified on the device, and evidence identified during the examination strongโฆ
๐ฅ5๐คก4๐3๐2๐2
PoC to takeover Android using another Android by exploiting critical Bluetooth vulnerability to install Metasploit without proper Bluetooth pairing (CVE-2023-45866). It still affects Android 10 and bellow.
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
Mobile Hacker
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing Mobile Hacker
[update 2024-02-19] This vulnerability can be even used to remotely wipe data of targeted Android smartphone. Using this vulnerability it is possible to guess user lock screen PIN. After five incorrect PINs device is locked out for 30 seconds. This operationโฆ
๐19๐ฅ10๐คก5โค2
Hunting for Android Privilege Escalation with a 32 Line Fuzzer
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hunting-for-android-privilege-escalation-with-a-32-line-fuzzer/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hunting-for-android-privilege-escalation-with-a-32-line-fuzzer/
Levelblue
Hunting for Android Privilege Escalation with a 32 Line Fuzzer
Trustwave SpiderLabs tested a couple of Android OS-based mobile devices to conduct the research on privilege escalation scenarios.
๐7
Pakistan-based Threat Actor Targets Indians with Fake Loan Android Application
https://www.cyfirma.com/outofband/pakistan-based-threat-actor-targets-indians-with-fake-loan-android-application/
https://www.cyfirma.com/outofband/pakistan-based-threat-actor-targets-indians-with-fake-loan-android-application/
CYFIRMA
Pakistan-based Threat Actor Targets Indians with Fake Loan Android Application - CYFIRMA
EXECUTIVE SUMMARY The team at CYFIRMA recently identified a pattern where unknown threat actors utilize Android malware to target individuals...
๐คฃ18๐8๐5
Android-based PAX Technology Point of Sale (POS) vulnerabilities
CVE-2023-42133 - Reserved
CVE-2023-42134 - Signed partition overwrite and subsequently local code execution as root via hidden bootloader command
CVE-2023-42135 - Local code execution as root via kernel parameter injection in fastboot
CVE-2023-42136 - Privilege escalation from any user/application to system user via shell injection binder-exposed service
CVE-2023-42137 - Privilege escalation from system/shell user to root via insecure operations in systool_server daemon
CVE-2023-4818 - Bootloader downgrade via improper tokenization
https://blog.stmcyber.com/pax-pos-cves-2023/
CVE-2023-42133 - Reserved
CVE-2023-42134 - Signed partition overwrite and subsequently local code execution as root via hidden bootloader command
CVE-2023-42135 - Local code execution as root via kernel parameter injection in fastboot
CVE-2023-42136 - Privilege escalation from any user/application to system user via shell injection binder-exposed service
CVE-2023-42137 - Privilege escalation from system/shell user to root via insecure operations in systool_server daemon
CVE-2023-4818 - Bootloader downgrade via improper tokenization
https://blog.stmcyber.com/pax-pos-cves-2023/
STM Cyber Blog
Android-based PAX POS vulnerabilities (Part 1) - STM Cyber Blog
In this article, we present details of 6 vulnerabilities on the Android POS devices made by the worldwide known company PAX Technology.
๐13
Android Deep Links & WebViews Exploitations Part I
https://medium.com/@justmobilesec/deep-links-webviews-exploitations-part-i-452e8aad124f
https://medium.com/@justmobilesec/deep-links-webviews-exploitations-part-i-452e8aad124f
Medium
Deep Links & WebViews Exploitations Part I
TLDR: This post is the first of a two-part series covering Deep Links & WebViews Exploitations. This article focuses on WebViews. Itโฆ
๐15
APK Obfucation Detection - detect code obfuscation through text classification in the detection process
https://github.com/liansecurityOS/apk-obfucation-detection
https://github.com/liansecurityOS/apk-obfucation-detection
GitHub
GitHub - liansecurityOS/apk-obfucation-detection: Detect code obfuscation through text classification in the detection process.
Detect code obfuscation through text classification in the detection process. - liansecurityOS/apk-obfucation-detection
๐18๐2โค1