Analysis of Android downloader
https://cryptax.medium.com/an-apparently-benign-app-distribution-scheme-which-has-all-it-takes-to-turn-very-ugly-f733be528535
https://cryptax.medium.com/an-apparently-benign-app-distribution-scheme-which-has-all-it-takes-to-turn-very-ugly-f733be528535
Medium
An apparently benign app distribution scheme which has all it takes to turn (very) ugly
This articles discusses a recent Android sample from January 2021. It was first scanned on the 11th, but according to its certificateβ¦
Barcode Scanner app on Google Play infects 10 million users with one update
https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/
https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/
Malwarebytes Labs
Barcode Scanner app on Google Play infects 10 million users with one update - Malwarebytes Labs
In a single update, a popular barcode scanner app that had been on Google Play for years turned into malware.
Insecure Data Storage: Clear Text Storage of Sensitive Information (Hard-coded strings, credentials, tokens & keys)
https://medium.com/mobis3c/insecure-data-storage-clear-text-storage-of-sensitive-information-hard-coded-strings-fb7b056c0d0
https://medium.com/mobis3c/insecure-data-storage-clear-text-storage-of-sensitive-information-hard-coded-strings-fb7b056c0d0
Medium
Insecure Data Storage: Clear Text Storage of Sensitive Information (Hard-coded strings, credentials, tokens & keys)
Before we get started, we need to have the apk which can be extracted from the device by installing the application through the play storeβ¦
Domestic Kitten (APT-C-50) β An Inside Look at the Iranian Surveillance Operations
https://research.checkpoint.com/2021/domestic-kitten-an-inside-look-at-the-iranian-surveillance-operations/
https://research.checkpoint.com/2021/domestic-kitten-an-inside-look-at-the-iranian-surveillance-operations/
Check Point Research
Domestic Kitten β An Inside Look at the Iranian Surveillance Operations - Check Point Research
Overview Despite the reveal of βDomestic Kittenβ by Check Point in 2018, APT-C-50 has not stopped conducting extensive surveillance operations against Iranian citizens that could pose a threat to the stability of the Iranian regime, including internal dissidentsβ¦
Couple of bugs disclosed for Huawei, Motorola, OPPO, Mediatek, Vivo, Meizu, ZTE, K-Touch, Transsion, Digitime devices
Issues: ADB private key leak, a cloud services key leak, and permissions bypass for system APIs
https://bugs.chromium.org/p/apvi/issues/list?q=&can=1
Issues: ADB private key leak, a cloud services key leak, and permissions bypass for system APIs
https://bugs.chromium.org/p/apvi/issues/list?q=&can=1
Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows
https://blog.talosintelligence.com/2021/02/kasablanka-lodarat.html
https://blog.talosintelligence.com/2021/02/kasablanka-lodarat.html
Talosintelligence
Kasablanka Group's LodaRAT improves espionage capabilities on Android and Windows
A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
Discovered Confucius APT Android Spyware Linked to India-Pakistan Conflict
https://blog.lookout.com/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict
https://blog.lookout.com/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict
Lookout
Lookout Discovers Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict
The Lookout Threat Intelligence team has discovered two novel Android surveillanceware β Hornbill and SunBird. We believe with high confidence that these surveillance tools are used by the advanced persistent threat group (APT) Confucius, which first appearedβ¦
SHAREit Flaw Could Lead to Remote Code Execution
https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html
https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html
Trend Micro
SHAREit Flaw Could Lead to Remote Code Execution
We discovered vulnerabilities in the SHAREit application. The vulns can be abused to leak a userβs sensitive data, execute arbitrary code, and possibly lead to remote code execution. The app has over 1 billion downloads.
Stealing Facebook access token and WebView cookies from SHAREit using 3rd party app (not fixed)
https://youtu.be/D2d8AL1jtes
https://youtu.be/D2d8AL1jtes
YouTube
SHAREit app allows stealing Facebook access token and WebView Cookies | not fixed vulnerabilities
Stealing Facebook access token from SHAREit using 3rd party app (not fixed yet)I created this quick PoC based on @TrendMicroRSRCH discovery.This and couple m...
Hunting for bugs in Telegram's animated stickers remote attack surface
https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/
https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/
Shielder
Shielder - Hunting for bugs in Telegram's animated stickers remote attack surface
polict's 2020 journey in researching the lottie animation format, its integration in mobile apps and the vulnerabilities triggerable by a remote attacker against any Telegram user.
Analyzing Clubhouse for fun and profit
https://theori.io/research/korean/analyzing-clubhouse/
https://theori.io/research/korean/analyzing-clubhouse/
Theori
Analyzing Clubhouse for fun and profit
Clubhouse (μ΄ν βν΄λ½νμ°μ€β)λ 2020λ
Alpha Exploration Co μ¬μμ κ°λ°ν μ€λμ€ μ±ν
ννμ μμ
λ€νΈμνΉ μ±μ
λλ€. μ΅κ·Ό νκ΅μμλ μΈκΈ°λ₯Ό λνλ©° μ΄λμ₯μ΄ λΉκ·Όλ§μΌμμ ν맀λκ±°λ ν΄λ½νμ°μ€λ₯Ό μ¬μ©ν΄λ³΄κΈ° μν΄ μ€κ³ μμ΄ν°μ ꡬ맀νλ μ¬λλ€λ μκΈΈ μ λμλλ°μ. Elon Muskλ λ
Ένμ² λκ³Ό κ°μ μ λͺ
μΈμ¬λ€λ κ°μ
ν΄μ μ κ·Ήμ μΌλ‘ νλνλ©΄μ λ μ‘°λͺ
μ λ°μ κ² κ°μ΅λλ€. μ΄λ° μμ²λ μΈκΈ° λλΆμ μΌλ§μ 1μ‘°μ μ΄μμ κΈ°μ
κ°μΉλ₯Όβ¦
βScamClubβ Bypasses Iframe Sandboxing With postMessage() to deliver malvertism ads [CVE-2021β1801]
https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
Medium
Malvertiser βScamClubβ Bypasses Iframe Sandboxing With postMessage() Shenanigans [CVE-2021β1801]
This blog post is about the mechanics of a long tail iframe sandbox bypass found in a payload belonging to the persistent malvertisingβ¦
How to intercept traffic from Android apps with Objection and Burp
https://youtu.be/Ft3H-3J67UE
https://youtu.be/Ft3H-3J67UE
YouTube
How to intercept traffic from Android apps with Objection and Burp
Raw and uncut tutorial on how to MITM Android apps with Objection and Burp.Social:Twitter: https://twitter.com/b3nacβWebsite: https://b3nac.comβTwitch: https...
Reverse Engineering Clubhouse
https://www.klmlabs.co/blog/club-house-observations-th5x8
https://www.klmlabs.co/blog/club-house-observations-th5x8
KLM Labs
Reverse Engineering Clubhouse: My Observations β KLM Labs
Clubhouse is an application that has recently gained popularity in numerous countries for its ability to bring people together and have their voices and opinions heard. From my perspective, this type of platform is a new paradigm in social media and influence.β¦
Samsung Investigation Part 1: TEEs, TrustZone and TEEGRIS
https://www.riscure.com/blog/samsung-investigation-part1
https://www.riscure.com/blog/samsung-investigation-part1
Activation of arbitrary intent due to unsafe deserialization - CVE-2020-0082
This leads to EoP in Android 10.
It could start any privileged intent without permission.
With this vulnerability it would be possible to silently install and uninstall any app.
https://github.com/0x742/CVE-2020-0082-ExternalVibration
This leads to EoP in Android 10.
It could start any privileged intent without permission.
With this vulnerability it would be possible to silently install and uninstall any app.
https://github.com/0x742/CVE-2020-0082-ExternalVibration
GitHub
0x742/CVE-2020-0082-ExternalVibration
This repo contains a proof-of-concept for π±ππβ‘, a deserialization vuln for local escalation of privilege to system_server in Android 10. This proof-of-concept only activates a privileged intent. - ...
A Special Attack Surface in Android (β
‘) β The dangerous deeplinks
https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1359026676922851328
https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1359026676922851328
Using Frida to find hooks in Android applications (security products, malware, or even games deploying anti-cheat software)
https://corellium.com/blog/android-frida-finding-hooks
https://corellium.com/blog/android-frida-finding-hooks
Corellium
Using Frida to find hooks in Android applications
Using Frida to find hooks in an Android application