With physical access to Android device with enabled ADB debugging running Android 12 or 13 before receiving March 2024 security patch, it is possible to access internal data of any user installed app by misusing CVE-2024-0044 vulnerability. Internal data…

We will explore features of using Metasploit payload generator on NetHunter, and show you how to create and deliver custom payloads to Android smartphone

Summary
We (Julien Ahrens @MrTuxracer and myself @Evan_Connelly) identified nearly 30 popular apps, as well as a feature within iOS itself, vulnerable to an attack in which any installed iOS app from the Apple App Store could perform an account takeover of…

When it comes to mobile devices, Android is the most popular and used operating system with over 3.9 billion active users in over 190 countries.

FileSystem Monitor (fsmon) allows you to monitor file system events at runtime on Linux, OSX, iOS and Android systems. Useful for bug bounty hunters, malware analyst

Threat actors are constantly working on novel ways to target users across the globe. This blog is about SpyMax, an […]

Discover the latest insights from the Cleafy Threat Intelligence team on new fraud campaigns involving the Medusa (TangleBot) banking trojan. Learn about Medusa's sophisticated capabilities, recent updates, and shifts in distribution strategies targeting…

Access cards – those little plastic rectangles that grant us entry to buildings, parking lots, and secure areas. But what if I told you that these cards can be cloned, and even emulated? Enter the Proxmark3, a powerful tool that opens doors (literally) to…

Automated Android custom unpacker generator. Contribute to LaurieWired/BadUnboxing development by creating an account on GitHub.

SentinelLABS has identified four new CapraRAT APKs associated with suspected Pakistan state-aligned actor Transparent Tribe.

BlueToolkit is an extensible Bluetooth Classic vulnerability automated testing framework. It’s designed to uncover both new and old vulnerabilities in Bluetooth-enabled devices. Moreover, since it runs on Linux based devices, it is possible to install it…

Not all Android apps are created equal. The Settings app on an Android device, for example, can change numerous things that no “normal” app can, regardless of how many permissions that app requests. Apps with special privileges like Settings are often called…

This is a recap of a complete NetHunter Hacker series where I covered various aspects of Kali NetHunter providing detailed insights, tutorials, and practical examples to help you harness its capabilities to its fullest potential. Quick video introduction…

In October 2022, Lookout researchers initially discovered a surveillanceware that is still being used to target military personnel from Middle Eastern countries

The M5StickC Plus 2 is a compact, ESP32-based development board with built-in Wi-Fi, infrared and Bluetooth capabilities. When paired with the Nemo firmware, developed by 4x0nn, it becomes a powerful tool for high-tech pranks, wireless attacks, and creative…

Discover how OilAlpha's malicious applications are targeting humanitarian aid groups in Yemen. Learn about their tactics and how to mitigate risks.

We dig in a malicious sample of Android/TangleBot of May 2024. TangleBot is also reported as a BankBot, although it is more an Android RAT…