40562
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Android barcode scanner app with 100K installs exposes user passwords
https://cybernews.com/security/android-barcode-scanner-data-leak/
How to debug Android native libraries using JEB decompiler
shubhamsonani/how-to-debug-android-native-libraries-using-jeb-decompiler-eec681a22cf3" rel="nofollow">https://medium.com/@shubhamsonani/how-to-debug-android-native-libraries-using-jeb-decompiler-eec681a22cf3
How to bypass debugger detection in Android/iOS using IDA Pro
shubhamsonani/how-to-bypass-debugger-detection-in-android-ios-native-libraries-using-ida-pro-3e289c2127d6" rel="nofollow">https://medium.com/@shubhamsonani/how-to-bypass-debugger-detection-in-android-ios-native-libraries-using-ida-pro-3e289c2127d6
BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses allow certain man-in-the-middle attacks and live injection (CVE-2023-24023)
https://francozappa.github.io/post/2023/bluffs-ccs23/
NetHunter Hacker XI: Bluetooth arsenal
https://www.mobile-hacker.com/2023/11/28/nethunter-hacker-xi-bluetooth-arsenal/
Nothing Chats app, the Sunbird-based iMessage app, is a privacy nightmare with unencrypted messages and images
https://9to5google.com/2023/11/18/nothing-chats-sunbird-unencrypted-data-privacy-nightmare/
Palera1n Jailbreak iOS 15.7.7 for Penetration Testing
jcngan97/palera1n-jailbreak-ios-15-7-7-for-penetration-testing-7645abd15724" rel="nofollow">https://medium.com/@jcngan97/palera1n-jailbreak-ios-15-7-7-for-penetration-testing-7645abd15724
Fake Android and iOS apps steal SMS and contacts in South Korea
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-and-ios-apps-steal-sms-and-contacts-in-south-korea/
BLE spam but for adult toys
Using Flipper Zero or nRF Connect app, it is possible to send Bluetooth LE advertisement packets (without being paired) to adult toys in vicinity and make them all vibrate. It is also possible to start Denial of Pleasure by continuously broadcasting the stop packet
https://www.whid.ninja/blog/denial-of-pleasure-attacking-unusual-ble-targets-with-a-flipper-zero
Z Camera Android app that was downloaded over 100,000,000 times from Google Play store contained several vulnerabilities such as server leak, SQLi, intent redirection
ostorlab/this-article-is-a-technical-deep-dive-showing-how-a-100m-installation-image-application-can-6343ce8ea076" rel="nofollow">https://medium.com/@ostorlab/this-article-is-a-technical-deep-dive-showing-how-a-100m-installation-image-application-can-6343ce8ea076
Analysis of trojanized Skype App
https://slowmist.medium.com/fake-skype-app-phishing-analysis-35c1dc8bc515
Android malware spying on Urdu-speaking residents via a possible watering-hole attack
https://www.welivesecurity.com/en/eset-research/unlucky-kamran-android-malware-spying-urdu-speaking-residents-gilgit-baltistan/
How to bypass root detection in Android flutter apps
https://shobi.dev/blog/2023-28-10-bypassing-root-detection-in-flutter-with-frida
Pandora's box is now open: the well-known Mirai trojan arrives in a new disguise to Android-based TV sets and TV boxes (Tanix TX6 TV Box, MX10 Pro 6K, H96 MAX X3 and others)
https://news.drweb.com/show/?lng=en&i=14743https://news.drweb.com/show/?lng=en&i=14743
Usage of ispw, the Swiss Army Knife for iOS/MacOS security research
https://8ksec.io/ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research/
Unauthenticated Bluetooth keystroke-injection in Android, Linux, macOS and iOS (CVE-2023-45866)
Impact: A nearby attacker can connect to a vulnerable device over unauthenticated Bluetooth and inject keystrokes to install apps, run arbitrary commands, forward messages, etc.
https://github.com/skysafe/reblog/tree/main/cve-2023-45866
Malicious Android SpyLoan apps found on Google Play with over 12 million downloads
https://www.welivesecurity.com/en/eset-research/beware-predatory-fintech-loan-sharks-use-android-apps-reach-new-depths/
Frida Labs: Series of challenges to learn Frida for Android
https://github.com/DERE-ad2001/Frida-Labs
Unveiling the Persisting Threat: Iranian Mobile Banking Malware Campaign Extends Its Reach
https://www.zimperium.com/blog/unveiling-the-persisting-threat-iranian-mobile-banking-malware-campaign-extends-its-reach
Intercepting Flutter Based Application Traffic Using iptables
https://krushnalipane.medium.com/intercepting-flutter-based-application-traffic-using-iptables-da0f67064944
Social engineering attacks lure Indian users to install Android banking trojans
https://www.microsoft.com/en-us/security/blog/2023/11/20/social-engineering-attacks-lure-indian-users-to-install-android-banking-trojans/
Tablet for kids (Dragon Touch KidzPad Y88X) contains malware
https://www.eff.org/deeplinks/2023/11/low-budget-should-not-mean-high-risk-kids-tablet-came-preloaded-sketchyware
Part 2: Usage of ispw, the Swiss Army Knife for iOS/MacOS security research
https://8ksec.io/ipsw-walkthrough-part-2-the-swiss-army-knife-for-ios-macos-security-research/
ZIP Exploitation: Critical Vulnerabilities Found in Popular Zip Libraries in Swift and Flutter
https://blog.ostorlab.co/zip-packages-exploitation.html
Flutter Reverse Engineering and Security Analysis
ostorlab/flutter-reverse-engineering-and-security-analysis-41433f5671f3" rel="nofollow">https://medium.com/@ostorlab/flutter-reverse-engineering-and-security-analysis-41433f5671f3
A step-by-step Android penetration testing guide for beginners
https://infosecwriteups.com/a-step-by-step-android-penetration-testing-guide-for-beginners-8435e5e969a3
Run Kitchen Sink from Android app using 219 devices at once targeting iOS, Windows and Android & signal range comparison of BLE spam messages for Flipper Zero, Bluetooth LE Spam and nRF Connect apps
https://www.mobile-hacker.com/2023/11/08/android-kitchen-sink-send-ble-spam-to-ios-android-and-windows-at-once-using-android-app/
Video tutorial on how to install rootless Kali NetHunter in 8 minutes on Android 13 and Android 14
https://www.youtube.com/watch?v=GmfM8VCAu-I
Arid Viper | APT’s Nest of SpyC23 Malware Continues to Target Android Devices
https://www.sentinelone.com/labs/arid-viper-apts-nest-of-spyc23-malware-continues-to-target-android-devices/
Bypassing Android 13 Restrictions with SecuriDropper
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions