43052
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Stealth Backdoor “Android/Xamalicious” Actively Infecting Devices
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/stealth-backdoor-android-xamalicious-actively-infecting-devices/
Android Banking Trojan Chameleon can now bypass any Biometric Authentication
https://www.threatfabric.com/blogs/android-banking-trojan-chameleon-is-back-in-action
Bad Zip and new Packer for Android/BianLian
https://cryptax.medium.com/bad-zip-and-new-packer-for-android-bianlian-5bdad4b90aeb
Hardening cellular basebands in Android
https://security.googleblog.com/2023/12/hardening-cellular-basebands-in-android.html
AutoSpill Vulnerability: Your mobile password manager might be exposing your credentials
https://techcrunch.com/2023/12/06/your-mobile-password-manager-might-be-exposing-your-credentials/
Unauthenticated Bluetooth keystroke-injection in Android, Linux, macOS and iOS (CVE-2023-45866)
Impact: A nearby attacker can connect to a vulnerable device over unauthenticated Bluetooth and inject keystrokes to install apps, run arbitrary commands, forward messages, etc.
https://github.com/skysafe/reblog/tree/main/cve-2023-45866
Malicious Android SpyLoan apps found on Google Play with over 12 million downloads
https://www.welivesecurity.com/en/eset-research/beware-predatory-fintech-loan-sharks-use-android-apps-reach-new-depths/
Frida Labs: Series of challenges to learn Frida for Android
https://github.com/DERE-ad2001/Frida-Labs
Unveiling the Persisting Threat: Iranian Mobile Banking Malware Campaign Extends Its Reach
https://www.zimperium.com/blog/unveiling-the-persisting-threat-iranian-mobile-banking-malware-campaign-extends-its-reach
Intercepting Flutter Based Application Traffic Using iptables
https://krushnalipane.medium.com/intercepting-flutter-based-application-traffic-using-iptables-da0f67064944
Social engineering attacks lure Indian users to install Android banking trojans
https://www.microsoft.com/en-us/security/blog/2023/11/20/social-engineering-attacks-lure-indian-users-to-install-android-banking-trojans/
Tablet for kids (Dragon Touch KidzPad Y88X) contains malware
https://www.eff.org/deeplinks/2023/11/low-budget-should-not-mean-high-risk-kids-tablet-came-preloaded-sketchyware
Part 2: Usage of ispw, the Swiss Army Knife for iOS/MacOS security research
https://8ksec.io/ipsw-walkthrough-part-2-the-swiss-army-knife-for-ios-macos-security-research/
ZIP Exploitation: Critical Vulnerabilities Found in Popular Zip Libraries in Swift and Flutter
https://blog.ostorlab.co/zip-packages-exploitation.html
Flutter Reverse Engineering and Security Analysis
ostorlab/flutter-reverse-engineering-and-security-analysis-41433f5671f3" rel="nofollow">https://medium.com/@ostorlab/flutter-reverse-engineering-and-security-analysis-41433f5671f3
A WSPR Monitor Running on an old Android TV Box with OpenWebRX and RTL-SDR
https://www.rtl-sdr.com/a-wspr-monitor-running-on-an-old-android-tv-box-with-openwebrx-and-rtl-sdr/
Shielding Against Android Phishing in Indian Banking
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shielding-against-android-phishing-in-indian-banking/
Mobile Malware Analysis Part 6 – Xenomorph
https://8ksec.io/mobile-malware-analysis-part-6-xenomorph/
5Ghoul: New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands
https://asset-group.github.io/disclosures/5ghoul/
Android barcode scanner app with 100K installs exposes user passwords
https://cybernews.com/security/android-barcode-scanner-data-leak/
How to debug Android native libraries using JEB decompiler
shubhamsonani/how-to-debug-android-native-libraries-using-jeb-decompiler-eec681a22cf3" rel="nofollow">https://medium.com/@shubhamsonani/how-to-debug-android-native-libraries-using-jeb-decompiler-eec681a22cf3
How to bypass debugger detection in Android/iOS using IDA Pro
shubhamsonani/how-to-bypass-debugger-detection-in-android-ios-native-libraries-using-ida-pro-3e289c2127d6" rel="nofollow">https://medium.com/@shubhamsonani/how-to-bypass-debugger-detection-in-android-ios-native-libraries-using-ida-pro-3e289c2127d6
BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses allow certain man-in-the-middle attacks and live injection (CVE-2023-24023)
https://francozappa.github.io/post/2023/bluffs-ccs23/
NetHunter Hacker XI: Bluetooth arsenal
https://www.mobile-hacker.com/2023/11/28/nethunter-hacker-xi-bluetooth-arsenal/
Nothing Chats app, the Sunbird-based iMessage app, is a privacy nightmare with unencrypted messages and images
https://9to5google.com/2023/11/18/nothing-chats-sunbird-unencrypted-data-privacy-nightmare/
Palera1n Jailbreak iOS 15.7.7 for Penetration Testing
jcngan97/palera1n-jailbreak-ios-15-7-7-for-penetration-testing-7645abd15724" rel="nofollow">https://medium.com/@jcngan97/palera1n-jailbreak-ios-15-7-7-for-penetration-testing-7645abd15724
Fake Android and iOS apps steal SMS and contacts in South Korea
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-and-ios-apps-steal-sms-and-contacts-in-south-korea/
BLE spam but for adult toys
Using Flipper Zero or nRF Connect app, it is possible to send Bluetooth LE advertisement packets (without being paired) to adult toys in vicinity and make them all vibrate. It is also possible to start Denial of Pleasure by continuously broadcasting the stop packet
https://www.whid.ninja/blog/denial-of-pleasure-attacking-unusual-ble-targets-with-a-flipper-zero
Z Camera Android app that was downloaded over 100,000,000 times from Google Play store contained several vulnerabilities such as server leak, SQLi, intent redirection
ostorlab/this-article-is-a-technical-deep-dive-showing-how-a-100m-installation-image-application-can-6343ce8ea076" rel="nofollow">https://medium.com/@ostorlab/this-article-is-a-technical-deep-dive-showing-how-a-100m-installation-image-application-can-6343ce8ea076
Analysis of trojanized Skype App
https://slowmist.medium.com/fake-skype-app-phishing-analysis-35c1dc8bc515