42251
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Meta (Facebook) Adversarial Threat Report for Q1 2023 (Android threats included)
https://about.fb.com/wp-content/uploads/2023/05/Meta-Quarterly-Adversarial-Threat-Report-Q1-2023.pdf
Fleckpe - A new family of Trojan subscribers discovered on Google Play #Jocker #Harly
https://securelist.com/fleckpe-a-new-family-of-trojan-subscribers-on-google-play/109643/
FluHorse – Newly Discovered Android Malware Disguised as Popular Android Apps Targeting East Asia to steal victim credentials and 2FA codes
https://research.checkpoint.com/2023/eastern-asian-android-assault-fluhorse/
Flutter Hackers: Understand and reverse engineere Flutter APK Release Mode with Frida
Part 1: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-1-6c316be56b13
Part 2: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-2-598a44942b5e
Android greybox fuzzing with AFL++ Frida mode
https://blog.quarkslab.com/android-greybox-fuzzing-with-afl-frida-mode.html
Androset: Automated script to convert and push Burp Suite certificate in Android, and modify Android's IP table to redirect all traffic to Burp Suite
https://github.com/Anof-cyber/Androset
BouldSpy (DAAM) - Android Spyware Tied to Iranian Police Targeting Minorities
https://www.lookout.com/blog/iranian-spyware-bouldspy
Android Deep Link Issues And WebView Exploitation
https://8ksec.io/android-deeplink-and-webview-exploitation-8ksec-blogs/
Mobile Hacking Cheatsheets
Android and iOS pentesting, forensics, debugging and fuzzing cheatsheets
https://github.com/randorisec/MobileHackingCheatSheet/tree/master/pdf
Fakecalls Android Malware Abuses Legitimate Signing Key
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fakecalls-android-malware-abusing-legitimate-signing-key/
DAAM Android Botnet being distributed through Trojanized Applications
https://blog.cyble.com/2023/04/20/daam-android-botnet-being-distributed-through-trojanized-applications/
Python tool for emulating simple SMALI code
https://github.com/user1342/PocketSmali
Attacking McAfee VPN Android App
https://blog.scrt.ch/2023/03/29/attacking-android-antivirus-applications/
Mobile Exploitation, the past, present, and future [slides]
https://github.com/externalist/presentations/blob/master/2023%20Zer0con/Mobile%20Exploitation%2C%20the%20past%2C%20present%2C%20and%20future.pdf
Uncovering Security Vulnerabilities in Smart Ray-Ban Sunglasses
https://code-byter.com/2023/04/16/rayban-hacking.html
Bypass Tiktok SSL pinning on Android devices
https://github.com/Eltion/Tiktok-SSL-Pinning-Bypass
Mobile Threats Report for Q1/2023 by Avast
https://decoded.avast.io/threatresearch/avast-q1-2023-threat-report/#mobile
Arbitrary code execution discoverd in Android imo-International Calls & Chat with 1B installs up to version 2022.11.1051 (CVE-2022-47757)
A path traversal vulnerability delivered using a deeplink can force the IMO app to write files into its data directory. This allows an attacker to write a library file that the app uses to dynamically load modules
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47757
Vulnerabilities identified in Amazon Fire TV Stick
1) Local network PIN brute forcing (CVE-2023-1385)
2) Arbitrary Javascript code to execution (CVE-2023-1384)
3) Register services that are only locally accessible (CVE-2023-1383)
https://www.bitdefender.com/files/News/CaseStudies/study/430/Bitdefender-PR-Whitepaper-AMZFr-creat6696-en-EN.pdf
Android TV Boxes: AllWinner H616/H618 & RockChip 3328 Android Malware Analysis & Cleanup
https://github.com/DesktopECHO/T95-H616-Malware
Smartphones With Qualcomm Chip Secretly Share Private Information With US Chip-Maker
"Smart phones with Qualcomm chip secretly send personal data to Qualcomm. This data is sent without user consent, unencrypted, and even when using a Google-free Android distribution."
https://www.nitrokey.com/news/2023/smartphones-popular-qualcomm-chip-secretly-share-private-information-us-chip-maker
Android Java code translation into native code to thwart AV detection
Video: https://youtu.be/UcdMx-te2NE
Slides and materials: https://github.com/LaurieWired/AndroidNativeObfuscation_defcon615
Google Play Store bad apps and developers review in 2022
-blocked 1.43 million apps to be available on the Store
-banned 173K bad accounts
-prevented 500K submitted apps from unnecessarily accessing sensitive permissions over the past 3 years
-expanded the App Defense Alliance (McAfee, Trend Micro, ESET, Lookout, Zimperium)
https://security.googleblog.com/2023/04/how-we-fought-bad-apps-and-bad-actors.html
HiddenAds Spread via Android Gaming Apps on Google Play
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/hiddenads-spread-via-android-gaming-apps-on-google-play/
The Fuzzing Guide to the Galaxy: An Attempt with Android System Services
https://blog.thalium.re/posts/fuzzing-samsung-system-services/
DoNot APT Targets Individuals in South Asia using Android Malware
https://www.cyfirma.com/outofband/donot-apt-targets-individuals-in-south-asia-using-android-malware/
How to unpack protected Android APK with Frida
Tutorial: https://youtu.be/PLX8_z0EmGw
Scripts: https://github.com/fatalSec/unpacking-APK
A Nexi phishing campaign spread malicious app via official Google Play Store
https://www.d3lab.net/a-nexi-phishing-campaign-spread-malicious-app-via-official-google-play-store/
Getting root on an Android 12 emulated device with Google Services
https://markuta.com/rooted-android-12-emulator/
Android Malware Analysis of Chameleon banking trojan
Part 1: https://n0psn0ps.github.io/2023/03/02/android-malware-analysis-series-ato.apk-part-3.1/
Part 2: https://n0psn0ps.github.io/2023/04/13/android-malware-analysis-series-ato.apk-part-3.2/