40562
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Exploit Google Pixel 7
In detail analysis of exploiting CVE-2023-21400 on Google Pixel 7 with Dirty Pagetable exploit that uses file UAF and pid UAF vulnerabilities
https://yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html
Android ASCWG CTF Challenge
https://0xmkr24.medium.com/android-challenge-in-ascwg-finals-109c03c66055
Analysis of account takeover discovered in Android app with 100M+ installs from Google Play ($1000 bounty)
amolbhavar/how-i-get-1000-bounty-for-discovering-account-takeover-in-android-application-3c4f54fbde39" rel="nofollow">https://medium.com/@amolbhavar/how-i-get-1000-bounty-for-discovering-account-takeover-in-android-application-3c4f54fbde39
Bringing NFC contactless payment to CASIO F-91W watch
matteo.pisani.91/how-i-hacked-casio-f-91w-digital-watch-892bd519bd15" rel="nofollow">https://medium.com/@matteo.pisani.91/how-i-hacked-casio-f-91w-digital-watch-892bd519bd15
Kunai - library for analyzing Dalvik Executable Files (DEX)
https://farena.in/android/analysis/kunai-lib/
Android SELinux Internals Part I Understand how Android SELinux works, along with its functionalities and benefits
https://8ksec.io/android-selinux-internals-part-i-8ksec-blogs/
Four Anatsa (also known as TeaBot) Android banking Trojans were discovered on Google Play Store with over 30,000 installs targeting almost 600 financial app
https://www.threatfabric.com/blogs/anatsa-hits-uk-and-dach-with-new-campaign
Reversing Flutter-based Android Malware “Fluhorse”
https://www.fortinet.com/blog/threat-research/fortinet-reverses-flutter-based-android-malware-fluhorse
The State of Android (Banking) Malware: Insights from 2022 and Predictions for 2023
https://www.threatfabric.com/hubfs/ThreatFabric_Generic_Report-The%20State%20of%20Android%20Banking%20Malware%202022.pdf
Analysis of Triangulation iOS spyware implant
https://securelist.com/triangledb-triangulation-implant/110050/
DoNot APT Elevates its Tactics by Deploying Malicious Android Apps on Google Play Store impersonating VPN apps (iKHfaa VPN and nSure Chat)
https://www.cyfirma.com/outofband/donot-apt-elevates-its-tactics-by-deploying-malicious-android-apps-on-google-play-store/
Discovered Android GravityRAT malware being distributed as the BingeChat and Chatico messaging apps
https://www.welivesecurity.com/2023/06/15/android-gravityrat-goes-after-whatsapp-backups/
iOS pentesting 101
How to setup iOS environment
https://securitycafe.ro/2023/06/12/mobile-pentesting-101-how-to-set-up-your-ios-environment/
iOS Deep Link attacks Part 2 – Exploitation
https://8ksec.io/ios-deep-link-attacks-part-2-exploitation-8ksec-blogs/
Binder Trace: Tool for intercepting and parsing Android Binder messages Think of it as "Wireshark for Binder"
https://github.com/foundryzero/binder-trace
Using MLIR for Dalvik Bytecode Analysis
Using intermediate representations allows analysts to write optimizations and code analysis passes easier than parsing binary or bytecode directly. Kunai is a library intended for static analysis of dalvik bytecode, in a newer version of the library, the idea is to use the capabilities and possibilities offered by MLIR, writing a new dialect centered on Dalvik instructions.
Presentation: https://youtu.be/hfqOivYdD40
Slides: https://llvm.org/devmtg/2023-05/slides/Lightning-Talks/01-Eduardo-EuroLLVM2023.pdf
Analysis of Android EverSpy 2 Malware which source code price is $4,000
https://www.theobservator.net/everspy-2-malware-reverse-engineering/
Introduction to Kali NetHunter Hacker series: Which NetHunter fits you best?
https://www.mobile-hacker.com/2023/07/04/introduction-of-kali-nethunter-hacker-series-and-which-nethunter-fits-you-best/
Intercepting Android App Traffic using BurpSuite
Video tutorial shows how to setup Android emulator, installing Burp Certificate in the System Store, proxy app traffic through BurpSuite, and bypass certificate pinning using Frida
https://youtu.be/xp8ufidc514
A modified version of the Telegram Androis app found to be maliciously patched with Triada malware
https://blog.checkpoint.com/security/dont-be-fooled-by-app-earances-check-point-researchers-spot-hidden-malwares-behind-legitimate-looking-apps/
Interesting hardening technique of Android financial apps
Put custom permission on their components such as activities, services, etc, so banking Trojans can't launch and interact with them
This prevents malware to perform on device fraudulent transactions
https://debugactiveprocess.medium.com/strengthening-android-security-mitigating-banking-trojan-threats-fe94ae9e2f02
How to manually unpack native Android packer called KangaPack
https://cryptax.medium.com/inside-kangapack-the-kangaroo-packer-with-native-decryption-3e7e054679c4
Military service members have been receiving physical smartwatches in the mail. Smartwatches can auto-connect to Wifi and began connecting to cell phones unprompted, access voice and cameras
https://www.cid.army.mil/Media/Press-Center/Article-Display/Article/3429159/cid-lookout-unsolicited-smartwatches-received-by-mail/
Reversing Flutter apps: Dart’s Small Integers
https://cryptax.medium.com/reversing-flutter-apps-darts-small-integers-b922d7fae7d9
Leveraging Android Permissions: A Solver Approach (CVE-2023-20947)
https://blog.thalium.re/posts/leveraging-android-permissions/
Android Malware Impersonates ChatGPT-Themed Applications
https://unit42.paloaltonetworks.com/android-malware-poses-as-chatgpt/
Cloud Mining Scam Distributes Roamer Android Banking Trojan
https://blog.cyble.com/2023/06/14/cloud-mining-scam-distributes-roamer-banking-trojan/
An active Android campaign pushes adware to Android devices with the purpose of driving revenue
https://www.bitdefender.com/blog/labs/tens-of-thousands-of-compromised-android-apps-found-by-bitdefender-anomaly-detection-technology/
HelloTeacher: New Android Malware Targeting Banking Users In Vietnam
https://blog.cyble.com/2023/06/05/helloteacher-new-android-malware-targeting-banking-users-in-vietnam/
CVE-2023-20963: 0-day in Android's Parcel serialization/deserialization which was used in-the-wild by the Pinduoduo app
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-20963.html