40562
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Bypassing Hardened Android Application available on the Play Store
-Root Detection Check in Native Java code and in React Native file
-Emulator Check
-Frida Running Check
-SSL Pinning Bypass
https://notsosecure.com/bypassing-hardened-android-applications
Obfuscating Android Apps with Native Code
The presentation explores writing Android applications in purely native code to obfuscate app flow-of-control
Resources: https://github.com/LaurieWired/AndroidPurelyNative_Troopers23
Presentation: https://youtu.be/wayMcQQZV1U?si=UJ6m_6jogtzcnNBF
Mobile Malware Analysis Part 2 – MasterFred
https://8ksec.io/mobile-malware-analysis-part-2-masterfred/
NetHunter Hacker VIII: Wi-Fi hacking using wifite, deauthentication and wardriving
https://www.mobile-hacker.com/2023/08/29/nethunter-hacker-viii-wi-fi-hacking-using-wifite-deauthentication-and-wardriving/
Unmasking – EVLF DEV - The Creator of Android CypherRAT and CraxsRAT
https://www.cyfirma.com/outofband/unmasking-evlf-dev-the-creator-of-cypherrat-and-craxsrat/
Making Chrome more secure by bringing Key Pinning to Android
http://security.googleblog.com/2023/08/making-chrome-more-secure-by-bringing.html
Breaking down Android Gigabud banking malware
https://www.group-ib.com/blog/gigabud-banking-malware/
Android Data Encryption in depth
https://blog.quarkslab.com/android-data-encryption-in-depth.html
Katalina - new tool that executes Android byte code, enabling to deobfuscate strings in Android malware
It’s written in Python and emulates each individual bytecode instruction that was used back in the day for Android
https://github.com/huuck/Katalina
https://www.humansecurity.com/tech-engineering-blog/katalina-an-open-source-android-string-deobfuscator
Exploiting LPE on Google Pixel 7 running Android 13
The Art of Rooting Android devices by GPU MMU features.
Slides: https://i.blackhat.com/BH-US-23/Presentations/US-23-WANG-The-Art-of-Rooting-Android-devices-by-GPU-MMU-features.pdf
Demo: https://youtu.be/D_AMrLbo3v8
ZygiskFrida: zygisk module injects Frida gadget in Android apps in a stealthy way
-It is not embedded into the APK itself. APK Integrity/Signature checks will pass
-Avoiding ptrace based detection
-Allows to load multiple libraries into the process
https://github.com/lico-n/ZygiskFrida
NetHunter Hacker VI:
How to setup HID & Rubber Ducky attacks with and without NetHunter, run PowerShell scripts, and intercept network traffic with BadUSB MITM setup
https://www.mobile-hacker.com/2023/08/08/nethunter-hacker-vi-ultimate-guide-to-hid-attacks-using-rubber-ducky-scripts-and-bad-usb-mitm-attack/
Exploring Frida & Objection on Non-Jailbroken Devices without Application Patching
https://mrbypass.medium.com/unlocking-potential-exploring-frida-objection-on-non-jailbroken-devices-without-application-ed0367a84f07
Extracting User Locations by Analyzing SMS Timings
https://arxiv.org/abs/2306.07695
Finding backup vulnerabilities in Android apps
✅android:allowBackup="true"
vishwaraj101/finding-backup-vulnerabilities-in-android-apps-6b87330f97b3" rel="nofollow">https://medium.com/@vishwaraj101/finding-backup-vulnerabilities-in-android-apps-6b87330f97b3
Trojanized Signal and Telegram apps were discovered on Google Play and Galaxy Store
Patched Signal is the first documented case of spying on a victim’s Signal communications by secretly autolinking the compromised device to attacker’s Signal device
https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/
Android Goes All-in on Fuzzing
https://security.googleblog.com/2023/08/android-goes-all-in-on-fuzzing.html
Technical Analysis of Multi-layered Obfuscation Techniques in AndroidManifest.xml Aimed at Evading Static Analysis
https://www.liansecurity.com/#/main/news/H_NoQIoBE2npFSfF-iQ5/detail
Content Providers and the potential weak spots they can have
https://blog.oversecured.com/Content-Providers-and-the-potential-weak-spots-they-can-have/
Over 3,000 Android Malware Samples Using Multiple Techniques to Bypass Detection
https://www.zimperium.com/blog/over-3000-android-malware-samples-using-multiple-techniques-to-bypass-detection/
Mobile Malware Analysis Part 1 – Leveraging Accessibility Features To Steal Crypto Wallet
https://8ksec.io/mobile-malware-analysis-part-1-crypto-wallet-stealer/
NetHunter Hacker VII: Wi-Fi compatibility check and setup on Android
https://www.mobile-hacker.com/2023/08/15/nethunter-hacker-vii-wi-fi-compatibility-check-and-setup-on-android/
PoC how to trigger Remote Code Execution in Over-the-Air attack targeting Google Pixel 6
Victim perspective: Connect to attacker's fake base station -> receive call -> PWND!
Demo: https://youtu.be/R-XXpG_mZZI
Slides: https://i.blackhat.com/BH-US-23/Presentations/US-23-Karimi-Over-the-Air-Under-the-Radar.pdf
ARTful: A library for dynamically modifying the Android Runtime
https://github.com/LaurieWired/ARTful
Popular Chinese keyboard app (Sogou Keyboard) transmits every typed key to their server (Windows, Android, iOS).
On top of that, it contains vulnerabilities in encryption that expose user keypresses to network eavesdropping (MITM)
https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/
Uncovering an Iranian mobile malware campaign
https://news.sophos.com/en-us/2023/07/27/uncovering-an-iranian-mobile-malware-campaign/
Invisible Adware: Unveiling Ad Fraud Targeting Korean Android Users
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/invisible-adware-unveiling-ad-fraud-targeting-korean-android-users/
Assessing Security Risks of Local Storage on Non-Jailbroken iOS Devices
https://mrbypass.medium.com/assessing-security-risks-of-local-storage-on-non-jailbroken-ios-devices-8d303ebe0e77
Interesting Android CTFs collection
https://github.com/r0ysue/MobileCTF
Interesting network traffic interception method. Should work for Xamarin and Dart made apps.
Smartphone (OpenVPN) -> VPN server -redirection-> BurpSuite
https://bhavukjain.com/blog/2023/02/19/capturing-requests-non-proxy-aware-application