40562
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
LTair: The LTE Air Interface Tool
https://research.nccgroup.com/2024/03/14/ltair-the-lte-air-interface-tool/
The State of Stalkerware in 2023
https://securelist.com/state-of-stalkerware-2023/112135/
Full report: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/03/07160820/The-State-of-Stalkerware-in-2023.pdf
Analyze Android apps for security risks in Termux using APKDeepLens
-analyze downloaded or installed apps on device
-scan APKs on the go
-edit the script for custom needs
-works on any non-rooted Android
https://www.mobile-hacker.com/2024/03/11/analyze-installed-android-applications-for-security-risks-in-termux/
Code injection on Android without ptrace
https://erfur.github.io/blog/dev/code-injection-without-ptrace
Android and Windows RATs Distributed Via Online Meeting Lures
https://www.zscaler.com/blogs/security-research/android-and-windows-rats-distributed-online-meeting-lures
NetHunter now supports #BadBluetooth HID attacks to inject keystrokes wirelessly
It is also possible to modify spoofed Bluetooth device class ID to visually mimick any device, no just a keyboard
https://www.mobile-hacker.com/2024/03/06/kali-nethunter-now-supports-bad-bluetooth-hid-attacks-to-inject-keystrokes-wirelessly/
On-Device Fraud on the rise: exposing a recent Android Copybara fraud campaign
https://www.cleafy.com/cleafy-labs/on-device-fraud-on-the-rise-exposing-a-recent-copybara-fraud-campaign
NetHunter Hacker XV: Use Nmap for network scanning
Nmap can also reveal open ports of file manager apps that are running local file sharing servers to allow local attacker to access files on device (video)
https://www.mobile-hacker.com/2024/03/01/nethunter-hacker-xv-use-nmap-for-network-scanning/
Android Deep Links & WebViews Exploitations Part II
justmobilesec/deep-links-webviews-exploitations-part-ii-5c0b118ec6f1" rel="nofollow">https://medium.com/@justmobilesec/deep-links-webviews-exploitations-part-ii-5c0b118ec6f1
Auto DNS poisoning
While charging Android smartphone via computer it is possible to perform automated and even remotely controlled DNS poisoning without any user interaction
Blog and video explains how it works, when it doesn't work and how to prevent it
https://www.mobile-hacker.com/2024/02/20/automated-dns-poisoning-using-android-while-charging-via-computer/
Anatsa (TeaBot) Android Trojan Returns: Targeting Europe and Expanding Its Reach
Trojan reached on Google Play 10,000 installs, impersonating Phone Cleaner app.
The current campaign involves five droppers with over 100,000 total installations
https://www.threatfabric.com/blogs/anatsa-trojan-returns-targeting-europe-and-expanding-its-reach
New WiFi authentication vulnerabilities discovered affecting Android, ChromeOS and Linux devices
CVE-2023-52160 (“Phase-2 bypass”): This vulnerability can be exploited by an attacker to deceive the victim into connecting to a fake Wi-Fi network set up by the adversary. Once connected, the attacker can intercept and monitor the victim’s network traffic
CVE-2023-52161 (“4-way bypass”): It allows an adversary to gain full access to an existing protected WiFi network, exposing existing users and devices
PoC exploit is not available.
https://www.top10vpn.com/research/wifi-vulnerabilities/
Dusting Off Old Fingerprints: NSO Group’s Unknown MMS Hack
https://www.enea.com/insights/dusting-off-old-fingerprints-nso-groups-unknown-mms-hack/
Mobile Threat Landscape Report for 2023
Report includes review of Android and iOS vulnerabilities and malware in 2023
https://www.lookout.com/threat-intelligence/report/mobile-landscape-threat-report
NetHunter Hacker XIII: Overall guide to MITM framework
New blog covers methods that attackers may employ to intercept network communication like in a video that demonstrates using SSLStrip+ and DNS change to intercept HTTPS and bypass HSTS via MITMf
https://www.mobile-hacker.com/2024/02/13/nethunter-hacker-xiii-overall-guide-to-mitm-framework/
Write-up and PoC kernel exploit affecting Pixel 7/8 Pro running Android 14 targeting Mali GPU
https://github.com/0x36/Pixel_GPU_Exploit
Attack spectrum present in Android environments
https://blog.devsecopsguides.com/attacking-android
Analysis of an Android Malware-as-a-Service Operation (Coper aka Octo banking Trojan)
https://www.team-cymru.com/post/coper-octo-a-conductor-for-mobile-mayhem-with-eight-limbs
Delving into Dalvik: A Look Into DEX Files
https://www.mandiant.com/resources/blog/dalvik-look-into-dex-files
Bypassing the "run-as" debuggability check on Android via newline injection (CVE-2024-0044)
Attack scenario: A local attacker with ADB shell access to an Android 12 or 13 device with Developer Mode enabled can exploit the vulnerability to run code in the context of any non-system-UID app. From there, the attacker can do anything the app can, like access its private data files or read the credentials it’s stored in AccountManager
https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html
AndroidDriveSignity: a Python utility designed to bypass driver signature verification in Android kernel(ARMv8.3), facilitating the loading of custom drivers
https://github.com/gmh5225/AndroidDriveSignity
Unveiling iOS Vulnerabilities: A Deep Dive into Attacking iOS system
https://blog.devsecopsguides.com/attacking-ios
NetHunter Hacker XIV: Find exploits using SearchSploit and setup Wi-Fi Pineapple connector
https://www.mobile-hacker.com/2024/02/27/nethunter-hacker-xiv-find-exploits-using-searchsploit-and-setup-wi-fi-pineapple-connector/
Analysis of Android HookBot malware
HookBot analysis: https://cebrf.knf.gov.pl/komunikaty/artykuly-csirt-knf/362-ostrzezenia/858-hookbot-a-new-mobile-malware
HookBot full report: https://cebrf.knf.gov.pl/images/HOOKBOT_CSIRT_KNF_ENG.pdf
HookBuilder analysis: https://cebrf.knf.gov.pl/images/Hookbot_Builder_-_Analyze_CSIRT_KNF.pdf
Android file wiper implemented in native library as part of malware campaign
https://harfanglab.io/en/insidethelab/samecoin-malware-hamas/
Ghost files in the shared preferences
https://valsamaras.medium.com/ghost-files-in-the-shared-preferences-8d75226c23c0
Android SpyNote RAT Moves to Crypto Currencies
https://www.fortinet.com/blog/threat-research/android-spynote-moves-to-crypto-currencies
iOS and Android Trojan harvesting facial recognition data used for unauthorized access to bank accounts
https://www.group-ib.com/blog/goldfactory-ios-trojan/
SIM Hijacking
https://sensepost.com/blog/2022/sim-hijacking/
MoqHao evolution: New variants start automatically right after installation
MoqHao aka XLoader is an Android malware operated by a financially motivated threat actor named Roaming Mantis.
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/moqhao-evolution-new-variants-start-automatically-right-after-installation/