40562
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Operation Celestial Force employs mobile and desktop malware to target Indian entities (GravityRAT, HeavyLift)
https://blog.talosintelligence.com/cosmic-leopard/
QR code SQL injection and other vulnerabilities in a popular biometric terminal (CVE-2023-3938, CVE-2023-3939, CVE-2023-3940, CVE-2023-3941, CVE-2023-3942, CVE-2023-3943)
https://securelist.com/biometric-terminal-vulnerabilities/112800/
Wpeeper: New Android malware hides behind hacked WordPress sites
https://blog.xlab.qianxin.com/playing-possum-whats-the-wpeeper-backdoor-up-to/
GoldPickaxe exposed: How Group-IB analyzed the face-stealing iOS Trojan and how to do it yourself
https://www.group-ib.com/blog/goldpickaxe-ios-trojan/
iOS 16.5.1 safari RCE Analysis (CVE-2023–37450)
[blog] enki-techblog/ios-16-5-1-safari-rce-analysis-cve-2023-37450-89bb8583bebc" rel="nofollow">https://medium.com/@enki-techblog/ios-16-5-1-safari-rce-analysis-cve-2023-37450-89bb8583bebc
[slides] https://www.synacktiv.com/sites/default/files/2024-05/escaping_the_safari_sandbox_slides.pdf
Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-bahrain-government-android-app-steals-personal-data-used-for-financial-fraud/
PS4 PPPwn Exploit: Using Android DroidPPPwn app it is possible to jailbreak PS4
Info: https://wololo.net/2024/05/28/ps4-pppwn-exploit-droidpppwn-port-to-android-phones-version-1-1/
DroidPPPwn: https://github.com/deviato/DroidPPPwn
Technical Analysis of Anatsa (a.k.a. TeaBot) Campaigns: An Android Banking Malware Active in the Google Play Store
https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google
Fuzzing Android binaries using AFL++ Frida Mode
https://valsamaras.medium.com/fuzzing-android-binaries-using-afl-frida-mode-57a49cf2ca43
New Android Banking Trojan named Antidot Masquerades as Fake Google Play Updates
https://cyble.com/blog/new-antidot-android-banking-trojan-masquerading-as-google-play-updates/
Android Remote Access Trojan Equipped to Harvest Credentials
https://blog.sonicwall.com/en-us/2024/04/android-remote-access-trojan-equipped-to-harvest-credentials/
Guided fuzzing for native Android libraries (using Frida & Radamsa)
https://knifecoat.com/Posts/Coverage+guided+fuzzing+for+native+Android+libraries+(Frida+%26+Radamsa)
DNS traffic can leak outside the VPN tunnel on Android
https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android
How to Improve Your Android & iOS Static Analysis with Nuclei!
justmobilesec/how-to-improve-your-android-ios-static-analysis-with-nuclei-d44f3daa9cee" rel="nofollow">https://medium.com/@justmobilesec/how-to-improve-your-android-ios-static-analysis-with-nuclei-d44f3daa9cee
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
https://www.microsoft.com/en-us/security/blog/2024/05/01/dirty-stream-attack-discovering-and-mitigating-a-common-vulnerability-pattern-in-android-apps/
Five campaigns targeting Android users in Egypt and Palestine, most probably operated by the Arid Viper APT group. Three of the campaigns are active, distributing Android spyware AridSpy via dedicated websites
https://www.welivesecurity.com/en/eset-research/arid-viper-poisons-android-apps-with-aridspy/
DoS McAfee VPN app via deeplink
McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to cause a denial of service through the use of a malformed deep link (CVE-2024-34406)
https://www.mcafee.com/support/?articleId=000002403&page=shell&shell=article-view
Android (on device) fuzzing using AFL++ Frida Mode
Blog: https://knifecoat.com/Posts/Fuzzing+Redux%2C+leveraging+AFL%2B%2B+Frida-Mode+on+Android+native+libraries
AFL++ Frida Mode Build: https://github.com/FuzzySecurity/afl-frida-build
Becoming any Android app via Zygote command injection (CVE-2024-31317)
https://rtx.meta.security/exploitation/2024/06/03/Android-Zygote-injection.html
Android Universal Root
Rooting Pixel 6 and 7 Pro running Android 13 👇
Analysis and Exploitation of CVE-2023-20938 (exploit a use-after-free vulnerability to elevate privileges to root and disable SELinux)
[blog] https://androidoffsec.withgoogle.com/posts/attacking-android-binder-analysis-and-exploitation-of-cve-2023-20938/
[slides] https://androidoffsec.withgoogle.com/posts/attacking-android-binder-analysis-and-exploitation-of-cve-2023-20938/offensivecon_24_binder.pdf
[PoC demo] https://www.youtube.com/watch?v=7qFb6RUHnnU
New dalvik bytecode disassembler and graph view
Blog: https://margin.re/2024/05/dalvik-disassembly/
Github: https://github.com/MarginResearch/dalvik
PCTattletale stalkerware leaks victims' screen recordings to entire Internet
https://www.ericdaigle.ca/pctattletale-leaking-screen-captures/
Android Firedown Browser app allows a remote attacker to execute arbitrary JavaScript code via an implicit intent (CVE-2024-31974)
https://github.com/actuator/com.solarized.firedown/blob/main/CVE-2024-31974
Mobile Malware Analysis of Android banking trojan Blackrock
https://8ksec.io/mobile-malware-analysis-part-7-blackrock/
PoC for CVE-2024-27804, an iOS/macOS kernel vulnerability that leads to the execution of arbitrary code with kernel privileges
https://r00tkitsmm.github.io/fuzzing/2024/05/14/anotherappleavd.html
Flutter Windows Thick Client SSL Pinning Bypass
https://blog.souravkalal.tech/flutter-windows-thick-client-ssl-pinning-bypass-492389ae1218
Finland warns of Vultur Android malware attacks distributed via received SMS messages
https://www.bleepingcomputer.com/news/security/finland-warns-of-android-malware-attacks-breaching-bank-accounts/
Smart-sex-toy users targeted by Android trojan clicker
https://news.drweb.com/show/?i=14860&lng=en
20 Security Issues Found in Xiaomi Devices
https://blog.oversecured.com/20-Security-Issues-Found-in-Xiaomi-Devices/
New Android malware called Wpeeper hides behind hacked WordPress sites
https://blog.xlab.qianxin.com/playing-possum-whats-the-wpeeper-backdoor-up-to/