WebTg - Web Telegram

#ID: androidmalware

Mobile news about - security, privacy, malware on Google Play, bugs, vulnerabilities, data leaks,...

View In Telegram

                    Unraveling Assets from Android Apps at Scale

                    Crypto Scam - CryptoRom - targets vulnerable iPhone (iOS TestFlight and WebClips) and Android users (APK)
How it works:
The campaign works by approaching potential targets through dating apps like Bumble, Tinder, Facebook Dating, and Grindr, before moving the conversation to messaging apps such as WhatsApp and urging the victims to install a cryptocurrency trading application that's designed to mimic popular brands and lock people out of their accounts and freeze their funds.
                    Frida iOS video tutorials
Introduction to Frida and iOS, low-level iOS interfaces (GCD, XPC, IOKit, Mach), and Objective-C instrumentation
Part I: https://youtu.be/h070-YZKOKE
Part II: https://youtu.be/qpEIRe2CP-w
Part III: https://youtu.be/x48y2ehfWGE
                    Theft of protected files by 3rd party Android app from ownCloud application 
                    I created a Discord community for a better categorization and visibility of mobile InfoSec posts with option for you to participate and share or ask questions.
Join & share: https://discord.gg/ByrVsEvVTg
                    Global Mobile Threat Report for 2021:
-30% of the known, zero-day vulnerabilities discovered in 2021 targeted mobile devices
-466% increase in exploited, zero-day vulnerabilities used in active attacks against mobile endpoints
-75% of the phishing sites analyzed specifically targeted mobile devices
-2,034,217 new mobile malware samples were detected
                    iOS Hacking - A Beginner's Guide to Hacking iOS Apps [2022 Edition]
                    Exploring the archived APKs powering Android’s new app archiving feature https://blog.esper.io/android-dessert-bites-16-app-archiving-857169/
                    A attacker can open a malicious url or 3rd party app in NextCloud Talk app https://hackerone.com/reports/1337178
                    Reverse engineering of a trojanized medical app — Android/Joker
- 4 different stages of DEX & JARs  https://cryptax.medium.com/live-reverse-engineering-of-a-trojanized-medical-app-android-joker-632d114073c1
                    Dirty Pipe vulnerability affects Linux Kernel since 5.8 including Android (CVE-2022-0847) 
This issue leads to LPE because unprivileged processes can inject code into root processes
Details and PoC exploit: https://dirtypipe.cm4all.com/
Demo of exploitation: https://www.instagram.com/p/Ca2JIOjgwF6/
                    Jeb2Frida - JEB script to automatically generate a Frida hook for a given method
                    Native2Frida - Give It Decompiled IDA Code and get Frida Script for All Functions which have Char as argument or return type as char
                    New version of #AbereBot banking Trojan is rebranded as #Escobar and available for rent on underground market
                    SharkBot - Two Android bankers discovered on Google Play ironically impersonate Antivirus apps
                    SMS PVA: Underground Service for Cybercriminals
Part 1: https://www.trendmicro.com/en_us/research/22/b/sms-pva-cybercriminals-part-1.html
Part 2: https://www.trendmicro.com/en_us/research/22/b/sms-pva-cybercriminals-part-2.html
                    Android banking malware TeaBot with 10,000+ installs is still available on Google Play Store
Double check which QR code app you are about to install or are using already
                    Android TeaBot banking malware with 10K+ installs is still available on Google Play Store

QR Code downloads main.apk that drops payload and targets over 400 apps
                    Another iOS 15.1 kernel exploit PoC for CVE-2021-30955
                    Smali2Frida - generate Frida Hooks from .smali files