WebTg - Web Telegram

#ID: androidmalware

Mobile news about - security, privacy, malware on Google Play, bugs, vulnerabilities, data leaks,...

View In Telegram

#androidmalware-1481
                    Unraveling Assets from Android Apps at Scale

https://bevigil.com/blog/unraveling-assets-from-android-apps-at-scale/
                
#androidmalware-1480
                    Crypto Scam - CryptoRom - targets vulnerable iPhone (iOS TestFlight and WebClips) and Android users (APK)
How it works:
The campaign works by approaching potential targets through dating apps like Bumble, Tinder, Facebook Dating, and Grindr, before moving the conversation to messaging apps such as WhatsApp and urging the victims to install a cryptocurrency trading application that's designed to mimic popular brands and lock people out of their accounts and freeze their funds.
https://news.sophos.com/en-us/2022/03/16/cryptorom-bitcoin-swindlers-continue-to-target-vulnerable-iphone-and-android-users/
                
#androidmalware-1479
                    Frida iOS video tutorials
Introduction to Frida and iOS, low-level iOS interfaces (GCD, XPC, IOKit, Mach), and Objective-C instrumentation
Part I: https://youtu.be/h070-YZKOKE
Part II: https://youtu.be/qpEIRe2CP-w
Part III: https://youtu.be/x48y2ehfWGE
                
#androidmalware-1478
                    Theft of protected files by 3rd party Android app from ownCloud application 
https://hackerone.com/reports/1454002
                
#androidmalware-1477
                    I created a Discord community for a better categorization and visibility of mobile InfoSec posts with option for you to participate and share or ask questions.
Join & share: https://discord.gg/ByrVsEvVTg
                
#androidmalware-1476
                    Global Mobile Threat Report for 2021:
-30% of the known, zero-day vulnerabilities discovered in 2021 targeted mobile devices
-466% increase in exploited, zero-day vulnerabilities used in active attacks against mobile endpoints
-75% of the phishing sites analyzed specifically targeted mobile devices
-2,034,217 new mobile malware samples were detected
https://blog.zimperium.com/global-mobile-threat-report-key-insights/
                
#androidmalware-1475
                    iOS Hacking - A Beginner's Guide to Hacking iOS Apps [2022 Edition]
https://martabyte.github.io/ios/hacking/2022/03/13/ios-hacking-en.html
                
#androidmalware-1474
                    Exploring the archived APKs powering Android’s new app archiving feature https://blog.esper.io/android-dessert-bites-16-app-archiving-857169/
                
#androidmalware-1473
                    A attacker can open a malicious url or 3rd party app in NextCloud Talk app https://hackerone.com/reports/1337178
                
#androidmalware-1472
                    Reverse engineering of a trojanized medical app — Android/Joker
- 4 different stages of DEX & JARs  https://cryptax.medium.com/live-reverse-engineering-of-a-trojanized-medical-app-android-joker-632d114073c1
                
#androidmalware-1471
                    Dirty Pipe vulnerability affects Linux Kernel since 5.8 including Android (CVE-2022-0847) 
This issue leads to LPE because unprivileged processes can inject code into root processes
Details and PoC exploit: https://dirtypipe.cm4all.com/
Demo of exploitation: https://www.instagram.com/p/Ca2JIOjgwF6/
                
#androidmalware-1470
                    Jeb2Frida - JEB script to automatically generate a Frida hook for a given method
https://github.com/cryptax/misc-code/tree/master/jeb
                
#androidmalware-1469
                    Native2Frida - Give It Decompiled IDA Code and get Frida Script for All Functions which have Char as argument or return type as char
https://github.com/apkunpacker/Native2Frida
                
#androidmalware-1468
                    New version of #AbereBot banking Trojan is rebranded as #Escobar and available for rent on underground market
https://twitter.com/LukasStefanko/status/1499659018066964481
                
#androidmalware-1467
                    SharkBot - Two Android bankers discovered on Google Play ironically impersonate Antivirus apps
https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
                
#androidmalware-1466
                    SMS PVA: Underground Service for Cybercriminals
Part 1: https://www.trendmicro.com/en_us/research/22/b/sms-pva-cybercriminals-part-1.html
Part 2: https://www.trendmicro.com/en_us/research/22/b/sms-pva-cybercriminals-part-2.html
                
#androidmalware-1465
                    Android banking malware TeaBot with 10,000+ installs is still available on Google Play Store
Double check which QR code app you are about to install or are using already
https://youtube.com/shorts/FvuqEhI9LjQ
                
#androidmalware-1464
                    Android TeaBot banking malware with 10K+ installs is still available on Google Play Store

QR Code downloads main.apk that drops payload and targets over 400 apps
https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe
                
#androidmalware-1463
                    Another iOS 15.1 kernel exploit PoC for CVE-2021-30955
https://github.com/b1n4r1b01/desc_race
                
#androidmalware-1462
                    Smali2Frida - generate Frida Hooks from .smali files
https://github.com/apkunpacker/Smali2Frida