40562
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives also using Android malware
https://cloud.google.com/blog/topics/threat-intelligence/russian-espionage-influence-ukrainian-military-recruits-anti-mobilization-narratives/
ShadyShader 2: An Apple bug that could freeze any device or cause crash loops by exploiting how GPUs handle shaders
Similar issue Apple patched last year (CVE-2023-40441)
https://www.imperva.com/blog/shadyshader-crashing-apple-m-series-with-single-click/
Analysis of CVE-2024-26926
A Linux kernel bug in the Binder component primarily affecting Android devices labeled as EoP
https://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf
Write-up on 1-click Exploit in South Korea's KakaoTalk mobile chat app allowed to steal access token and remotely exfiltrate all chat messages.
Issue is fixed, but the bug reporter haven't received reward, because only Koreans are eligible to receive bounty
https://stulle123.github.io/posts/kakaotalk-account-takeover/
Analysis of AwSpy spyware that Targets South Korean Android users
https://labs.k7computing.com/index.php/awspy-new-spyware-targets-south-korean-android-users/
Zscalar Threat report 2024: Mobile, IoT, & OT
Mobile remains a top threat vector with 111% spyware growth while IoT attacks rise 45%
Overview: https://www.zscaler.com/blogs/security-research/new-threatlabz-report-mobile-remains-top-threat-vector-111-spyware-growth
Report: https://www.zscaler.com/resources/industry-reports/threatlabz-mobile-iot-ot-report.pdf
Expanding the Investigation: Deep Dive into Latest TrickMo Samples
https://www.zimperium.com/blog/expanding-the-investigation-deep-dive-into-latest-trickmo-samples/
SIMurai is software that emulates a SIM card, which helps in fuzzing modem firmware for vulnerabilities or testing SIM spyware
Github: https://github.com/tomasz-lisowski/simurai
Paper: https://www.usenix.org/system/files/usenixsecurity24-lisowski.pdf
Presentation: https://www.usenix.org/system/files/usenixsecurity24_slides-lisowski.pdf
Google will blog sidloading of unsafe Android apps in India as improved fraud protection
It will automatically block the installation of apps only based on using of sensitive permissions
https://blog.google/intl/en-in/products/launching-enhanced-fraud-protection-pilot-in-india/
Transform your smartphone into a portable hacking lab
Lear how to set up Kali Linux Pi-Tail and control it with just your smartphone. Plus, get some of my tips on troubleshooting common issues along the way
Read more: https://www.mobile-hacker.com/2024/10/04/portable-hacking-lab-control-the-smallest-kali-linux-with-a-smartphone/
The Dark Knight Returns: Android Joker Malware Analysis
https://cert.pl/posts/2024/10/analiza-joker/
Analysis and PoC for CVE-2024-7965 vulnerability that allows to execute arbitrary code in the Google Chrome
It affects mostly Android smartphones and Apple laptops released after November 2020.
If hackers have an exploit to escape from the browser sandbox, they can gain full control over the browser application: read passwords and hijack user sessions.
Info: https://bi.zone/eng/expertise/blog/analiz-uyazvimosti-cve-2024-7965/
PoC: https://github.com/bi-zone/CVE-2024-7965
How hackers can exploit Wi-Fi Captive Portals to distribute Android malware all from a smartphone using WifiPumpkin on NetHunter
https://www.mobile-hacker.com/2024/09/27/wifipumpkin3-integrated-into-nethunter-powerful-duo-allows-malware-distribution-via-captive-portal/
WalletConnect Scam: A Case Study in Crypto Drainer Tactics
https://research.checkpoint.com/2024/walletconnect-scam-a-case-study-in-crypto-drainer-tactics/
A step-by-step guide to writing an iOS kernel exploit
https://alfiecg.uk/2024/09/24/Kernel-exploit.html
I tried to explain how it is possible to locate smartphones using Advertising ID and ad plugins that are part of thousand popular apps without needing any spyware or exploits
https://www.mobile-hacker.com/2024/10/25/locate-smartphones-using-advertising-id-without-spyware-or-exploit/
South Korean Mobile Malware Campaign: A Technical Deep Dive
https://www.linkedin.com/pulse/south-korean-mobile-malware-campaign-technical-deep-dive-rastogi-rma6e
SELinux bypasses
This post aims at giving an overview of what SELinux is, how it is implemented, and how to bypass it, from the point of view of Android kernel exploitation
https://klecko.github.io/posts/selinux-bypasses/
Use Case: Bypassing In-App Purchase By Payment Client-Side Validation
https://secfathy0x1.medium.com/use-case-bypassing-in-app-purchase-by-payment-client-side-validation-e87e2c775a9c
Security Analysis of WeChat’s MMTLS Encryption Protocol
https://citizenlab.ca/2024/10/should-we-chat-too-security-analysis-of-wechats-mmtls-encryption-protocol/
Hidden in Plain Sight: ErrorFather’s Deadly Deployment of Cerberus
https://cyble.com/blog/hidden-in-plain-sight-errorfathers-deadly-deployment-of-cerberus/
CellGuard is a research project that analyzes how cellular networks are operated and possibly surveilled.
The CellGuard app for iOS can uncover cellular attacks targeting your iPhone
https://github.com/seemoo-lab/CellGuard
Introduction to the Exploitation of Xamarin Apps
justmobilesec/introduction-to-the-exploitation-of-xamarin-apps-fde4619a51bf" rel="nofollow">https://medium.com/@justmobilesec/introduction-to-the-exploitation-of-xamarin-apps-fde4619a51bf
Low-Level Development on Retail Android Hardware - Reconnaissance and Prototyping a Bootloader
https://blog.timschumi.net/2024/10/05/lldorah-bootloader-prototype.html
Pig Butchering Alert: Fraudulent Trading App targeted iOS and Android users
https://www.group-ib.com/blog/pig-butchering/
Modern iOS Pentesting: No Jailbreak Needed - My Framer Site
https://dvuln.com/blog/modern-ios-pentesting-no-jailbreak-needed
Examining Mobile Threats from Russia
https://blog.bushidotoken.net/2024/09/examining-mobile-threats-from-russia.html
Hacking Kia: Remotely Controlling Cars With Just a License Plate
The vulnerability would've allowed an attacker to remotely control almost all vehicles made after 2013 using only the license plate
https://samcurry.net/hacking-kia
SilentSelfie: Uncovering a major watering hole campaign against Kurdish websites
https://blog.sekoia.io/silentselfie-uncovering-a-major-watering-hole-campaign-against-kurdish-websites/
Octo2: European Banks Already Under Attack by New Malware Variant
https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant