40562
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
SSRF in Mobile Security Framework (MobSF) version 3.9.5 Beta and prior (CVE-2024-29190)
MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also be sent to local hostnames. This can lead to server-side request forgery (SSRF). An attacker can cause the server to make a connection to internal-only services within the organization's infrastructure
https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wfgj-wrgh-h3r3
Oversecured published vulnerability scan reports for 225 Google-owned apps
https://blog.oversecured.com/Oversecured-Apps-Care-Part-1-Vulnerability-disclosure-of-225-Google-apps/
[Questionnaire] We are writing here to get some insights from dedicated malware analysis experts. We are a group of experienced researchers, and we developed a state-of-the-art sandbox for Android malware. We are absolutely convinced that it makes sense to bring this technology to the market, but we need to picture your biggest sandbox needs in your daily work. The idea is to grasp what are, in your eyes, the must-haves of a sandbox. Our goal is to shape the product accordingly and make it available in the forthcoming months/next few months. To this end, we prepared a quick (approximately 15-minutes) questionnaire, and it would really mean a lot to us if you could share your valuable feedback. Thanks to this, we hope to offer you soon a gain of efficiency, time and energy in your job.
Questionnaire: https://forms.gle/qJ9ck8UH5WQK6jAZ8
Analysis of suspicious SMS that leads to install Android malware
https://labs.k7computing.com/index.php/suspicious-text-messages-alert/
Android Phishing Scam Using Malware-as-a-Service on the Rise in India
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/android-phishing-scam-using-malware-as-a-service-on-the-rise-in-india/
Write-up and PoC kernel exploit affecting Pixel 7/8 Pro running Android 14 targeting Mali GPU
https://github.com/0x36/Pixel_GPU_Exploit
Attack spectrum present in Android environments
https://blog.devsecopsguides.com/attacking-android
Analysis of an Android Malware-as-a-Service Operation (Coper aka Octo banking Trojan)
https://www.team-cymru.com/post/coper-octo-a-conductor-for-mobile-mayhem-with-eight-limbs
Delving into Dalvik: A Look Into DEX Files
https://www.mandiant.com/resources/blog/dalvik-look-into-dex-files
Bypassing the "run-as" debuggability check on Android via newline injection (CVE-2024-0044)
Attack scenario: A local attacker with ADB shell access to an Android 12 or 13 device with Developer Mode enabled can exploit the vulnerability to run code in the context of any non-system-UID app. From there, the attacker can do anything the app can, like access its private data files or read the credentials it’s stored in AccountManager
https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html
AndroidDriveSignity: a Python utility designed to bypass driver signature verification in Android kernel(ARMv8.3), facilitating the loading of custom drivers
https://github.com/gmh5225/AndroidDriveSignity
Unveiling iOS Vulnerabilities: A Deep Dive into Attacking iOS system
https://blog.devsecopsguides.com/attacking-ios
NetHunter Hacker XIV: Find exploits using SearchSploit and setup Wi-Fi Pineapple connector
https://www.mobile-hacker.com/2024/02/27/nethunter-hacker-xiv-find-exploits-using-searchsploit-and-setup-wi-fi-pineapple-connector/
Analysis of Android HookBot malware
HookBot analysis: https://cebrf.knf.gov.pl/komunikaty/artykuly-csirt-knf/362-ostrzezenia/858-hookbot-a-new-mobile-malware
HookBot full report: https://cebrf.knf.gov.pl/images/HOOKBOT_CSIRT_KNF_ENG.pdf
HookBuilder analysis: https://cebrf.knf.gov.pl/images/Hookbot_Builder_-_Analyze_CSIRT_KNF.pdf
Android file wiper implemented in native library as part of malware campaign
https://harfanglab.io/en/insidethelab/samecoin-malware-hamas/
Bluetooth vulnerability allows unauthorized user to record & play audio on Bluetooth speaker via #BlueSpy
Prevention section explains how you can check if your Bluetooth LE speakers/headsets are vulnerable to this attack using nRF Connect app
https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/
Android crimeware reports on Tambir, Dwphon and Gigabud malware families
https://securelist.com/crimeware-report-android-malware/112121/
The complexity of reversing Flutter applications
https://www.fortiguard.com/events/5403/nullcon-berlin-2024-the-complexity-of-reversing-flutter-applications
[slides] https://filestore.fortinet.com/fortiguard/research/nullcon.pdf
A vulnerability (CVE-2023-6241) in the Arm Mali GPU to gain arbitrary kernel code execution from an untrusted app on a Pixel 8 with MTE enabled
https://github.blog/2024-03-18-gaining-kernel-code-execution-on-an-mte-enabled-pixel-8/
LTair: The LTE Air Interface Tool
https://research.nccgroup.com/2024/03/14/ltair-the-lte-air-interface-tool/
The State of Stalkerware in 2023
https://securelist.com/state-of-stalkerware-2023/112135/
Full report: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/03/07160820/The-State-of-Stalkerware-in-2023.pdf
Analyze Android apps for security risks in Termux using APKDeepLens
-analyze downloaded or installed apps on device
-scan APKs on the go
-edit the script for custom needs
-works on any non-rooted Android
https://www.mobile-hacker.com/2024/03/11/analyze-installed-android-applications-for-security-risks-in-termux/
Code injection on Android without ptrace
https://erfur.github.io/blog/dev/code-injection-without-ptrace
Android and Windows RATs Distributed Via Online Meeting Lures
https://www.zscaler.com/blogs/security-research/android-and-windows-rats-distributed-online-meeting-lures
NetHunter now supports #BadBluetooth HID attacks to inject keystrokes wirelessly
It is also possible to modify spoofed Bluetooth device class ID to visually mimick any device, no just a keyboard
https://www.mobile-hacker.com/2024/03/06/kali-nethunter-now-supports-bad-bluetooth-hid-attacks-to-inject-keystrokes-wirelessly/
On-Device Fraud on the rise: exposing a recent Android Copybara fraud campaign
https://www.cleafy.com/cleafy-labs/on-device-fraud-on-the-rise-exposing-a-recent-copybara-fraud-campaign
NetHunter Hacker XV: Use Nmap for network scanning
Nmap can also reveal open ports of file manager apps that are running local file sharing servers to allow local attacker to access files on device (video)
https://www.mobile-hacker.com/2024/03/01/nethunter-hacker-xv-use-nmap-for-network-scanning/
Android Deep Links & WebViews Exploitations Part II
justmobilesec/deep-links-webviews-exploitations-part-ii-5c0b118ec6f1" rel="nofollow">https://medium.com/@justmobilesec/deep-links-webviews-exploitations-part-ii-5c0b118ec6f1
Auto DNS poisoning
While charging Android smartphone via computer it is possible to perform automated and even remotely controlled DNS poisoning without any user interaction
Blog and video explains how it works, when it doesn't work and how to prevent it
https://www.mobile-hacker.com/2024/02/20/automated-dns-poisoning-using-android-while-charging-via-computer/
Anatsa (TeaBot) Android Trojan Returns: Targeting Europe and Expanding Its Reach
Trojan reached on Google Play 10,000 installs, impersonating Phone Cleaner app.
The current campaign involves five droppers with over 100,000 total installations
https://www.threatfabric.com/blogs/anatsa-trojan-returns-targeting-europe-and-expanding-its-reach