40562
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Android's CVE-2022-20201 (InstalldNativeService)
https://pwner.gg/blog/Android's-CVE-2022-20201
Understanding XSS in Android Apps
anandrishav2228/earn-10-000-xss-in-android-apps-scratch-to-advance-cb3aa6c2b98f" rel="nofollow">https://medium.com/@anandrishav2228/earn-10-000-xss-in-android-apps-scratch-to-advance-cb3aa6c2b98f
A New Android Banking Trojan Masquerades as Utility and Banking Apps in India
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india/
Bluetooth and Wi-Fi Jamming using Flipper Zero
https://www.mobile-hacker.com/2024/12/12/bluetooth-and-wi-fi-jamming-using-flipper-zero/
EagleMsgSpy: New Chinese Android Surveillance Tool Used by Public Security Bureaus
https://www.lookout.com/threat-intelligence/article/eaglemsgspy-chinese-android-surveillanceware
OWApp Benchmark Suite: A comprehensive framework designed to automate and enhance the benchmarking process for mobile applications, particularly within the context of security analysis
https://github.com/Mobile-IoT-Security-Lab/OWApp-Benchmarking-Suite
Android smartphone Confiscated by Russian Authorities Returned with Monokle-Type Spyware Installed
https://citizenlab.ca/2024/12/device-confiscated-by-russian-authorities-returned-with-monokle-type-spyware-installed/
Malimite: iOS decompiler designed to analyze and decode IPA files
Built on top of Ghidra to offer direct support for Swift, Objective-C, and iOS resources
https://github.com/LaurieWired/Malimite
Automatically decode Android apps and searche for secrets
https://trufflesecurity.com/blog/cracking-open-apk-files-at-scale
Android Flutter malware analysis by Axelle Apvrille (Fortinet)
Presentation: https://youtu.be/K9Ekxo-K_QY?si=W-QhYvcVEYxTCKwz
Slides: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/slides/Slides-Android-Flutter-malware.pdf
Paper: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/papers/Android-Flutter-malware.pdf
How to build portable hacking lab and control it with a smartphone
https://www.mobile-hacker.com/2024/10/04/portable-hacking-lab-control-the-smallest-kali-linux-with-a-smartphone/
Android's CVE-2020-0238 (AccountTypePreferenceLoader)
https://pwner.gg/blog/Android's-CVE-2020-0238
Police in India warns about 'wedding card scam' Android malware being distributed via WhatsApp
[Does anyone here has this malware sample to share? If so, please post a comment or send me a message. Thanks!]
https://www.msn.com/en-in/money/news/police-of-the-four-biggest-states-in-india-warn-about-this-wedding-card-scam-on-whatsapp-that-people-have-lost-lakhs-to/ar-AA1uLCma
Mobile scareware now mimics cracked smartphone screen as a result of a fake virus infection
https://www.mobile-hacker.com/2024/11/27/smartphone-scareware-cracked-screen-as-a-result-of-virus/
SMS blaster - gang that drove around Bangkok sending thousands of phishing messages by impersonating cellular base station
https://techcrunch.com/2024/11/25/authorities-catch-sms-blaster-gang-that-drove-around-bangkok-sending-thousands-of-phishing-messages/
Bluetooth RCE allows to compromise the car to be able to record in-car audio, take screenshots, and download contacts from a Skoda Superb over the Internet
https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf
Denial-of-service (DoS) bug that affects Messenger for iOS
https://s11research.com/posts/Messenger-Group-Call-DoS-for-iOS/
BoneSpy and PlainGnome: Two Russian Android Spyware Families Discovered and Connected to Gamaredon APT
https://www.lookout.com/threat-intelligence/article/gamaredon-russian-android-surveillanceware
Mobile Threat Landscape Report by Lookout in Q3 2024
-10 Most Common Mobile Browser Vulnerabilities
-5 Most Common Mobile App Vulnerabilities
-10 Most Encountered Malware Families in Q3 2024
https://www.lookout.com/threat-intelligence/report/q3-2024-mobile-landscape-threat-report-copy
AppLite: A New AntiDot Variant Targeting Mobile Employee Devices
https://www.zimperium.com/blog/applite-a-new-antidot-variant-targeting-mobile-employee-devices/
Deobfuscate Android App: LLM tool to find any potential security vulnerabilities in Android apps and deobfuscate Android app code
https://github.com/In3tinct/deobfuscate-android-app
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
https://www.trendmicro.com/en_us/research/24/l/earth-minotaur.html
Trying to exploit my old Android using CVE-2020-0401 (PackageManagerService)
https://pwner.gg/blog/Android's-CVE-2020-0401
DroidBot: Insights from a new Turkish MaaS fraud operation
https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation?s=03
Cybercriminals Use NFC Relay to Turn Stolen Credit Cards into Cash without a PIN
https://www.mobile-hacker.com/2024/12/02/cybercriminals-use-nfc-relay-to-turn-stolen-credit-cards-into-cash-without-a-pin/
The Ultimate Handheld Hacking Device - My Experience with NetHunter
https://andy.codes/blog/security_articles/2024-11-27-the-ultimate-handheld-hacking-device.html
Introduction to Fuzzing Android Native Components using tools like AFL++ and QEMU
https://blog.convisoappsec.com/en/introduction-to-fuzzing-android-native-components/
Analyzing the Integration of Effective Defenses against One-Day Exploits in Android Kernels
https://www.usenix.org/system/files/usenixsecurity24-maar-defects.pdf
SpyLoan: A Global Threat Exploiting Social Engineering
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyloan-a-global-threat-exploiting-social-engineering/
Rooting an Android POS "Smart Terminal" to steal credit card information
Paper: https://www.nohat.it/slides/2024/jannone.pdf
Presentation: https://www.youtube.com/watch?v=a9BFGlxP71Y