Found 73 bookmarks
Custom sorting
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Microsoft discovered a vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s internal data storage directory, which could lead to arbitrary code execution and token theft, among other impacts. We have shared our findings with Google’s Android Application Security Research team, as well as the developers of apps found vulnerable to this issue. We anticipate that the vulnerability pattern could be found in other applications. We’re sharing this research more broadly so developers and publishers can check their apps for similar issues, fix as appropriate, and prevent them from being introduced into new apps or releases.
#microsoft#EN#2024#Android#vulnerable#application#share#Dirty-stream
·microsoft.com·
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Chinese Keyboard App Vulnerabilities Explained
Chinese Keyboard App Vulnerabilities Explained
We analyzed third-party keyboard apps Tencent QQ, Baidu, and iFlytek, on the Android, iOS, and Windows platforms. Along with Tencent Sogou, they comprise over 95% of the market share for third-party keyboard apps in China. This is an FAQ for the full report titled "The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers."
#citizenlab#EN#2024#Chinese#Keyboard#App#Vulnerabilities#Tencent#Baidu#Android#iOS
·citizenlab.ca·
Chinese Keyboard App Vulnerabilities Explained
Flubot: the evolution of a notorious Android Banking Malware
Flubot: the evolution of a notorious Android Banking Malware
Flubot is an Android based malware that has been distributed in the past 1.5 years in Europe, Asia and Oceania affecting thousands of devices of mostly unsuspecting victims. Like the majority of Android banking malware, Flubot abuses Accessibility Permissions and Services in order to steal the victim’s credentials, by detecting when the official banking application is open to show a fake web injection, a phishing website similar to the login form of the banking application. An important part of the popularity of Flubot is due to the distribution strategy used in its campaigns, since it has been using the infected devices to send text messages, luring new victims into installing the malware from a fake website. In this article we detail its development over time and recent developments regarding its disappearance, including new features and distribution campaigns.
#foxit#EN#2022#Flubot#Android#Banking#Malware#evolution#research
·blog.fox-it.com·
Flubot: the evolution of a notorious Android Banking Malware
Flubot: the evolution of a notorious Android Banking Malware
Flubot: the evolution of a notorious Android Banking Malware
Flubot is an Android based malware that has been distributed in the past 1.5 years in Europe, Asia and Oceania affecting thousands of devices of mostly unsuspecting victims. Like the majority of Android banking malware, Flubot abuses Accessibility Permissions and Services in order to steal the victim’s credentials, by detecting when the official banking application is open to show a fake web injection, a phishing website similar to the login form of the banking application. An important part of the popularity of Flubot is due to the distribution strategy used in its campaigns, since it has been using the infected devices to send text messages, luring new victims into installing the malware from a fake website. In this article we detail its development over time and recent developments regarding its disappearance, including new features and distribution campaigns.
#foxit#EN#2022#Flubot#Android#Banking#Malware#evolution#research
·blog.fox-it.com·
Flubot: the evolution of a notorious Android Banking Malware
Flubot: the evolution of a notorious Android Banking Malware
Flubot: the evolution of a notorious Android Banking Malware
Flubot is an Android based malware that has been distributed in the past 1.5 years in Europe, Asia and Oceania affecting thousands of devices of mostly unsuspecting victims. Like the majority of Android banking malware, Flubot abuses Accessibility Permissions and Services in order to steal the victim’s credentials, by detecting when the official banking application is open to show a fake web injection, a phishing website similar to the login form of the banking application. An important part of the popularity of Flubot is due to the distribution strategy used in its campaigns, since it has been using the infected devices to send text messages, luring new victims into installing the malware from a fake website. In this article we detail its development over time and recent developments regarding its disappearance, including new features and distribution campaigns.
#foxit#EN#2022#Flubot#Android#Banking#Malware#evolution#research
·blog.fox-it.com·
Flubot: the evolution of a notorious Android Banking Malware
Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box
Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box
Some time ago, we intercepted a dubious ELF sample exhibiting zero detection on VirusTotal. This sample, named pandoraspear and employing a modified UPX shell, has an MD5 signature of 9a1a6d484297a4e5d6249253f216ed69. Our analysis revealed that it hardcoded nine C2 domain names, two of which had lapsed beyond their expiration protection period. We seized this opportunity to register these domains to gauge the botnet's scale. At its peak, we noted approximately 170,000 daily active bots, predominantly in Brazil.employing a modified UPX shell, has an MD5 signature of 9a1a6d484297a4e5d6249253f216ed69. Our analysis revealed that it hardcoded nine C2 domain names, two of which had lapsed beyond their expiration protection
#xlab.qianxin.com#EN#2024#Hidden#Cyber#Threat#Android#TV#Set-Top#Box
·blog.xlab.qianxin.com·
Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box
Flubot: the evolution of a notorious Android Banking Malware
Flubot: the evolution of a notorious Android Banking Malware
Flubot is an Android based malware that has been distributed in the past 1.5 years in Europe, Asia and Oceania affecting thousands of devices of mostly unsuspecting victims. Like the majority of Android banking malware, Flubot abuses Accessibility Permissions and Services in order to steal the victim’s credentials, by detecting when the official banking application is open to show a fake web injection, a phishing website similar to the login form of the banking application. An important part of the popularity of Flubot is due to the distribution strategy used in its campaigns, since it has been using the infected devices to send text messages, luring new victims into installing the malware from a fake website. In this article we detail its development over time and recent developments regarding its disappearance, including new features and distribution campaigns.
#foxit#EN#2022#Flubot#Android#Banking#Malware#evolution#research
·blog.fox-it.com·
Flubot: the evolution of a notorious Android Banking Malware
Flubot: the evolution of a notorious Android Banking Malware
Flubot: the evolution of a notorious Android Banking Malware
Flubot is an Android based malware that has been distributed in the past 1.5 years in Europe, Asia and Oceania affecting thousands of devices of mostly unsuspecting victims. Like the majority of Android banking malware, Flubot abuses Accessibility Permissions and Services in order to steal the victim’s credentials, by detecting when the official banking application is open to show a fake web injection, a phishing website similar to the login form of the banking application. An important part of the popularity of Flubot is due to the distribution strategy used in its campaigns, since it has been using the infected devices to send text messages, luring new victims into installing the malware from a fake website. In this article we detail its development over time and recent developments regarding its disappearance, including new features and distribution campaigns.
#foxit#EN#2022#Flubot#Android#Banking#Malware#evolution#research
·blog.fox-it.com·
Flubot: the evolution of a notorious Android Banking Malware
Android Kitchen Sink: Send BLE spam to iOS, Android and Windows at once using Android app - Mobile Hacker
Android Kitchen Sink: Send BLE spam to iOS, Android and Windows at once using Android app - Mobile Hacker
The Kitchen Sink is a name of Bluetooth Low Energy (BLE) attack that sends random advertisement packets that targets iOS, Android, and Windows devices the same time in the vicinity. The attack is called “Kitchen Sink” because it tries to send every possible packet in the list, similar to the phrase “everything but the kitchen
#mobile-hacker#EN#2023#BLE#spam#Android
·mobile-hacker.com·
Android Kitchen Sink: Send BLE spam to iOS, Android and Windows at once using Android app - Mobile Hacker
0-days exploited by commercial surveillance vendor in Egypt
0-days exploited by commercial surveillance vendor in Egypt
Last week Google’s Threat Analysis Group (TAG), in partnership with The Citizen Lab, discovered an in-the-wild 0-day exploit chain for iPhones. Developed by the commercial surveillance vendor, Intellexa, this exploit chain is used to install its Predator spyware surreptitiously onto a device. In response, yesterday, Apple patched the bugs in iOS 16.7 and iOS 17.0.1 as CVE-2023-41991, CVE-2023-41992, CVE-2023-41993. This quick patching from Apple helps to better protect users and we encourage all iOS users to install them as soon as possible.
#Google#EN#2023#TAG#Apple#Android#CitizenLab#Predator#spyware#Intellexa#CVE-2023-41993#CVE-2023-41991#CVE-2023-41992#Exploit#Chain#0-days
·blog.google·
0-days exploited by commercial surveillance vendor in Egypt
#FuckStalkerware pt. 3 - ownspy got, well, owned
#FuckStalkerware pt. 3 - ownspy got, well, owned
we continue our series on stalkerware with a write-up and batch of data sent to me by a source last night. this time it is the brazilian ownspy (aka webdetective and saferspy, by mobileinnova) that has been completely hacked. among other things ownspy claims to be the #1 most privacy focused "parental control app" allegedly featuring E2E encryption, if this sounds too good to be true that's because it mostly is, but more on that later.
#FuckStalkerware#stalkerware#research#analysis#leak#sqli#exploit#nyancrimew#maia-arson-crimew#android#switzerland#hacktivism#lucerne#developer
·maia.crimew.gay·
#FuckStalkerware pt. 3 - ownspy got, well, owned
Flubot: the evolution of a notorious Android Banking Malware
Flubot: the evolution of a notorious Android Banking Malware
Flubot is an Android based malware that has been distributed in the past 1.5 years in Europe, Asia and Oceania affecting thousands of devices of mostly unsuspecting victims. Like the majority of Android banking malware, Flubot abuses Accessibility Permissions and Services in order to steal the victim’s credentials, by detecting when the official banking application is open to show a fake web injection, a phishing website similar to the login form of the banking application. An important part of the popularity of Flubot is due to the distribution strategy used in its campaigns, since it has been using the infected devices to send text messages, luring new victims into installing the malware from a fake website. In this article we detail its development over time and recent developments regarding its disappearance, including new features and distribution campaigns.
#foxit#EN#2022#Flubot#Android#Banking#Malware#evolution#research
·blog.fox-it.com·
Flubot: the evolution of a notorious Android Banking Malware
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
We would like to thank The Citizen Lab for their cooperation, support and inputs into this research. * Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox). * Our research specifically looks at two components of this mobile spyware suite known as “ALIEN” and “PREDATOR,” which compose the backbone of the spyware implant. Our findings include an in-depth walkthrough of the infection chain, including the implants’ various information-stealing capabilities. * A deep dive into both spyware components indicates that ALIEN is more than just a loader for PREDATOR and actively sets up the low-level capabilities needed for PREDATOR to spy on its victims. * We assess with high confidence that the spyware has two additional components — tcore (main component) and kmem (privilege escalation mechanic) — but we were unable to obtain and analyze these modules. * If readers suspect their system(s) may have been compromised by commercial spyware, please consider notifying Talos’ research team at talos-mercenary-spyware-help@external.cisco.com to assist in furthering the community’s knowledge of these threats.
#talosintelligence#EN#2023#PREDATOR#spyware#Intellexa#ALIEN#analysis#Android
·blog.talosintelligence.com·
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
Inner workings revealed for “Predator,” the Android malware that exploited 5 0-days
Inner workings revealed for “Predator,” the Android malware that exploited 5 0-days
Spyware is sold to countries including Egypt, Indonesia, Oman, Saudi Arabia, and Serbia. Smartphone malware sold to governments around the world can surreptitiously record voice calls and nearby audio, collect data from apps such as Signal and WhatsApp, and hide apps or prevent them from running upon device reboots, researchers from Cisco’s Talos security team have found.
#arstechnica#EN#2023#Smartphone#PREDATOR#0-days#spyware#Android
·arstechnica.com·
Inner workings revealed for “Predator,” the Android malware that exploited 5 0-days
Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices
Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices
An overview of the Lemon Group’s use of preinfected mobile devices, and how this scheme is potentially being developed and expanded to other internet of things (IoT) devices. This research was presented in full at the Black Hat Asia 2023 Conference in Singapore in May 2023.
#trendmicro#EN#2023#malware#cyber-crime#LemonGroup#Preinfected#Guerrilla#Android#mobile#mobile-device#IoT#AndroidOS_Guerilla
·trendmicro.com·
Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices
Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study
Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study
A recent study shows that top-of-the-line Android phones sold in China are a total privacy nightmare.
#gizmodo#EN#2023#Android#Information-privacy#Privacy-concerns-with-social-networking-services#Privacy#Surveillance#Human-rights#OnePlus#Internet-privacy#Xiamoi#Smartphones#Oppo-Realme#Computing#Terms-of-service#Operating-systems#Baidu#Digital-technology#Gizmodo
·gizmodo.com·
Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study