40562
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Android BADBOX Botnet Is Back
https://www.bitsight.com/blog/badbox-botnet-back
Screen recording Android spyware distributed through Amazon Appstore
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyware-distributed-through-amazon-appstore/
Authorities in Serbia used Cellebrite to unlock mobile phones so they could then infect them with NoviSpy Android malware
https://securitylab.amnesty.org/latest/2024/12/a-digital-prison-surveillance-and-the-suppression-of-civil-society-in-serbia/
How to detect ARP spoofing attack using Android app
https://www.mobile-hacker.com/2024/12/16/detect-arp-spoofing-attack-using-android-app/
My other ClassLoader is your ClassLoader: Creating evil twin instances of a class
https://i.blackhat.com/EU-24/Presentations/EU-24-Valsamaras-My-other-classloader.pdf
Vulnerabilities in the eSIM download protocol
http://i.blackhat.com/EU-24/Presentations/EU-24-Ahmed-VulnerabilitiesIneSIM.pdf
Bluetooth RCE allows to compromise the car to be able to record in-car audio, take screenshots, and download contacts from a Skoda Superb over the Internet
https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf
Denial-of-service (DoS) bug that affects Messenger for iOS
https://s11research.com/posts/Messenger-Group-Call-DoS-for-iOS/
BoneSpy and PlainGnome: Two Russian Android Spyware Families Discovered and Connected to Gamaredon APT
https://www.lookout.com/threat-intelligence/article/gamaredon-russian-android-surveillanceware
Mobile Threat Landscape Report by Lookout in Q3 2024
-10 Most Common Mobile Browser Vulnerabilities
-5 Most Common Mobile App Vulnerabilities
-10 Most Encountered Malware Families in Q3 2024
https://www.lookout.com/threat-intelligence/report/q3-2024-mobile-landscape-threat-report-copy
AppLite: A New AntiDot Variant Targeting Mobile Employee Devices
https://www.zimperium.com/blog/applite-a-new-antidot-variant-targeting-mobile-employee-devices/
Deobfuscate Android App: LLM tool to find any potential security vulnerabilities in Android apps and deobfuscate Android app code
https://github.com/In3tinct/deobfuscate-android-app
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
https://www.trendmicro.com/en_us/research/24/l/earth-minotaur.html
Trying to exploit my old Android using CVE-2020-0401 (PackageManagerService)
https://pwner.gg/blog/Android's-CVE-2020-0401
DroidBot: Insights from a new Turkish MaaS fraud operation
https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation?s=03
Exploring Marauder, Bruce, and Ghost ESP on Cheap Yellow Device
https://www.mobile-hacker.com/2024/12/23/exploring-marauder-bruce-and-ghost-esp-on-cheap-yellow-device/
Diving into ADB protocol internals (2/2)
https://www.synacktiv.com/publications/diving-into-adb-protocol-internals-22.html
Discovery of 6 vulnerabilities in one Qualcomm driver and one of the used as In-the-Wild exploit
https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html
WiFi Calling: Revealing Downgrade Attacks and Not-so-private private Keys
https://i.blackhat.com/EU-24/Presentations/EU-24-DabrowskiGegenhuber-WiFi-Calling-Revealing-Downgrade-Attacks.pdf
Unmasking State-Sponsored Mobile Surveillance Malware from Russia, China, and North Korea – Threat Actors, Tactics, and Defense Strategies
https://i.blackhat.com/EU-24/Presentations/EU-24-V2-Islamoglu-Unmasking-State-Sponsored-Mobile-Surveillance.pdf
Android's CVE-2022-20201 (InstalldNativeService)
https://pwner.gg/blog/Android's-CVE-2022-20201
Understanding XSS in Android Apps
anandrishav2228/earn-10-000-xss-in-android-apps-scratch-to-advance-cb3aa6c2b98f" rel="nofollow">https://medium.com/@anandrishav2228/earn-10-000-xss-in-android-apps-scratch-to-advance-cb3aa6c2b98f
A New Android Banking Trojan Masquerades as Utility and Banking Apps in India
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india/
Bluetooth and Wi-Fi Jamming using Flipper Zero
https://www.mobile-hacker.com/2024/12/12/bluetooth-and-wi-fi-jamming-using-flipper-zero/
EagleMsgSpy: New Chinese Android Surveillance Tool Used by Public Security Bureaus
https://www.lookout.com/threat-intelligence/article/eaglemsgspy-chinese-android-surveillanceware
OWApp Benchmark Suite: A comprehensive framework designed to automate and enhance the benchmarking process for mobile applications, particularly within the context of security analysis
https://github.com/Mobile-IoT-Security-Lab/OWApp-Benchmarking-Suite
Android smartphone Confiscated by Russian Authorities Returned with Monokle-Type Spyware Installed
https://citizenlab.ca/2024/12/device-confiscated-by-russian-authorities-returned-with-monokle-type-spyware-installed/
Malimite: iOS decompiler designed to analyze and decode IPA files
Built on top of Ghidra to offer direct support for Swift, Objective-C, and iOS resources
https://github.com/LaurieWired/Malimite
Automatically decode Android apps and searche for secrets
https://trufflesecurity.com/blog/cracking-open-apk-files-at-scale
Android Flutter malware analysis by Axelle Apvrille (Fortinet)
Presentation: https://youtu.be/K9Ekxo-K_QY?si=W-QhYvcVEYxTCKwz
Slides: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/slides/Slides-Android-Flutter-malware.pdf
Paper: https://www.virusbulletin.com/uploads/pdf/conference/vb2024/papers/Android-Flutter-malware.pdf