Android Security & Malware

2022-04-27 00:35:43 Google Play developers must declare what data their software collects from users of their app.
(Developers can begin declaring how collected data is used starting today, with the deadline to complete their submissions being July 20th, 2022) https://www.bleepingcomputer.com/news/security/google-play-store-now-forces-apps-to-disclose-what-data-is-collected/ Open / Comment

2022-04-25 11:45:23 Android Bianlian Botnet (AKA Hydra) Trying to Bypass Photo TAN Used for Mobile Banking
https://www.fortinet.com/blog/threat-research/android-bianlian-botnet-mobile-banking Open / Comment

2022-04-21 14:07:17 RCE vulnerability found in Qualcomm/MediaTek chips would allow attacker to gain control over a user's multimedia data, including streaming from a compromised machine's camera (CVE-2021-0674, CVE-2021-0675, CVE-2021-30351)

Exploitation: A threat actor could have sent a song (media file) and when played by a potential victim, it could have injected code in the privileged media service. The threat actor could have seen what the mobile phone user sees on their phone.
https://blog.checkpoint.com/2022/04/21/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/ Open / Comment

2022-04-20 00:02:14 A Year in Review of 0-days Used In-the-Wild in 2021 by Google
In 2021 there were 7 #Android in-the-wild 0-days detected and disclosed:
- Qualcomm Adreno GPU driver (CVE-2020-11261, CVE-2021-1905, CVE-2021-1906)
- ARM Mali GPU driver (CVE-2021-28663, CVE-2021-28664)
- Upstream Linux kernel (CVE-2021-1048, CVE-2021-0920)

For the 5 total #iOS and macOS in-the-wild 0-days, they targeted 3 different attack surfaces:
- IOMobileFrameBuffer (CVE-2021-30807, CVE-2021-30883)
- XNU Kernel (CVE-2021-1782 & CVE-2021-30869)
- CoreGraphics (CVE-2021-30860)
- CommCenter (FORCEDENTRY sandbox escape - CVE requested, not yet assigned)
https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html Open / Comment

2022-04-19 18:18:12 Mobile MitM: Intercepting your Android App Traffic On the Go

https://www.eff.org/deeplinks/2022/04/mobile-mitm-intercepting-your-android-app-traffic-go Open / Comment

2022-04-19 13:03:12 Windows 11 ToolBox script used to add the Google Play Store to the Android Subsystem has secretly infected users with malicious scripts
https://www.bleepingcomputer.com/news/security/windows-11-tool-to-add-google-play-secretly-installed-malware/ Open / Comment

2022-04-19 10:21:54 Spyware Operation infected 63 targets with Pegasus (iOS), and four others with Candiru (Windows) spyware

-To compromise victims devices was used a previously-undisclosed iOS zero-click vulnerability called HOMAGE used by NSO Group
-Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations. Family members were also infected in some cases
https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/ Open / Comment

2022-04-14 20:27:00 CVE-2021-1782, an iOS in-the-wild vulnerability in vouchers

https://googleprojectzero.blogspot.com/2022/04/cve-2021-1782-ios-in-wild-vulnerability.html Open / Comment

2022-04-14 11:00:51 Detailed analysis of Android Escobar bot
https://valsamaras.medium.com/escobars-bot-post-mortem-b6221196d6a4 Open / Comment

2022-04-14 01:01:03 Step-by-step guide to reverse an APK protected with DexGuard using Jadx
https://blog.lexfo.fr/dexguard.html Open / Comment