Mobile Security
@Nethanella
Reverse Engineer | Mobile Malware Research | Mobile Financial Threats
#Octo2 It looks like a campaign targeting France with the following 3 samples: 504cf0b50a59ea8f247491e3d176dfb665e39bd1dbc60a4eefbc330d6a4cf0af (without dropper) seeds:"kurbanguly","CAAV", "uQx7z9PBfCHGNmDqyiOR" tlds:"com,net,org,info,in,ir,uk,au,de,ua,ca,us" [1/4]
Check out how we bypassed root detection and other protections for high security Android apps
We broke commercial root detection in Android apps 🔓📲 We targeted sensitive apps - finance, security, government - which use commercial protections. We got them running on rooted devices. That gave us full control to modify app behavior however we wanted. 👇
At @LucidBitLabs, we broke commercial root detection in apps with top-tier app protections in place (RASP). Full write up - lucidbitlabs.com/blog/commercia…
⚠️ While investigating a new CEO fraud campaign, I discovered that attackers are using a trick to bypass the redirect warning usually shown by Google (google[.]com/url?q=https://www.example[.]com). This open redirect allows attackers to evade certain detections and stealthily…
ESET Threat Report H1 2025: #ClickFix attacks surge 500%, SnakeStealer tops infostealer charts, and NFC fraud jumps 35x. Plus, chaos in the ransomware underworld and a new Android adware menace—Kaleidoscope. Dive into the full report: web-assets.esetstatic.com/wls/en/papers/… #ESETresearch
Iran's Largest Crypto Exchange Nobitex Allegedly Breached by Hacktivist Group dailydarkweb.net/irans-largest-…
Israeli Organizations Weizmann Institute, Mor-logistics, and Agura B.C. LTD Allegedly Breached by Handala Hacking Group dailydarkweb.net/israeli-organi…
Webkit: Cross-site CSS rule and redirect URL disclosure project-zero.issues.chromium.org/issues/4081721…
Are you a network protocol reverse engineer? Tired of writing Wireshark plugins in memory unsafe or esoteric languages named after celestial objects? Now you can do it in a few lines of Go, Python or Rust with Wirego. Benoit Girard explains how here: blog.quarkslab.com/getting-starte…
New blog: Crocodilus mobile malware, evolving fast, going global First spotted in March, it’s now expanding globally with smarter tactics and a growing focus on crypto. Read the blog here: hubs.ly/Q03qlTqT0 #MobileMalware #CyberSecurity #Crocodilus #ThreatIntelligence
"DisARMing" code - an exploration into systems programming, #debugging & #reverseEngineering on #Linux/#Android/#Darwin and #Aarch64! 510+ pages #book in COLOR(!) NewDebuggingBook.com for details, because there's more to detail than the margins of a Twitter message can hold.
I’ve developed a Binary Ninja plugin to load encrypted riscy-business bytecode. It locates the encryption key, decrypts the bytecode, auto-renames initial functions, resolves import table entries, and annotates VM-specific syscalls. An example binary is included in the repository
Big news: Windows Subsystem for Linux is now Open Source! 🎉 Download WSL, build from source, contribute fixes & features, and join its active development. Learn more: msft.it/6018SjYoE
🚨The LockBit onion site has been breached. Their database has been leaked, which includes Bitcoin wallet addresses, private keys, chat logs, and information on their affiliates. The hacker left a note “Don’t do crime, crime is bad xoxo from Prague”
(1/5)‼️ Our team has dissected "SuperCard X," a novel Android malware leveraging NFC relay for fraudulent cash-out. This MaaS campaign, attributed to Chinese-speaking threat actors, presents an intriguing case study in evolving mobile fraud techniques.
#RootlessJailbreak #Detection #Dopamine We explore 10 real-world iOS detection techniques apps use to detect rootless jailbreaks like Dopamine — from XPC tricks to filesystem checks. We built a Frida script to dynamically work around each one! Watch now: youtu.be/nzBcY1xnVl4?si…
A new mobile banking Trojan has emerged—#Crocodilus. Discovered during regular threat hunting, it’s already showing capabilities that rival top malware families, including device takeover and advanced credential theft. tinyurl.com/2t9f3sv2 #BankingTrojan #ThreatFabric
It looks like someone is having fun uploading some suspicious APK files to @github and distributing then using tinyurl.. 🤔 github.com/amar0282 shortened link to one of the apks: http://tinyurl[.]com/ViewChallan-B4F7 It seems it is a miner tria.ge/250330-vcl23sv… 🤔