Topics

#1 Dalil app -Caller ID mondogoDB leak

#2 Android Messaging: A Few Bugs Short of a Chain

#3 Gone in six seconds? Exploiting car alarms

#4 How I hacked my Xiaomi MiBand 2 fitness tracker — a step-by-step Linux guide by Andrey Nikishaev

#5 Owner of MAGA-Friendly Yelp Knockoff Threatens to Call FBI After Researcher Exposes Security Holes

#6 N Ways to Unpack Mobile Malware

#7 SimBad: A Rogue Adware Campaign On Google Play

#8 Adware hiding behind beauty filters on Google Play Store

#9 Stupid apps on the Play Store promise to magically update your phone to a new Android version

#10 Android Q steps up the fight against overlay-based malware

#11 Android Q to get a ton of new privacy features

#12 Two thirds of Android antivirus apps are useless

#13 Nokia send data to china

#14 No, the Samsung Notification app update is not dangerous

#15 Pat Bear (APT-C-37): Continued to expose attacks on an armed organization

#16 Doctor Web: Android banker Flexnet uses computer games to steal money from users

#17 Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications

#18 Exodus: New Android Spyware Made in Italy

#19 The same authors targeting Turkish 🇹🇷 users now are focusing on users from Netherlands 🇳🇱. Discovered in Google Play Store

The same authors targeting Turkish 🇹🇷 users now are focusing on users from Netherlands 🇳🇱. Discovered in Google Play Store #BankBot #malware pic.twitter.com/nW74hMPzNF — apklab.io (@apklabio) March 29, 2019

#20 Bankbot variants in Play Store

One query to detect them all ⚡️

A combination of static and dynamic features to discover the rest of the Turkish #Bankbot variants in Play Store. pic.twitter.com/hS7XtRpIT8 — apklab.io (@apklabio) March 28, 2019

#21 Android BankBot found on Google Play

#22 Leaks found in Android Gearbest app

#23 Awakening the beast: BatMobi adware

#24 Gretel A7 phone comes with pre-installed malware

#25 Anubis II – malware and afterlife

#26 Android ecosystem of pre-installed apps is a privacy and security mess

#27 Android fake Antivirus #1

This IS an un-reliable Mobile AV in @GooglePlay:

– Uses KavSDK and not updated from 2014 {?}

– Whitelist of apps

– Update server cannot be reached pic.twitter.com/SohMp069b8 — Nikolaos Chrysaidos (@virqdroid) March 20, 2019

#28 New version of #Asacub banking trojan missuses accessibility services to send WhatsApp messages

New version of #Asacub banking trojan released just before International Women's Rights Day is now able to use WhatsApp to send messages containing malicious links from the infected device. Here are some icons used by this version pic.twitter.com/fS4KIRhE7Q — Tatyana Shishkova (@sh1shk0va) March 7, 2019

#29 Android Security & Privacy 2018 Year In Review

#30 Fake Apex Legends: The battle royale of malware

#31 Hundreds of millions of UC Browser users for Android are threatened

#32 MobiiSpy – spyware that leaks users data

#33 Android fake Antivirus #2

Fake Android AntiVirus for €79,99 available since 2015



-malware database contains only up to 500 static signatures

-can download update database but server is down

-offers different products but all are with the same functionality pic.twitter.com/9qf1Keep8v — Lukas Stefanko (@LukasStefanko) March 22, 2019

#34 Android fake Antivirus #3

More fake Antivirus apps on Google Play.



-2 apps with 2,000,000+ installs

-uses 4 years old virus database

-uses 4 years old clean database

-uses VirusTotal scan results



Found by @Krishnan554 pic.twitter.com/cSf8ZYprtw — Lukas Stefanko (@LukasStefanko) March 18, 2019

#35 5 new versions of Brazilian android RAT found on Google Play

5 new versions of brazilian android RAT, thye last one still available in @GooglePlay https://t.co/Addl6xIMVO



follow thread to get sha256 hashes@LukasStefanko @apklabio @fs0c131y — Emilio (@emilio_simoni) March 15, 2019

#36 How Android Banking Malware discovered on Google Play works

How Android Banking Malware discovered on Google Play works



Yesterday I reported 2 apps on Play Store that targeted over 240 financial apps.



App were installed over 2,000 times.



One of them discovered by @0xabc0! pic.twitter.com/iRhDeZyqWt — Lukas Stefanko (@LukasStefanko) March 13, 2019

#37 Android fake Antivirus #4

How to bypass detection of fake Antivirus



Over 1,000,000 people rely on fake AntiVirus app.



This AV uses simple whitelist/blacklist filter of package names and activities to protect users

I demonstrated this with 2 apps having same functionality but with different package names pic.twitter.com/hFk5WfEA6U — Lukas Stefanko (@LukasStefanko) March 11, 2019

#38 Remove is not Uninstall Found 3 apps on Google Play with over 700,000 installs that use interesting persistence technique.

Remove is not Uninstall



Found 3 apps on Google Play with over 700,000 installs that use interesting persistence technique.



When user realizes app is not as described, he can only remove the app icon not uninstall the app itself.



How it works I explained it in the video: pic.twitter.com/HrAVw6TTLq — Lukas Stefanko (@LukasStefanko) March 5, 2019

#39 Samsung Galaxy S10 facial recognition fooled by a video of the phone owner

#40 CometBot V2 – Another Android Banking Botnet

CometBot V2 – Another Android Banking Botnet



-available in underground forum since February 2019

-targets banks in #Germany 🇩🇪

-intercepts mTANs

-malware is based on BankBot (discovered in 2016)

-price: 850€

-video demo pic.twitter.com/mKHUaICpK7 — Lukas Stefanko (@LukasStefanko) March 5, 2019

#41 Fake MetaMask app found on Google Play as the second top result

Fake MetaMask app found on Google Play as the second top result.



Fake app impersonates @metamask_io service to steal Private Key or Seed Words for Ethereum wallet. #reported pic.twitter.com/UioeRRr3mG — Lukas Stefanko (@LukasStefanko) March 4, 2019

BONUS #1 Mobile Security class + CTF

BONUS #2 Analysing Apple Pay Transactions

BONUS #3 Hearing your touch: a new acoustic side channel on smartphones

BONUS #4 Efficient way to pentest Android Chat Applications

BONUS #5 Repacking iOS applications

BONUS #6 Convert an APK to an Android Studio Project using multiple open-source decompilers