HackDig : Dig high-quality web security articles for hacker

The Clicking Bot Applications

Cyber crime, like any crime, has its motives; each malware has its own malicious profit. Spyware spies on you. Ransomware demands a ransom to decrypt your private digital data. Phishing Malware phishes for your username, password or account numbers. Installation-fraud achieves fake software installations. Ad fraud fraudulently represents online advertisement
Publish At:2017-11-07 10:45 | Read:556 | Comments:0 | Tags:Analysts Android App Security Mobile Malware Threat Research

App Stores that Formerly Coddled ZNIU Found Distributing a New iXintpwn/YJSNPI Variant

by Lilang Wu, Ju Zhu, and Moony Li We covered iXintpwn/YJSNPI in a previous blog post and looked into how it renders an iOS device unresponsive by overflowing it with icons. This threat comes in the form of an unsigned profile that crashes the standard application that manages the iOS home screen when installed. The malicious profile also exploits certain fe
Publish At:2017-11-02 20:40 | Read:231 | Comments:0 | Tags:Bad Sites Malware Mobile android app stores iOS

Dangerous liaisons

It seems just about everyone has written about the dangers of online dating, from psychology magazines to crime chronicles. But there is one less obvious threat not related to hooking up with strangers – and that is the mobile apps used to facilitate the process. We’re talking here about intercepting and stealing personal information and the de-anonymi
Publish At:2017-10-24 11:55 | Read:206 | Comments:0 | Tags:Featured Mobile threats Android Certificate HTTPS iOS Mobile

AhMyth Android RAT, another open source Android RAT Tool available on GitHub

The source code of a new Android Remote Administration Tool is available on GitHub, it is dubbed AhMyth Android RAT. You just have to download and test it. The source code of a new Android Remote Administration Tool is available on GitHub, it is dubbed AhMyth Android RAT. The malicious code is still in beta version, the AhMyth Android RAT consists of two par
Publish At:2017-10-23 18:55 | Read:220 | Comments:0 | Tags:Breaking News Malware Mobile AhMyth Android RAT Android Hack

Validating Machine Learning Detection of Mobile Malware

Zimperium’s core machine learning engine, z9, has a proven track record of detecting zero-day exploits. We recently announced an extension of the framework that detects previously unknown mobile malware. This extension is known as “z9 for Mobile Malware”, and was officially announced in September 2017. Internally, the code name has been “Cogito”, so this res
Publish At:2017-10-21 13:50 | Read:186 | Comments:0 | Tags:Android Mobile Malware Mobile security Mobile Threat Defense

ZNIU, the first Android malware family to exploit the Dirty COW vulnerability

Security experts at Trend Micro have recently spotted a new strain of Android malware, dubbed ZNIU, that exploits the Dirty COW Linux kernel vulnerability. The Dirty COW vulnerability was discovered by the security expert Phil Oester in October 2016, it could be exploited by a local attacker to escalate privileges. The name ‘Dirty COW’ is due to
Publish At:2017-09-27 05:25 | Read:365 | Comments:0 | Tags:Breaking News Cyber Crime Malware Mobile Android CVE-2016-51

ZNIU: First Android Malware to Exploit Dirty COW Vulnerability

By Jason Gu, Veo Zhang, and Seven Shen We have disclosed this security issue to Google, who verified that they have protections in place against ZNIU courtesy of Google Play Protect. The Linux vulnerability called Dirty COW (CVE-2016-5195) was first disclosed to the public in 2016. The vulnerability was discovered in upstream Linux platforms such as Redhat,
Publish At:2017-09-25 23:15 | Read:204 | Comments:0 | Tags:Bad Sites Malware Mobile Vulnerabilities android Dirty COW L

Android Nougat’s worst anti-security mechanism

If you are a pentester like me, you are doing mobile application reviews on Android. One of the most important things to check is the server API. On the other hand we might want to see what possibilities a server has to influence the Android app with its responses. For both the easiest and most straight forward method is to do a Man-In-The-Middle attack in t
Publish At:2017-09-24 07:00 | Read:216 | Comments:0 | Tags:Android Fails Android Nougat Burp CA install fail snakeoil s

New Android Banking Trojan Red Alert 2.0 available for sale on crime forums

Researchers discovered a new Android banking Trojan, dubbed Red Alert 2.0, that is being offered for rent on many dark websites for $500 per month. Researchers with security firm SfyLabs have discovered a new Android banking Trojan, dubbed Red Alert 2.0, that is being offered for rent on many dark websites for $500 per month. “The last several months a
Publish At:2017-09-19 13:05 | Read:284 | Comments:0 | Tags:Breaking News Cyber Crime Deep Web Malware Android banking t

Premium SMS malware EXPENSIVEWALL infected millions of Android handsets

Google removed 50 malicious apps from the official Play Store after experts discovered a new malware, dubbed ExpensiveWall, eluded Google Bouncer checks. Google has removed 50 malicious apps from the official Play Store after experts with security firm Check Point discovered a new malware, dubbed ExpensiveWall,  eluded the checks of the Google’s Bounce
Publish At:2017-09-15 16:40 | Read:344 | Comments:0 | Tags:Breaking News Cyber Crime Malware Mobile Android ExpensiveWa

BlueBorne Bluetooth hack could affect millions of smartphones

Bluetooth is an important smartphone technology, allowing us to transfer files, or to listen to music, wirelessly. It’s so useful that many people leave it switched on all the time. But researchers have discovered a vulnerability in the technology that allows hackers to take control of a victim’s phone remotely. Known as “BlueBorne”, the technique can be use
Publish At:2017-09-15 08:00 | Read:260 | Comments:0 | Tags:Mobile News Mobile Security Android Hackers Malware

BankBot Found on Google Play and Targets Ten New UAE Banking Apps

By Kevin Sun The Android-targeting BankBot malware (all variants detected by Trend Micro as ANDROIDOS_BANKBOT) first surfaced January of this year and is reportedly the improved version of an unnamed open source banking malware that was leaked in an underground hacking forum. BankBot is particularly risky because it disguises itself as legitimate banking app
Publish At:2017-09-13 15:50 | Read:259 | Comments:0 | Tags:Malware Mobile android bankbot google play

Toast Overlay attacks, a Cloak and Dagger with No Permissions, fixed by Google

Google just fixed a high-severity Android vulnerability, tracked as CVE-2017-0752, that ties with the Toast Overlay attacks. Security researchers with Palo Alto Networks Unit 42, warned of a high-severity Android vulnerability, tracked as CVE-2017-0752, that ties with the “toast attack” overlay vulnerability. The experts reported that it is possible to abuse
Publish At:2017-09-11 20:31 | Read:268 | Comments:0 | Tags:Breaking News Hacking Mobile Android CVE-2017-0752 mobile To

CVE-2017-0780: Denial-of-Service Vulnerability can Crash Android Messages App

by Jason Gu and Seven Shen Just about anyone can appreciate a good old meme GIF every now and then, but what if one caused your Android Messages to crash? A denial-of-service vulnerability we recently disclosed to Google can do exactly that and more. Designated as CVE-2017-0780, we’ve confirmed it to be in the latest Nexus and Pixel devices. The security fla
Publish At:2017-09-07 07:30 | Read:562 | Comments:0 | Tags:Mobile Vulnerabilities android Android Messages CVE-2017-078

Boffins found multiple flaws in Mobile Bootloaders using custom tool BootStomp

Boffins have discovered a series of code execution and denial of service flaws in the bootloaders of popular mobile platforms using custom tool BootStomp. A group of nine researchers from the University of California Santa Barbara researchers has discovered a number of code execution and denial of service flaw in the bootloaders of Android chipsets from six
Publish At:2017-09-06 21:45 | Read:361 | Comments:0 | Tags:Breaking News Hacking Mobile Android Bootloaders BootStomp m

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud