Posts in "Threat Research"

Fake BBC News App: Analysis

Follow @fvrmatteo On February 26, 2018, we received a notification from the detection system about a malicious sample with a suspicious package and Play Store name. We quickly verified the automatic analysis and confirmed the sample was actively trying to scam users to download it instead of the original BBC News mobile app.   Fake … Read More

CVE-2018-4087 PoC: Escaping the sandbox by misleading bluetoothd

Following my previous blog post titled “New Crucial Vulnerabilities in Apple’s bluetoothd daemon”, I am releasing the vulnerability PoC. The PoC is released for educational purposes and evaluation by IT Administrators and Pentesters alike, and should not be used in any unintended way. Furthermore, this PoC and any other related material, is published only after … Read More

Dissecting mobile native code packers. A case study.

As mobile malware advances to the levels of desktop malware, it’s not uncommon to stumble upon protected APKs while analysing malware. Most of the times, the sample is simply obfuscated via classes/variables name stripping from the DEX file and/or strings obfuscation; but other times several layers divide the researcher from the original code, including: anti-debug: … Read More

New Crucial Vulnerabilities in Apple’s bluetoothd daemon

By: Rani Idan Follow Rani Idan (@raniXCH) As part of our platform research team in Zimperium zLabs, we investigated iOS mach message IPC, focusing on available services accessible from within the iOS sandbox. The goal of this effort was to assess potential opportunities to gain privilege escalation and escape the sandbox, which is a core part … Read More