Two days until #BSidesBoulder25 and only 15 tickets remain! Today we highlight, two #BSidesBoulder25 talks: Andrew Brandt's "Smashing Smishing by Quashing Quishing" and Eric Harashevsky's "Firmware Readout Bypass in STM92 (Don't put this in an alarm control panel).

Andrew's talk will examine QR-based phishing attacks, how attackers are exploiting QR codes and SMS to steal credentials and MFA tokens, and how a cross-industry collaboration between mobile vendors, telcos, and the infosec community could finally slam the door on mobile phishing. Think SafeBrowsing, but for QR scans! And we promise that our BSidesBoulder event QR codes will not redirect you to an Andrew-controlled C2 server.

Eric's talk will explore his adventure tinkering with an old STM92's firmware - the talk will explore his findings, reverse engineering the legacy microcontroller, bypassing firmware protections, and what that means for devices still hanging on your wall! Expect a live demo that is sure to excite your future hardware hacking journey.

#BSides #BSidesBoulder #CyberSecurity #Quishing #Smishing #MobileSecurity #PhishingDefense #HardwareHacking #FirmwareSecurity

Check out our full schedule at https://bsidesboulder.org/schedule/

Tickets are available for purchase for our 13 June event here: https://www.eventbrite.com/e/bsides-boulder-2025-registration-1290129274389

$38,000… GONE while he was sleeping.

That’s how fast SIM-swapping can destroy your financial life.

In just 3 hours, a hacker took over Justin Chan’s phone number, intercepted his two-factor codes, and emptied his bank and trading accounts. No alarms. No notifications. Just silent access and drained funds.

It didn’t happen because he was careless.
It happened because the attacker exploited a broken system:

- His mobile carrier transferred his number to a new device without proper checks
- His 2FA codes were sent to that new device
- His bank and investment apps trusted that number

This is the $38,000 mistake most people never see coming. Because by the time you realize something is wrong — it’s already too late.

The worst part? Getting the money back was harder than the hack itself.
It took media pressure, endless follow-ups, and months of stress just to get refunded.

Mobile numbers are the new master key — and most people are handing them out unlocked.

If your 2FA is tied to your phone number, it's time to change that.
If your carrier doesn’t lock down your SIM by default, it’s time to upgrade.
And if your bank’s idea of protection is a form letter and a closed case, don’t wait for a wake-up call at 3AM.

Mobile security risk: New Android malware "SuperCard X" enables contactless payment fraud via NFC relay attacks

Here’s how it works:
Victims are socially engineered through fake bank alerts (smishing + calls)
Tricked into installing a rogue app posing as “security software”
NFC data is intercepted from real debit/credit cards
Attackers relay stolen credentials to PoS terminals and ATMs for fraudulent cashouts

Why it matters:
• Attackers no longer need stolen physical cards — just proximity + deception
• Banking customers, payment providers, and card issuers are all at risk
• Google is working on Android protections — but vigilance is key now

Tip: Always scrutinize app installs, verify messages before acting, and keep Google Play Protect enabled.

#CyberSecurity #MobileSecurity #Malware #NFC #FinancialFraud #ThreatIntel #security #privacy #cloud #infosec

https://thehackernews.com/2025/04/supercard-x-android-malware-enables.html

A new Android malware campaign is using NFC relay attacks to clone credit cards — and it’s nearly invisible to antivirus tools.

Security researchers have discovered 'SuperCard X', a malware-as-a-service (MaaS) platform that allows cybercriminals to steal card data and make contactless payments using compromised Android devices.

Key highlights from the report:
- Distributed via social engineering scams through fake SMS or WhatsApp messages
- Victims are tricked into installing a malicious app disguised as a bank “verification” tool
- Once installed, it uses NFC to read card chip data and sends it to a second attacker device
- Attackers use a companion app to emulate the victim’s card and make payments or ATM withdrawals

What makes it dangerous:
- SuperCard X requests minimal permissions, making it hard to detect
- It uses ATR-based card emulation and mutual TLS (mTLS) for secure communication
- Malware is not flagged by any antivirus engines on VirusTotal
- Transactions are small, instant, and look legitimate to banks — making them harder to detect or reverse

Google responded saying Play Protect is active and currently no such apps are listed on Google Play. But since these apps spread outside the store, Android users remain at risk — especially if they sideload apps or fall for impersonation scams.

This is a textbook example of how mobile payment infrastructure is being exploited — and why NFC security deserves more attention in mobile-first threat models.

At @Efani we’re committed to helping protect high-risk users from silent, evasive mobile threats just like this.

Android just got a quiet but powerful security upgrade: automatic reboots after 3 days of device inactivity.

Google has rolled out a new feature via Google Play Services: if an Android device remains locked for 3 consecutive days, it will now automatically reboot.

Why this matters:
Rebooting puts the phone back into the "Before First Unlock" state — where data remains fully encrypted and inaccessible without the passcode. This makes it significantly harder for anyone trying to extract sensitive data using forensic tools like Cellebrite or Magnet.

Apple introduced a similar feature last year, signaling a broader trend: both ecosystems are reinforcing protections against post-unlock data extraction, often used by law enforcement or threat actors.

This feature:

- Reduces exposure time after a phone is seized or stolen
- Restores full disk encryption status automatically
- Adds a layer of passive defense even if users don’t act

At @Efani, we advocate for security that works even when you’re not paying attention. Automatic reboots after periods of inactivity are a subtle but smart move — one that helps prevent surveillance, data harvesting, and unauthorized access.

It’s not just about convenience anymore. It’s about digital self-defense by default.

#CybersecurityMonth Day 13: Mobile Device Security! Secure your mobile devices with strong passwords or biometrics. Make sure to check for and install updates. #MobileSecurity #CyberAwareness #CybersecurityAwarenessMonth

App compatibility with GrapheneOS

A step-by-step troubleshooting guide for problematic apps with possible workaround solutions.

https://discuss.grapheneos.org/d/8330-app-compatibility-with-grapheneos

Referenced link: https://thehackernews.com/2023/06/rogue-android-apps-target-pakistani.html
Discuss on https://discu.eu/q/https://thehackernews.com/2023/06/rogue-android-apps-target-pakistani.html

Originally posted by The Hacker News / @TheHackersNews: http://nitter.platypush.tech/TheHackersNews/status/1671021766834003968#m

Warning: #Android users in Pakistan are facing a sophisticated attack. Fake apps, like "iKHfaa VPN" and "nSure Chat," are being used to extract personal data and compromise devices.

Read details here: https://thehackernews.com/2023/06/rogue-android-apps-target-pakistani.html

Referenced link: https://thehackernews.com/2023/06/warning-gravityrat-android-trojan.html
Discuss on https://discu.eu/q/https://thehackernews.com/2023/06/warning-gravityrat-android-trojan.html

Originally posted by The Hacker News / @TheHackersNews: http://nitter.platypush.tech/TheHackersNews/status/1669329576558747650#m

Attention #Android users: Beware of the latest version of GravityRAT! It disguises itself as messaging apps, stealing #WhatsApp backups, deleting call logs, and files.

Learn more about it here: https://thehackernews.com/2023/06/warning-gravityrat-android-trojan.html

Referenced link: https://thehackernews.com/2023/06/over-60k-adware-apps-posing-as-cracked.html
Discuss on https://discu.eu/q/https://thehackernews.com/2023/06/over-60k-adware-apps-posing-as-cracked.html

Originally posted by The Hacker News / @TheHackersNews: http://nitter.platypush.tech/TheHackersNews/status/1666072190947667969#m

Beware #Android users! Over 60,000 adware apps have been lurking in the shadows, disguising as cracked versions of your favorite apps. Don't fall for the trap!

Learn more: https://thehackernews.com/2023/06/over-60k-adware-apps-posing-as-cracked.html

Referenced link: https://thehackernews.com/2023/03/google-uncovers-18-severe-security.html
Discuss on https://discu.eu/q/https://thehackernews.com/2023/03/google-uncovers-18-severe-security.html

Originally posted by The Hacker News / @TheHackersNews: http://nitter.platypush.tech/TheHackersNews/status/1636732619596664832#m

Uh-oh! #Google has just uncovered 18 zero-day vulnerabilities in #Samsung's Exynos chips, some of which can be exploited remotely to completely take over your phone.

Learn more: https://thehackernews.com/2023/03/google-uncovers-18-severe-security.html

Referenced link: https://thehackernews.com/2023/03/lookalike-telegram-and-whatsapp.html
Discuss on https://discu.eu/q/https://thehackernews.com/2023/03/lookalike-telegram-and-whatsapp.html

Originally posted by The Hacker News / @TheHackersNews: http://nitter.platypush.tech/TheHackersNews/status/1636674741317541888#m

Don't fall for fake messaging apps! Researchers have discovered trojanized versions of #Telegram and #WhatsApp infecting #Android and Windows users with #cryptocurrency clipper #malware.

Learn more: https://thehackernews.com/2023/03/lookalike-telegram-and-whatsapp.html

Referenced link: https://thehackernews.com/2023/03/google-uncovers-18-severe-security.html
Discuss on https://discu.eu/q/https://thehackernews.com/2023/03/google-uncovers-18-severe-security.html

Originally posted by The Hacker News / @TheHackersNews: http://nitter.platypush.tech/TheHackersNews/status/1636622065053622273#m

Uh-oh! #Google has just uncovered 18 zero-day vulnerabilities in #Samsung's Exynos chips, some of which can be exploited remotely to completely take over your phone.

Learn more: https://thehackernews.com/2023/03/google-uncovers-18-severe-security.html

Referenced link: https://thehackernews.com/2023/03/xenomorph-android-banking-trojan.html
Discuss on https://discu.eu/q/https://thehackernews.com/2023/03/xenomorph-android-banking-trojan.html

Originally posted by The Hacker News / @TheHackersNews: http://nitter.platypush.tech/TheHackersNews/status/1634455364232986624#m

Cybersecurity experts are warning about a new variant of the #Android banking trojan, Xenomorph, which has surfaced with new capabilities to target more than 400 banking and financial institutions.

Read: https://thehackernews.com/2023/03/xenomorph-android-banking-trojan.html

Referenced link: https://thehackernews.com/2023/03/xenomorph-android-banking-trojan.html
Discuss on https://discu.eu/q/https://thehackernews.com/2023/03/xenomorph-android-banking-trojan.html

Originally posted by The Hacker News / @TheHackersNews: http://nitter.platypush.tech/TheHackersNews/status/1634133275206664192#m

Cybersecurity experts are warning about a new variant of the #Android banking trojan, Xenomorph, which has surfaced with new capabilities to target more than 400 banking and financial institutions.

Read: https://thehackernews.com/2023/03/xenomorph-android-banking-trojan.html

A new study by the Mozilla Foundation reveals that majority of #Android apps on the #Google Play Store provide misleading or false information about their data safety labels.

Learn more: https://thehackernews.com/2023/02/majority-of-android-apps-on-google-play.html

Referenced link: https://thehackernews.com/2023/02/majority-of-android-apps-on-google-play.html
Discuss on https://discu.eu/q/https://thehackernews.com/2023/02/majority-of-android-apps-on-google-play.html

Originally posted by The Hacker News / @TheHackersNews: http://nitter.platypush.tech/TheHackersNews/status/1629044465867575296#m

A new study by the Mozilla Foundation reveals that majority of #Android apps on the #Google Play Store provide misleading or false information about their data safety labels.

Learn more: https://thehackernews.com/2023/02/majority-of-android-apps-on-google-play.html

Here's what we've been working during the past weeks and I'm really excited to share it at NULLCON Berlin 2023 in March. There's even a few places left in this brand new #mobilesecurity training!

We'll spend 2 days on a #securityaudit of a closed-source security app with a network extension on #iOS, build userspace fuzzers & other custom tooling with Frida. Then, we'll pivot to #Android #malwareanalysis with challenging but beginner-friendly #reverseengineering tasks.

https://nullcon.net/berlin-2023/training/mobile-reversing-and-security-analysis/

Researchers warn against the GodFather #Android banking trojan that's targeting users of over 400 banking and #cryptocurrency apps in 16 countries.

Read: https://thehackernews.com/2022/12/godfather-android-banking-trojan.html

Referenced link: https://thehackernews.com/2022/12/android-malware-campaign-leverages.html
Discuss on https://discu.eu/q/https://thehackernews.com/2022/12/android-malware-campaign-leverages.html

Originally posted by The Hacker News / @TheHackersNews@twitter.com: https://twitter.com/TheHackersNews/status/1603335607375130624#m

MoneyMonger!

Be on alert for a new #Android malware campaign using money-lending apps to blackmail victims with stolen personal information.

Read: https://thehackernews.com/2022/12/android-malware-campaign-leverages.html