EUVD-2018-19644

Malware in sbrugna...

EUVD-2018-19643

Malware in sbrugna...

9.3M+ Androids Running ‘Malicious’ Games from Huawei AppGallery

Why would a game about a cat’s “cute diary” need permission to make phone calls or suss out your location? It doesn’t: “Cat cute diary” is one of 190 trojanized games that Doctor Web malware analysts have found on AppGallery, the official app store for Huawei Android. They’re littering the Androi...

Over 9 Million Android Phones Running Malware Apps from Huawei's AppGallery

At least 9.3 million Android devices have been infected by a new class of malware that disguises itself as dozens of arcade, shooter, and strategy games on Huawei's AppGallery marketplace to steal device information and victims' mobile phone numbers. The mobile campaign was disclosed by researche...

Hackers Tampered With APKPure Store to Distribute Malware Apps

APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices. In a supply-chain attack similar to that of German telecommunications equipment manufacturer Gigaset, the...

CVE-2018-7932

Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the sma...

CVE-2018-7932

Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the sma...

Design/Logic Flaw

Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism...

CVE-2018-7931

Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism...

Code injection

Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the sma...

CVE-2018-7931

Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism...

CVE-2018-7932

Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious Javascript loaded and run in the sma...

CVE-2018-7931

The CVE-2018-7931 case concerns Huawei AppGallery/AppMarket whitelist bypass on versions prior to 8.0.4.301. The root cause is in the handling of whitelisted domains, where content was not verified secure-channel-wise, allowing an attacker in a malicious network environment to lure a user to a ma...

CVE-2018-7932

CVE-2018-7932 affects Huawei AppGallery (pre-8.0.4.301). The issue allows loading and executing arbitrary JavaScript in a user’s device by bypassing the app’s whitelist mechanism, via a crafted page in a malicious network environment. Related sources describe a more specific flaw in the Huawei Ap...

CVE-2018-7931

Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism...

Huawei AppGallery Security Bypass Vulnerability

Huawei AppGallery is a software from Huawei China that is integrated into Huawei phones for downloading third-party applications. A security vulnerability exists in Huawei AppGallery versions prior to 8.0.4.301. The vulnerability can be exploited to bypass the whitelisting mechanism by creating a...

Huawei AppGallery Arbitrary Code Execution Vulnerability

Huawei AppGallery is a software from Huawei China that is integrated into Huawei phones for downloading third-party applications. A security vulnerability exists in Huawei AppGallery versions prior to 8.0.4.301. The vulnerability can be exploited to bypass the whitelisting mechanism, load and...

Security Advisory - Two Vulnerabilities in APPGallery of Huawei Smart Phones

There is a whitelist mechanism bypass vulnerability and an arbitrary Javascript running vulnerability in Huawei AppGallery. An attacker may set up a malicious network environment and trick user into accessing a malicious web page to bypass the whitelist mechanism, which make the malicious...